9242 matches found
CVE-2023-49103
An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information...
Exploit for Incorrect Comparison in Dynamic-Linq Linq
Dynamic Linq injection to RCE - CVE-2023-32571 About Dynami...
Ddostf Botnet Resurfaces in DDoS Attacks Against MySQL and Docker Hosts
By Deeba Ahmed The Ddostf Botnet was initially identified in 2016. This is a post from HackRead.com Read the original post: Ddostf Botnet Resurfaces in DDoS Attacks Against MySQL and Docker Hosts...
Amazon Linux 2 : docker (ALASECS-2023-028)
The version of docker installed on the remote host is prior to 20.10.7-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2023-028 advisory. A file permissions vulnerability was found in Moby Docker Engine. Copying files by using into a specially-crafted...
Medium: containerd
Issue Overview: A flaw was found in Moby Docker Engine, where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when...
Medium: docker
Issue Overview: The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Image Specification, the manifest and index documents were not self-describing and documents with a single digest could be interpreted as either a manife...
Amazon Linux 2 : containerd (ALASECS-2023-023)
The version of containerd installed on the remote host is prior to 1.4.13-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2023-023 advisory. A flaw was found in Moby Docker Engine, where containers were started incorrectly with non-empty inheritable Linux process...
Amazon Linux 2 : docker (ALASECS-2023-025)
The version of docker installed on the remote host is prior to 20.10.7-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2023-025 advisory. The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI...
Alert: OracleIV DDoS Botnet Targets Public Docker Engine APIs to Hijack Containers
Publicly-accessible Docker Engine API instances are being targeted by threat actors as part of a campaign designed to co-opt the machines into a distributed denial-of-service DDoS botnet dubbed OracleIV. "Attackers are exploiting this misconfiguration to deliver a malicious Docker container, buil...
This Week in Spring - November 14th, 2023
Hi, Spring fans! Welcome to another installment of This Week in Spring! It's November 14th, and you know what that means? NINE MORE DAYS until Spring Boot 3.2 drops on the day of the US holiday of Thanksgiving, no less! Some key features include: virtual threads initial CRaC support more...
OracleIV DDoS Botnet Malware Targets Docker Engine API Instances
By Waqas While OracleIV is not a supply chain attack, it highlights the ongoing threat of misconfigured Docker Engine API deployments. This is a post from HackRead.com Read the original post: OracleIV DDoS Botnet Malware Targets Docker Engine API Instances...
Exploit for Injection in Discourse
Table of contents ================= CVE-2023-47119cve...
GHSA-8PGV-569H-W5RW vulnerabilities
Vulnerabilities for packages: buildkitd, kubevela, volume-modifier-for-k8s, envoy-ratelimit, temporal-server, kine, metrics-server, cri-tools, temporal, k3s, kubernetes, kubescape, docker-compose, kubernetes-csi-external-resizer...
The vulnerability of the automation tool for deploying and managing applications in Docker-enabled environments, related to improper permission storage, allows attackers to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the automation tool for deploying and managing applications in Docker-enabled environments is related to improper storage of permissions. Exploiting this vulnerability can allow attackers to access confidential data, compromise its integrity, and cause service failures...
The vulnerability of the replication function of Docker, a tool for automating the deployment and management of applications in containerized environments, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of the replication function of Docker’s containerization and application deployment/management tools is related to improper storage of permissions. Exploiting this vulnerability can allow attackers to access confidential data, compromise its integrity, and cause service failures...
AZL-35440 CVE-2023-47108 affecting package docker-compose for versions less than 2.27.0-1
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the...
CVE-2023-47108 vulnerabilities
Vulnerabilities for packages: buildkitd, kubevela, volume-modifier-for-k8s, envoy-ratelimit, temporal-server, kine, metrics-server, cri-tools, temporal, k3s, kubernetes, kubescape, docker-compose, kubernetes-csi-external-resizer...
AZL-35434 CVE-2023-47108 affecting package docker-buildx for versions less than 0.14.0-1
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the...
[SECURITY] Fedora 39 Update: podman-4.7.2-1.fc39
podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2023-3118)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...