PT-2024-4755 · Docker · Docker Desktop

Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.31.0 Description: The issue is related to a configuration flaw in the exec-path Docker daemon config option, allowing a user in the docker-users group to cause a Windows Denial-of-Service in Windows containe...

GHSA-384W-WFFR-X63Q Pterodactyl panel's admin area vulnerable to Cross-site Scripting

Impact Importing a malicious egg or gaining access to wings instance could lead to XSS on the panel, which could be used to gain an administrator account on the panel. Specifically, the following things are impacted: - Egg Docker images - Egg variables: - Name - Environment variable - Default val...

Pterodactyl panel's admin area vulnerable to Cross-site Scripting

Impact Importing a malicious egg or gaining access to wings instance could lead to XSS on the panel, which could be used to gain an administrator account on the panel. Specifically, the following things are impacted: - Egg Docker images - Egg variables: - Name - Environment variable - Default val...

CVE-2024-34067

Pterodactyl is a free, open-source game server management panel built with PHP, React, and Go. Importing a malicious egg or gaining access to wings instance could lead to cross site scripting XSS on the panel, which could be used to gain an administrator account on the panel. Specifically, the...

CVE-2024-34067

CVE-2024-34067 affects the Pterodactyl panel. The issue allows cross-site scripting (XSS) via importing a malicious egg or gaining access to a wings instance, potentially enabling an administrator account takeover. The vulnerability impacts Egg Docker images and Egg variables (Name, Environment v...

CVE-2024-34067 Multiple cross site scripting (XSS) vulnerabilities in the admin area of Pterodactyl panel

Pterodactyl is a free, open-source game server management panel built with PHP, React, and Go. Importing a malicious egg or gaining access to wings instance could lead to cross site scripting XSS on the panel, which could be used to gain an administrator account on the panel. Specifically, the...

Over 2 Million Malicious Repositories Planted on Docker Hub

...

Softing edgeConnector 安全漏洞

Softing edgeConnector is a Docker-based software application from Softing Inc. It can access process data in SIMATIC S7, SINUMERIK 840D and Modbus TCP controllers. A security vulnerability exists in Softing edgeConnector that stems from a specific flaw in the handling of OPC UA ConditionRefresh...

Softing edgeConnector 安全漏洞

Softing edgeConnector is a Docker-based software application from Softing Inc. It can access process data in SIMATIC S7, SINUMERIK 840D and Modbus TCP controllers. A security vulnerability exists in Softing edgeConnector that originates from a dereferenced null pointer in the handling of OPC clie...

PT-2024-25678 · Unknown · Pterodactyl

Name of the Vulnerable Software and Affected Versions: Pterodactyl versions prior to 1.11.6 Description: Importing a malicious egg or gaining access to a wings instance could lead to cross-site scripting XSS on the panel, potentially allowing an attacker to gain an administrator account. The...

Exploit for Code Injection in Vmware Spring_Framework

SpringFrameworkCVE-2022-22965RCE SpringFramework 远程代码执行漏洞CVE...

JFrog Artifactory 输入验证错误漏洞

JFrog Artifactory is an open source, general-purpose Artifact repository manager from Israel's JFrog that supports clustered and high-availability Docker registries and provides an end-to-end solution for automating artifacts for tracking from development to production. JFrog Artifactory has an...

Moderate: Red Hat Security Advisory: podman security and bug fix update

An update for podman is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Millions of Malicious 'Imageless' Containers Planted on Docker Hub Over 5 Years

Cybersecurity researchers have discovered multiple campaigns targeting Docker Hub by planting millions of malicious "imageless" containers over the past five years, once again underscoring how open-source registries could pave the way for supply chain attacks. "Over four million of the repositori...

Moderate: podman security and bug fix update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: podman: golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in...

This Week in Spring - April 30th, 2024

Welcome to yet another amazing installment of This Week in Spring! As usual, we've got a ton of stuff to get into, so let's dive right into it! Chris Bono announces the new versions of Spring Functions Catalog and Spring Cloud Streams Applications In last week's installment of A Bootiful Podcast,...

SUSE SLES12 Security Update : docker (SUSE-SU-2024:1469-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1469-1 advisory. - CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts bsc1219267 - CVE-2024-23652: Fixed insufficient...

SUSE-SU-2024:1469-1 Security update for docker

This update for docker fixes the following issues: - CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts bsc1219267 - CVE-2024-23652: Fixed insufficient validation of parent directory on mount bsc1219268 - CVE-2024-23653: Fixed insufficient validation on entitlement on...

Sandbox Escape Vulnerabilities in Judge0 Expose Systems to Complete Takeover

Multiple critical security flaws have been disclosed in the Judge0 open-source online code execution system that could be exploited to obtain code execution on the target system. The three flaws, all critical in nature, allow an "adversary with sufficient access to perform a sandbox escape and...

Fedora 37 : golang-github-docker / golang-github-graylog2-gelf (2023-6b9e2a6534)

The remote Fedora 37 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-6b9e2a6534 advisory. golang-github-graylog2-gelf-2.0.0-5.20201111git1550ee6.fc37 was not in F37 because was override with...