9269 matches found
Security Bulletin: Apache Log4j Vulnerability Affects IBM Sterling File Gateway (CVE-2021-45105, CVE-2021-45046)
Summary IBM Sterling File Gateway is impacted by Apache Log4j vulnerabilities CVE-2021-45105 and CVE-2021-45046. Final remediation images published below. As an alternative to the final remediation images, manual mitigation steps are also provided below. Vulnerability Details CVEID: CVE-2021-4510...
Security Bulletin: Apache Log4j Vulnerability Affects IBM Sterling File Gateway (CVE-2021-44228)
Summary IBM Sterling File Gateway is impacted by Log4Shell CVE-2021-44228, through the use of Apache Log4j's JNDI logging feature. Final remediation images published below. As an alternative to the final remediation images, manual mitigation steps are also provided below. Vulnerability Details...
MGASA-2022-0071 Updated docker-containerd packages fix security vulnerability
Unprivileged pod may bind mount any privileged regular file on disk CVE-2021-43816...
Updated docker-containerd packages fix security vulnerability
Unprivileged pod may bind mount any privileged regular file on disk CVE-2021-43816...
jenkins-2-plugins/docker-commons: does not sanitize the name of an image or a tag which could result in an OS command execution
An OS command execution vulnerability was found in the Jenkins Docker Commons plugin. Due to a lack of sanitization in the name of an image or a tag, an attacker with Item/Configure permission or the ability to control the contents of a previously configured job’s SCM repository may be able to...
vulhub
This is a pre-built vulnerable environment based on Docker-Compose, maintained by the Vulhub project. The repository contains a collection of vulnerable applications and services, including CouchDB, FFmpeg, Git, and more, which can be used for testing and training purposes. The environment is...
jenkins-2-plugins/docker-commons: does not sanitize the name of an image or a tag which could result in an OS command execution
An OS command execution vulnerability was found in the Jenkins Docker Commons plugin. Due to a lack of sanitization in the name of an image or a tag, an attacker with Item/Configure permission or the ability to control the contents of a previously configured job’s SCM repository may be able to...
RHEL 8 : OpenShift Container Platform 4.8.31 (RHSA-2022:0483)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0483 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...
RHEL 8 : OpenShift Container Platform 4.7.43 (RHSA-2022:0491)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0491 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...
GHSA-8FVR-5RQF-3WWH Information Exposure in Docker Engine
Docker Engine before 1.6.1 uses weak permissions for 1 /proc/asound, 2 /proc/timerstats, 3 /proc/latencystats, and 4 /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image...
GHSA-G44J-7VP3-68CV Arbitrary File Write in Libcontainer
Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization "mount namespace breakout" and write to arbitrary file on the host system via a symlink attack in an image when respawning a container...
GHSA-997C-FJ8J-RQ5H Arbitrary Code Execution
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted 1 image or 2 build in a Dockerfile in an LZMA .xz archive, related to the chroot for archive extraction...
GHSA-44GG-PMQR-4669 Access Restriction Bypass in Docker
Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image...
GHSA-QRRC-WW9X-R43G Improper Input Validation in Docker Engine
An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAPNETRAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service...
GHSA-V4H8-794J-G8MM Arbitrary File Override in Docker Engine
Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules LSM and dockert policies via an image that allows volumes to override files in /proc...
GHSA-8W94-CF6G-C8MG Man-in-the-Middle (MitM)
Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to...
Arbitrary Code Execution
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted 1 image or 2 build in a Dockerfile in an LZMA .xz archive, related to the chroot for archive extraction...
Access Restriction Bypass in Docker
Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image...
Man-in-the-Middle (MitM)
Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to...
Path Traversal in HashiCorp Nomad
HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature github.com/hashicorp/nomad/drivers/docker may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8...