PT-2024-1348

Name of the Vulnerable Software and Affected Versions Plone Docker Official Image version 5.2.13 5221 Description The issue allows for remote code execution via improper validation of input by the HOST headers. This can be exploited by an attacker to execute arbitrary code by injecting code into...

CVE-2024-23055

An issue in Plone Docker Official Image 5.2.13 5221 open-source software allows for remote code execution via improper validation of input by the HOST headers...

CVE-2024-23055

An issue in Plone Docker Official Image 5.2.13 5221 open-source software allows for remote code execution via improper validation of input by the HOST headers...

PT-2024-1629 · Plone · Plone

Name of the Vulnerable Software and Affected Versions: Plone Docker version 5.2.13 5221 Description: The issue is related to the absence of a mechanism to prevent unintended changes to resources when processing requests. This allows unauthenticated attackers to execute dangerous actions, such as...

CVE-2024-23055

Plone Docker Official Image 5.2.13 (5221) is vulnerable to Host Header Injection due to improper validation of input by the HOST headers. The Nuclei template describes this issue as enabling Cross-Site Scripting when a malicious Host header is reflected in the response, with the broader impact no...

gitea -- Prevent anonymous container access

Problem Description: Even with RequireSignInView enabled, anonymous users can use docker pull to fetch public images...

The vulnerability of the software protection tool for accessing applications in Docker environments. IBM Security Verify Access Docker, a access management system from IBM Security Verify Access, which involves storing passwords in a reversible format. This allows attackers to exploit the protected information.

The vulnerability of the Docker-based application access control software, IBM Security Verify Access, lies in its password storage mechanism. Exploiting this vulnerability could allow attackers to disclose the protected information...

The vulnerability of the software protection mechanism for accessing applications in Docker environments. IBM Security Verify Access Docker, a access control system from IBM Security Verify Access, is vulnerable due to the lack of encryption measures for protected data. This allows attackers to disclose the protected information.

The vulnerability of the IBM Security Verify Access application for Docker environments stems from the lack of encryption measures for protected data. Exploiting this vulnerability can allow attackers to disclose protected information...

The vulnerability of the software protection mechanism for accessing applications in Docker environments. IBM Security Verify Access Docker, a access control system from IBM Security Verify Access, has a flaw related to incorrect URL definition before file access. This allows attackers to elevate their privileges to the root level.

The vulnerability of the Docker-based application access control software, IBM Security Verify Access, stems from an incorrect definition of the link before accessing a file. Exploiting this vulnerability could allow attackers to elevate their privileges to the root level...

Low: containerd

Issue Overview: No CVE associated with this advisory Affected Packages: containerd Note: This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories...

This Week in Spring - January 23rd, 2024

Hi, Spring fans, and greetings from CERN, home of the famous Large Hadron Collider, where I'm speaking again at the VOXXED Days CERN 2017 event. It's been an amazing almost week here in lovely Switzerland, first in Lugano for VOXXED Days Ticino, and now in Geneva. I'm super excited to be here, bu...

[SECURITY] Fedora 38 Update: podman-4.8.3-1.fc38

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

Exploit for SQL Injection in Djangoproject Django

CVE-2022-28346 A flaw was found in the Django package, which l...

New Docker Malware Steals CPU for Crypto & Drives Fake Website Traffic

Vulnerable Docker services are being targeted by a novel campaign in which the threat actors are deploying XMRig cryptocurrency miner as well as the 9Hits Viewer software as part of a multi-pronged monetization strategy. "This is the first documented case of malware deploying the 9Hits applicatio...

Malware Exploits 9Hits, Turns Docker Servers into Traffic Boosted Crypto Miners

By Deeba Ahmed 9Hits, Double Hit: Malware Mimics Web Tool to Mine Crypto, Generate Fake Website Traffic. This is a post from HackRead.com Read the original post: Malware Exploits 9Hits, Turns Docker Servers into Traffic Boosted Crypto Miners...

popup-builder < 4.2.6 - Admin+ SSRF & File Read

Description The plugin does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations. PoC 1. Create a multi-site wordpress setup, i.e. using docker-containers, and setup a second "site"...

Exploit for Injection in Atlassian Confluence_Data_Center

CVE-2023-22527 Confluence RCE CVE-2023-22527 - RCE Remote Co...

EulerOS 2.0 SP8 : docker-engine (EulerOS-SA-2023-3118)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1,...

EulerOS 2.0 SP11 : docker-runc (EulerOS-SA-2023-2680)

According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploit this...

EulerOS 2.0 SP11 : docker-runc (EulerOS-SA-2023-2638)

According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploit this...