OPENSUSE-SU-2024:10722-1 docker-20.10.6_ce-2.1 on GA media

These are all security issues fixed in the docker-20.10.6ce-2.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12002-1 docker-20.10.14_ce-1.1 on GA media

These are all security issues fixed in the docker-20.10.14ce-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12809-1 docker-compose-2.17.0-1.1 on GA media

These are all security issues fixed in the docker-compose-2.17.0-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11566-1 docker-20.10.9_ce-1.1 on GA media

These are all security issues fixed in the docker-20.10.9ce-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11579-1 docker-20.10.9_ce-1.2 on GA media

These are all security issues fixed in the docker-20.10.9ce-1.2 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12430-1 docker-compose-2.12.2-1.1 on GA media

These are all security issues fixed in the docker-compose-2.12.2-1.1 package on the GA media of openSUSE Tumbleweed...

GO-2024-2914 Moby (Docker Engine) is vulnerable to Ambiguous OCI manifest parsing in github.com/docker/docker

Moby Docker Engine is vulnerable to Ambiguous OCI manifest parsing in github.com/docker/docker...

GO-2024-2913 Unexpected chmod of host files via 'docker cp' in Moby Docker Engine in github.com/docker/docker

Unexpected chmod of host files via 'docker cp' in Moby Docker Engine in github.com/docker/docker...

Cryptojacking Campaign Targets Misconfigured Kubernetes Clusters

Cybersecurity researchers have warned of an ongoing cryptojacking campaign targeting misconfigured Kubernetes clusters to mine Dero cryptocurrency. Cloud security firm Wiz, which shed light on the activity, said it's an updated variant of a financially motivated operation that was first documente...

Exploit for Incorrect Authorization in Cacti

CVE-2022-46169 - Unauthenticated Remote Code Execution in Cacti...

openSUSE Security Advisory (SUSE-SU-2024:1938-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : python-docker (SUSE-SU-2024:1938-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1938-1 advisory. - CVE-2024-35195: Fix failure with updated python-requests. bsc1224788 Tenable has extracted the preceding description block directly from...

Moderate: buildah security and bug fix update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

Moby (Docker Engine) is vulnerable to Ambiguous OCI manifest parsing

Impact In the OCI Distribution Specification version 1.0.0 and prior and in the OCI Image Specification version 1.0.1 and prior, manifest and index documents are ambiguous without an accompanying Content-Type HTTP header. Versions of Moby Docker Engine prior to 20.10.11 treat the Content-Type...

GHSA-XMMX-7JPF-FX42 Moby (Docker Engine) is vulnerable to Ambiguous OCI manifest parsing

Impact In the OCI Distribution Specification version 1.0.0 and prior and in the OCI Image Specification version 1.0.1 and prior, manifest and index documents are ambiguous without an accompanying Content-Type HTTP header. Versions of Moby Docker Engine prior to 20.10.11 treat the Content-Type...

Docker CLI leaks private registry credentials to registry-1.docker.io

Impact A bug was found in the Docker CLI where running docker login my-private-registry.example.com with a misconfigured configuration file typically /.docker/config.json listing a credsStore or credHelpers that could not be executed would result in any provided credentials being sent to...

GHSA-99PG-GRM5-QQ3V Docker CLI leaks private registry credentials to registry-1.docker.io

Impact A bug was found in the Docker CLI where running docker login my-private-registry.example.com with a misconfigured configuration file typically /.docker/config.json listing a credsStore or credHelpers that could not be executed would result in any provided credentials being sent to...

`docker cp` allows unexpected chmod of host files in Moby Docker Engine

Impact A bug was found in Moby Docker Engine where attempting to copy files using docker cp into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read,...

GHSA-V994-F8VW-G7J4 `docker cp` allows unexpected chmod of host files in Moby Docker Engine

Impact A bug was found in Moby Docker Engine where attempting to copy files using docker cp into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read,...

Kiuwan Local Analyzer / SAST / SaaS XML Injection / XSS / IDOR

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities product: Kiuwan SAST on-premise KOP & cloud/SaaS Kiuwan Local Analyzer KLA vulnerable version: Kiuwan SAST 2.8.2402.3 Kiuwan Local...