9278 matches found
[SECURITY] Fedora 36 Update: moby-engine-20.10.18-1.fc36
Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between - and they don'...
RHEL 7 : docker (RHSA-2021:2144)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:2144 advisory. Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that runs...
Exploit for SQL Injection in Zabbix
This is a comprehensive and well-structured vulnerability hub repository. Here's a concise analysis of the provided information: Classification: It is an offensive tool for various vulnerability exploitation and testing purposes. CVE IDs: The repository contains references to several CVE IDs,...
PT-2022-6457 · Docker +10 · Moby +10
Name of the Vulnerable Software and Affected Versions: containerd versions prior to 1.6.18 and 1.5.18 Moby Docker Engine versions prior to 20.10.18 CRI-O affected versions not specified Buildah affected versions not specified Podman affected versions not specified Description: A bug was found in...
EulerOS 2.0 SP9 : docker-runc (EulerOS-SA-2022-2283)
According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version...
EulerOS 2.0 SP9 : docker-runc (EulerOS-SA-2022-2312)
According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version...
EulerOS 2.0 SP9 : docker-engine (EulerOS-SA-2022-2311)
According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where attempti...
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2022-2311)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2022-2312)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2022-2283)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-39206
Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. When using Docker-based job executors, the Docker socket e.g. /var/run/docker.sock on Linux is mounted into each Docker step. Users that can define and trigger CI/CD jobs on a project could use this to control the Docker daem...
Buffer overflow
Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. When using Docker-based job executors, the Docker socket e.g. /var/run/docker.sock on Linux is mounted into each Docker step. Users that can define and trigger CI/CD jobs on a project could use this to control the Docker daem...
CVE-2022-39206 CI/CD Docker Escape in OneDev
Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. When using Docker-based job executors, the Docker socket e.g. /var/run/docker.sock on Linux is mounted into each Docker step. Users that can define and trigger CI/CD jobs on a project could use this to control the Docker daem...
CVE-2022-39206
CVE-2022-39206 affects OneDev. When using Docker-based job executors, the Docker socket (e.g., /var/run/docker.sock) is mounted into each Docker step, enabling users who can define/trigger CI/CD jobs to control the host daemon. This can allow regular (non-admin) users to break out of containers a...
CVE-2022-39206 CI/CD Docker Escape in OneDev
Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. When using Docker-based job executors, the Docker socket e.g. /var/run/docker.sock on Linux is mounted into each Docker step. Users that can define and trigger CI/CD jobs on a project could use this to control the Docker daem...
CVE-2022-39206 CI/CD Docker Escape in OneDev
Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. When using Docker-based job executors, the Docker socket e.g. /var/run/docker.sock on Linux is mounted into each Docker step. Users that can define and trigger CI/CD jobs on a project could use this to control the Docker daem...
PT-2022-24806 · Onedev · Onedev
Name of the Vulnerable Software and Affected Versions: Onedev versions prior to 7.3.0 Description: Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. When using Docker-based job executors, the Docker socket is mounted into each Docker step, allowing users who can define and...
Theonedev Onedev 授权问题漏洞
Theonedev Onedev is a JAVA-based all-in-one DevOps platform from the Theonedev team. The platform supports container build, orchestration, CI, Git management, team collaboration and other features to help developers build a simple, powerful development platform. Theonedev An authorization issue...
The vulnerability of the Docker Engine software, related to deficiencies in authentication mechanisms, allows a malicious actor to execute arbitrary code.
The vulnerability of the Docker Engine software relates to deficiencies in its authentication mechanism. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Security Breaks: TeamTNT’s DockerHub Credentials Leak
One of our honeypots based on exposed Docker REST APIs showed cybercriminal group TeamTNT’s potential attack scenario and leak of container registry credentials for docker-abuse malware. The full version of this research will be presented at the c0c0n XV Hacking and Cyber Security Conference in...