CVE-2024-23652 vulnerabilities

Vulnerabilities for packages: datadog-agent, skaffold, trivy, docker, buildkitd, zot, guac, conftest, kaniko, scorecard, kubescape...

CVE-2024-23653 vulnerabilities

Vulnerabilities for packages: datadog-agent, skaffold, trivy, docker, buildkitd, zot, guac, conftest, kaniko, scorecard, kubescape...

CVE-2024-23651 vulnerabilities

Vulnerabilities for packages: conftest-fips, kaniko, kubescape, trivy, scorecard, skaffold, buildkitd, zot, conftest, docker, guac, datadog-agent, datadog-agent-fips...

CVE-2024-23652 vulnerabilities

Vulnerabilities for packages: conftest-fips, kaniko, kubescape, trivy, scorecard, skaffold, buildkitd, zot, conftest, docker, guac, datadog-agent, datadog-agent-fips...

CVE-2024-23653 vulnerabilities

Vulnerabilities for packages: conftest-fips, kaniko, kubescape, trivy, scorecard, skaffold, buildkitd, zot, conftest, docker, guac, datadog-agent, datadog-agent-fips...

AZL-35438 CVE-2024-23650 affecting package docker-compose for versions less than 2.27.0-1

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoi...

CVE-2024-21626 vulnerabilities

Vulnerabilities for packages: cadvisor, k9s, kaniko, newrelic-infrastructure-agent, datadog-agent, k3s, skopeo, kots, runc, nerdctl, docker, podman, zarf, trivy, syft, kubescape, skaffold, wolfictl, buildkitd, ctop, zot, grype, k3d, kubernetes...

CVE-2024-23650 vulnerabilities

Vulnerabilities for packages: datadog-agent, skaffold, trivy, docker, buildkitd, zot, guac, conftest, kaniko, scorecard, kubescape...

AZL-35432 CVE-2024-23650 affecting package docker-buildx for versions less than 0.14.0-1

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoi...

CVE-2024-21626 vulnerabilities

Vulnerabilities for packages: kaniko, podman, kubescape, k3d, buildkitd, wolfictl, cadvisor, datadog-agent-fips, k9s, k3s, grype, datadog-agent, newrelic-infrastructure-agent, kubernetes-fips, skaffold, syft, skopeo, zot, docker, zarf, kots, trivy, nerdctl, runc, kubernetes, ctop...

CVE-2024-23650 vulnerabilities

Vulnerabilities for packages: conftest-fips, kaniko, kubescape, trivy, scorecard, skaffold, buildkitd, zot, conftest, docker, guac, datadog-agent, datadog-agent-fips...

RunC Flaws Enable Container Escapes, Granting Attackers Host Access

Multiple security vulnerabilities have been disclosed in the runC command line tool that could be exploited by threat actors to escape the bounds of the container and stage follow-on attacks. The vulnerabilities, tracked as CVE-2024-21626, CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653, have...

@lobehub/chat vulnerable to unauthorized access to plugins

Description: When the application is password-protected deployed with the ACCESSCODE option, it is possible to access plugins without proper authorization without password. Proof-of-Concept: Let’s suppose that application has been deployed with following command: sudo docker run -d -p 3210:3210 -...

GHSA-2WGC-48G2-CJ5W vantage6 has insecure SSH configuration for node and server containers

Impact Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not exposed so there is no risk, but not all deployments are ideal. The default should therefore be less permissive. We will probably opt to...

vantage6 has insecure SSH configuration for node and server containers

Impact Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not exposed so there is no risk, but not all deployments are ideal. The default should therefore be less permissive. We will probably opt to...

CVE-2024-22200

vantage6-UI is the User Interface for vantage6. The docker image used to run the UI leaks the nginx version. To mitigate the vulnerability, users can run the UI as an angular application. This vulnerability was patched in 4.2.0...

CVE-2024-21653

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not expose...

Design/Logic Flaw

vantage6-UI is the User Interface for vantage6. The docker image used to run the UI leaks the nginx version. To mitigate the vulnerability, users can run the UI as an angular application. This vulnerability was patched in 4.2.0...

Authentication flaw

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not expose...

PYSEC-2024-33

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not expose...