TinyLab linux-lab Security Vulnerabilities

linux-lab is Tai Xiao Technology tinyclub open source a Docker/Qemu-based Linux kernel learning, development and testing environment. TinyLab linux-lab v1.1-rc1, cloud-labv0.8-rc2, v1.1-rc1 version of the security vulnerability , the vulnerability stems from the application is susceptible to...

PT-2023-29710 · Unknown · Artifact Hub

Name of the Vulnerable Software and Affected Versions: Artifact Hub versions prior to 1.16.0 Description: A security issue was identified in Artifact Hub's code base where the registryIsDockerHub function only checked if the registry domain had the docker.io suffix. This allowed for the potential...

Security Bulletin: Remote code execution / denial of service attack is possible in IBM Observability with Instana (Self-hosted on Docker) due to use of Apache Kafka

Summary Apache Kafka is used by IBM Observability with Instana Self-hosted on Docker as part of it's container images. CVE-2023-25194 Vulnerability Details CVEID:CVE-2023-25194 DESCRIPTION: Apache Kafka could allow a remote authenticated attacker to execute arbitrary code on the system, caused by...

Medium: docker

Issue Overview: A flaw was found in Moby. This flaw allows an attacker to bypass primary group restrictions due to a flaw in the supplementary group access setup. CVE-2022-36109 Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permissions. Unauthorized users outside the Docker...

Important: docker

Issue Overview: http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Templates did not properly consider backticks as Javascript string delimiters, and as such did not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contained a G...

Gcp_Scanner - A Comprehensive Scanner For Google Cloud

This is a GCP resource scanner that can help determine what level of access certain credentials possess on GCP. The scanner is designed to help security engineers evaluate the impact of a certain VM/container compromise, GCP service account or OAuth2 token key leak. Currently, the scanner support...

The vulnerability of the Cisco IOx software platform for the Cisco IOS XE operating system allows a hacker to gain access to the basic operating system as a root user.

The vulnerability of the Cisco IOx software platform for the Cisco IOS XE operating system is related to an error in blocking the privileged mode options for Docker containers during application development. Exploiting this vulnerability could allow a malicious actor to gain access to the basic...

Security Bulletin: IBM Security Verify Access OpenID Connect Provider container has fixed multiple vulnerabilities (CVE-2022-43868, CVE-2022-43739, CVE-2022-43740)

Summary Multiple security vulnerabilities have been addressed in the IBM Security Verify Access OpenID Connect OIDC Provider container. Vulnerability Details CVEID:CVE-2022-43868 DESCRIPTION: IBM Security Verify Access OIDC Provider could disclose directory information that could aid attackers in...

Security Bulletin: Postgresql JDBC drivers shipped with IBM Security Verify Access have a vulnerability (CVE-2022-41946)

Summary Postgresql JDBC as shipped with IBM Security Verify Access has addressed a vulnerability that could allow a local authenticated attacker to obtain sensitive information. Vulnerability Details CVEID:CVE-2022-41946 DESCRIPTION: Postgresql JDBC could allow a local authenticated attacker to...

Security Bulletin: Security Vulnerabilities fixed in IBM Security Verify Access (CVE-2022-40303)

Summary A Security Vulnerability in libxml2 as shipped with IBM Security Verify Access has been fixed. Vulnerability Details CVEID:CVE-2022-40303 DESCRIPTION: Gnome libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the XMLPARSEHUGE...

AZL-35437 CVE-2023-45142 affecting package docker-buildx for versions less than 0.14.0-1

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

Exploit for Out-of-bounds Write in Haxx Libcurl

Quick description This showcases the cURL CVE-2023-38545. It...

Exploit for Uncontrolled Resource Consumption in Ietf Http

CVE-2023-44487 Basic vulnerability scanning to see if web serv...

AZL-35436 CVE-2023-44487 affecting package docker-buildx for versions less than 0.14.0-1

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-35441 CVE-2023-44487 affecting package docker-compose for versions less than 2.27.0-1

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

Sirius - First Truly Open-Source General Purpose Vulnerability Scanner

Sirius is the first truly open-source general purpose vulnerability scanner. Today, the information security community remains the best and most expedient source for cybersecurity intelligence. The community itself regularly outperforms commercial vendors. This is the primary advantage Sirius Sca...

The vulnerability of the Docker Swarm Dashboard component of the Jenkins Docker Swarm Plugin allows a attacker to perform cross-site scripting attacks.

The vulnerability of the Docker Swarm Dashboard component of the Jenkins Docker Swarm plugin is related to the lack of security measures for the web page structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially created link...

Cisco IOx Application Hosting Environment Privilege Escalation (cisco-sa-rdocker-uATbukKn)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure that could allow an authenticated, remote attacker to access the underlying operating system ...

CVE-2023-43069

Dell SmartFabric Storage Software v1.4 and earlier contains an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker...

CVE-2023-43069

Dell SmartFabric Storage Software v1.4 and earlier contains an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker...