EUVD-2026-37814

BBOT: Server-Side Request Forgery SSRF in dockerpull module via WWW-Authenticate realm parsing...

CVE-2026-12566

The dockerpull module uses the realm parameter from a Docker registry's WWW-Authenticate response header as the authentication endpoint without validation. An attacker in a man-in-the-middle position between bbot and a Docker registry could modify this header to redirect the authentication reques...

CVE-2026-12566

The CVE describes a vulnerability in the docker_pull module where the realm parameter from a Docker registry’s WWW-Authenticate header is used as the authentication endpoint without validation. This enables a man-in-the-middle between bb ot and a Docker registry to alter the header and redirect t...

PT-2026-50561

Name of the Vulnerable Software and Affected Versions bbot affected versions not specified Description The docker pull module fails to validate the realm parameter received from a Docker registry's WWW-Authenticate response header when using it as the authentication endpoint. A man-in-the-middle...

Security Bulletin: A Security Vulnerability was discovered in the IBM Security Verify Access OpenID Connect Provider (CVE-2024-22338)

Summary The IBM Security Verify Access OpenID Connect Provider could disclose sensitive information to a local user. This has been addressed in the OIDC Provider 23.12. Vulnerability Details CVEID:CVE-2024-22338 DESCRIPTION: IBM Security Verify Access OIDC Provider could disclose sensitive...

Security Bulletin: IBM Security Verify Access is vulnerable to a specially crafted HTTP request

Summary IBM Security Verify Access Appliance/Container and IBM Application Gateway are vulnerable to information disclosure or denial of service due to a specially crafted HTTP request. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details...

FreeBSD : gitea -- Prevent anonymous container access (bd7592a1-cbfd-11ee-a42a-5404a6f3ca32)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the bd7592a1-cbfd-11ee-a42a-5404a6f3ca32 advisory. - Even with RequireSignInView enabled, anonymous users can use docker pull to fetch public images...

gitea -- Prevent anonymous container access

Problem Description: Even with RequireSignInView enabled, anonymous users can use docker pull to fetch public images...

PT-2023-23589

Name of the Vulnerable Software and Affected Versions Netmaker versions prior to 0.17.1 Netmaker versions 0.18.0 through 0.18.5 Description An Insecure Direct Object Reference IDOR vulnerability was found in the user update function, allowing an attacker to update another user's password by...

docker-engine docker-engine-selinux security and bugfix update

1.12.6-1.0.1 - Enable configuration of Docker daemon via sysconfig orabug 21804877 - Require UEK4 for docker 1.9 orabug 22235639 22235645 - Add docker.conf for prelink orabug 25147708 1.12.6 - the systemd unit file /usr/lib/systemd/system/docker.service contains local changes, or - a systemd...