SUSE SLES15 Security Update : docker (SUSE-SU-2024:0586-2)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0586-2 advisory. Vendor latest buildkit v0.11 including bugfixes for the following: CVE-2024-23653: BuildKit API doesn't validate entitlement on...

Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2024-1483)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2024-1504)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : docker-runc (EulerOS-SA-2024-1483)

According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an...

EulerOS 2.0 SP9 : docker-runc (EulerOS-SA-2024-1504)

According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an...

Security Bulletin: IBM Security Verify Directory products are vulnerable to CVE-2022-32751

Summary A Security Vulnerability discovered by the IBM Ethical Hacking team has been fixed in IBM Security Directory products. Vulnerability Details CVEID:CVE-2022-32751 DESCRIPTION: IBM Security Verify Directory 10.0.0 could disclose sensitive server information that could be used in further...

Attackgen - Cybersecurity Incident Response Testing Tool That Leverages The Power Of Large Language Models And The Comprehensive MITRE ATT&CK Framework

AttackGen is a cybersecurity incident response testing tool that leverages the power of large language models and the comprehensive MITRE ATT&CK framework. The tool generates tailored incident response scenarios based on user-selected threat actor groups and your organisation's details. Star the...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: rabbitmq-messaging-topology-operator, bank-vaults, nri-mssql, wireguard-go, eksctl, flannel, step, cri-tools, kubecolor, kind, mage, ip-masq-agent, crossplane-provider-azure-managedidentity, gitleaks, tailscale, stakater-reloader, terragrunt, cortex, nri-kubernetes,...

AZL-38260 CVE-2023-45288 affecting package docker-buildx for versions less than 0.14.0-1

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

AZL-38338 CVE-2023-45288 affecting package docker-cli for versions less than 25.0.7-1

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

AZL-38569 CVE-2023-45288 affecting package docker-compose for versions less than 2.27.0-1

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

CVE-2024-31204

CVE-2024-31204 affects mailcow: dockerized prior to 2024-04. The issue is in the exception handling path when DEV_MODE is disabled: exception details are stored in a session array without proper sanitization and later rendered into HTML/JavaScript without escaping, enabling Cross-Site Scripting (...

SUSE-SU-2024:0586-2 Security update for docker

This update for docker fixes the following issues: Vendor latest buildkit v0.11 including bugfixes for the following: CVE-2024-23653: BuildKit API doesn't validate entitlement on container creation bsc1219438. CVE-2024-23652: Fixed arbitrary deletion of files bsc1219268. CVE-2024-23651: Fixed rac...

Security Bulletin: IBM Security Verify Access is vulnerable to a specially crafted HTTP request

Summary IBM Security Verify Access Appliance/Container and IBM Application Gateway are vulnerable to information disclosure or denial of service due to a specially crafted HTTP request. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details...

Exploit for Use After Free in Linux Linux_Kernel

https://github.com/Notselwyn/CVE-2024-1086 usage docker...

[SECURITY] Fedora 38 Update: podman-4.9.4-1.fc38

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

[SECURITY] Fedora 39 Update: podman-4.9.4-1.fc39

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

Exploit for Embedded Malicious Code in Tukaani Xz

xzk8s !Docker Pulls xzk8shttps://img.shields.io/docker/pul...

Drozer - The Leading Security Assessment Framework For Android

drozer formerly Mercury is the leading security testing framework for Android. drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps' IPC endpoints and the underlying OS. drozer provides tools to...

Exploit for Embedded Malicious Code in Tukaani Xz

CVE-2024-3094 Malicious code was discovered in the upstream ta...