Siemens SCALANCE LPE9403 Incorrect Permission Assignment for Critical Resource (CVE-2021-41091)

A vulnerability was found in Moby Docker Engine where the data directory typically /var/lib/docker contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included...

Siemens SCALANCE LPE9403 Exposure of Sensitive Information to an Unauthorized Actor (CVE-2021-41092)

A vulnerability was found in the Docker CLI where running 'docker login my-private-registry.example.com' with a misconfigured configuration file typically /.docker/config.json listing a credsStore or credHelpers that could not be executed would result in any provided credentials being sent to...

Siemens SCALANCE LPE9403 Improper Preservation of Permissions (CVE-2021-41089)

A vulnerability was found in Moby Docker Engine where attempting to copy files using 'docker cp' into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, widening access to others. This bug does not directly allow files to be read,...

Exploit for Files or Directories Accessible to External Parties in Apache Struts

CVE-2023-50164 Apache Struts path traversal to RCE vulnerabil...

Cryptominers Targeting Misconfigured Apache Hadoop and Flink with Rootkit in New Attacks

Cybersecurity researchers have identified a new attack that exploits misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency miners within targeted environments. "This attack is particularly intriguing due to the attacker's use of packers and rootkits to conceal the malware," Aqua...

U.S. Dept Of Defense: Full Access to sonarQube and Docker

The vulnerability involved the exposure of sensitive credentials and IP addresses in a JavaScript file. The researcher gained access to the organization's Hub Docker account and Sonar projects, allowing them to identify and assess the issue. The vulnerability was caused by a JavaScript file withi...

Code injection

IBM Security Access Manager Appliance IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1 could allow a local user to obtain sensitive configuration information. IBM X-Force ID: 260584...

CVE-2023-31001 IBM Security Access Manager Container information disclosure

IBM Security Access Manager Container IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254653...

CVE-2023-31003

CVE-2023-31003 affects IBM Security Verify Access (ISVA) components: IBM Security Access Manager Container (10.0.0.0–10.0.6.1) and IBM Security Verify Access Appliance/Docker (10.0.0.0–10.0.6.1). The root cause is improper access controls that could let a local user obtain root access. Public sou...

PT-2024-1196 · Ibm · Ibm Security Verify Access Appliance +1

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Access Appliance versions 10.0.0.0 through 10.0.6.1 IBM Security Verify Access Docker version 10.0.6.1 Description: The issue is caused by the lack of encryption of protected data in the IBM Security Verify Access Docker...

Exploit for Server-Side Request Forgery in Apache Ofbiz

Go-Exploit for CVE-2023-51467 This repository contains a go-e...

Security Bulletin: Multiple Security Vulnerabilities were identified in IBM WebSphere Application Server Liberty shipped with IBM Security Verify Access (CVE-2023-24988, CVE-2023-44487, CVE-2023-46158)

Summary Security Vulnerability fixes in IBM WebSphere Application Server Liberty have been shipped with IBM Security Verify Access 10.0.7.0 Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the...

[SECURITY] Fedora 39 Update: podman-4.8.3-1.fc39

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

Security Bulletin: IBM Security Verify Access OpenID Connect Provider container has fixed a vulnerability (CVE-2022-43867)

Summary A Security Vulnerability has been addressed in the IBM Security Verify Access OpenID Connect OIDC Provider container. Vulnerability Details CVEID:CVE-2022-43876 DESCRIPTION: IBM Security Verify Access OIDC Provider allows web pages to be stored locally which can be read by another user on...

This Week in Spring - January 2nd, 2024

Hi, Spring fans! Happy New Year! As we step into 2024, full of hope and enthusiasm, welcome to the first installment of This Week in Spring. It's a time for new beginnings and resolutions, and what better way to start than by exploring the ever-evolving world of Spring? I hope your new year...

Security Bulletin: Vulnerability in docker affects Cloud Pak System (240631)

Summary Vulnerability has been found in docker engine moby shipped with docker pattern Type pType in Cloud Pak System. Vulnerability Details IBM X-Force ID: 240631 DESCRIPTION: Moby could allow a remote attacker to obtain sensitive information, caused by improper access control. By using a...

Exploit for Server-Side Request Forgery in Rbaskets Request_Baskets

Proof Of Concept of SSRF on Request-Baskets CVE-2023-27163...

NewStart CGSL MAIN 5.04 : docker-ce Vulnerability (NS-SA-2023-0109)

The remote NewStart CGSL host, running version MAIN 5.04, has docker-ce packages installed that are affected by a vulnerability: - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where supplementary groups are not set up...

NewStart CGSL MAIN 6.06 : docker-ce Multiple Vulnerabilities (NS-SA-2023-0095)

The remote NewStart CGSL host, running version MAIN 6.06, has docker-ce packages installed that are affected by multiple vulnerabilities: - net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is...

Security Bulletin: Multiple Multiple Vulnerabilities in Docker affect Cloud Pak System [CVE-2023-28840, CVE-2023-28841, CVE-2023-28842]

Summary Vulnerabilities were identified within Docker shipped as pattern type pType component with Cloud Pak System Software. IBM Cloud Pak System Software addressed these vulnerabilities CVE-2023-28840, CVE-2023-28841, CVE-2023-28842. Vulnerability Details CVEID:CVE-2023-28840 DESCRIPTION: Moby ...