ROS-20240410-05

The vulnerability of the Moby containerization software tool is related to the lack of validation of received requests. no validation of received requests. Exploitation of the vulnerability could allow an intruder, acting remotely, to gain unauthorized access to protected information...

Moby 安全漏洞

Moby is an open source project that aims to drive containerization of software and help the ecosystem mainstream container technology. Moby has a security vulnerability that stems from an external DNS request that could lead to a data leak...

Talos Linux ships runc vulnerable to the escape to the host attack

Impact Snyk has discovered a vulnerability in all versions of runc =1.1.11, as used by the Docker engine, along with other containerization technologies such as Kubernetes. Exploitation of this issue can result in container escape to the underlying host OS, either through executing a malicious...

GHSA-G5P6-327M-3FXX Talos Linux ships runc vulnerable to the escape to the host attack

Impact Snyk has discovered a vulnerability in all versions of runc =1.1.11, as used by the Docker engine, along with other containerization technologies such as Kubernetes. Exploitation of this issue can result in container escape to the underlying host OS, either through executing a malicious...

CVE-2024-24557

Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions most important being HEALTHCHECK and ONBUILD would not cause a cache miss. An...

CVE-2024-24557 Moby classic builder cache poisoning

Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions most important being HEALTHCHECK and ONBUILD would not cause a cache miss. An...

Uptime Kuma Authenticated remote code execution via TailscalePing

Summary The runTailscalePing method of the TailscalePing class injects the hostname parameter inside a shell command, leading to a command injection and the possibility to run arbitrary commands on the server. Details When adding a new monitor on Uptime Kuma, we can select the "Tailscale Ping"...

New Webinar: 5 Must-Know Trends Impacting AppSec

Modern web app development relies on cloud infrastructure and containerization. These technologies scale on demand, handling millions of daily file transfers – it's almost impossible to imagine a world without them. However, they also introduce multiple attack vectors that exploit file uploads wh...

Amazon Linux 2 : docker (ALASECS-2023-013)

The version of docker installed on the remote host is prior to 20.10.22-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2023-013 advisory. A flaw was found in Moby. This flaw allows an attacker to bypass primary group restrictions due to a flaw in the...

Docker Hub images found to expose secrets and private keys

Numerous Docker images shared on Docker Hub are exposing sensitive data, according to a study conducted by researchers at the German university RWTH Aachen. Needless to say, this poses a significant security risk. In traditional software development, programmers code an application in one computi...

Exploit for Improper Ownership Management in Debian Debian_Linux

--- typora-copy-images-to: . /image --- CVE-2023-0386 Exp Us...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2023-1949)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the Docker-based containerization technology on Juniper Networks’ Junos OS Evolved operating systems allows a hacker to execute arbitrary code.

The vulnerability of the Docker-based containerization technology in Juniper Networks’ Junos OS Evolved operating systems is related to the improper assignment of permissions for critical resources. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

SUSE SLES12 Security Update : docker (SUSE-SU-2023:1625-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:1625-1 advisory. - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where...

Amazon Linux 2023 : docker (ALAS2023-2023-143)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-143 advisory. A flaw was found in Moby. This flaw allows an attacker to bypass primary group restrictions due to a flaw in the supplementary group access setup. CVE-2022-36109 Tenable has extracted the preceding...

Docker authorization issue vulnerability

Docker is an open source application container engine from the U.S. company Docker. The product supports creating a container lightweight virtual machine and deploying and running applications on Linux systems, as well as automating the installation, deployment, and upgrade of applications via...

[SECURITY] Fedora 37 Update: golang-github-docker-22.06.0~beta.0-7.fc37

Moby is an open-source project created by Docker to enable and accelerate software containerization. It provides a "Lego set" of toolkit components, the framework for assembling them into custom container-based systems, and a place for all container enthusiasts and professionals to experiment and...

[SECURITY] Fedora 37 Update: moby-engine-20.10.22-1.fc37

Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between - and they don'...

Yapscan's report receiver server vulnerable to path traversal and log injection

Impact If you make use of the report receiver server experimental, a client may be able to forge requests such that arbitrary files on the host can be overwritten subject to permissions of the yapscan server, leading to loss of data. This is particularly problematic if you do not authenticate...

GHSA-9H6H-9G78-86F7 Yapscan's report receiver server vulnerable to path traversal and log injection

Impact If you make use of the report receiver server experimental, a client may be able to forge requests such that arbitrary files on the host can be overwritten subject to permissions of the yapscan server, leading to loss of data. This is particularly problematic if you do not authenticate...