541 matches found
AZL-57374 CVE-2025-22869 affecting package docker-compose for versions less than 2.27.0-4
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...
GHSA-2JWV-JMQ4-4J3R vulnerabilities
Vulnerabilities for packages: hubble-ui, osv-scanner, cosign, smarter-device-manager, timoni, flux-source-controller, kubecolor, newrelic-nri-statsd, prometheus-pushgateway, dive, wait-for-port, flux-notification-controller, grpcurl, kyverno-policy-reporter-kyverno-plugin, snyk-cli, k3d,...
CVE-2025-23211
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the provided Docker Compose file as root. This vulnerability is fixed in 1.5.24...
CVE-2025-23211 Tandoor Recipes - SSTI - Remote Code Execution
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the provided Docker Compose file as root. This vulnerability is fixed in 1.5.24...
PT-2025-4850
Name of the Vulnerable Software and Affected Versions: Tandoor Recipes versions prior to 1.5.24 Description: The issue is related to a Jinja2 SSTI vulnerability that allows any user to execute commands on the server, potentially with root privileges in the case of the provided Docker Compose file...
SUSE CVE-2024-10846
The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 included...
AZL-55947 CVE-2024-10846 affecting package docker-compose for versions less than 2.27.0-4
The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 included...
CVE-2024-10846
The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 included...
CVE-2024-10846
The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 included...
CVE-2024-10846 Excessive Platform Resource Consumption within a Loop when unmarshalling Compose file having recursive loop
The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 included...
CVE-2024-10846
Summary: CVE-2024-10846 affects the compose-go library. The vulnerability occurs in versions v2.10–v2.4.0 of the compose-go component when an authorized user sends malicious YAML payloads, causing the library to consume excessive memory and CPU cycles during YAML parsing (as used by Docker Compos...
CVE-2024-45338 affecting package docker-compose for versions less than 2.27.0-3
CVE-2024-45338 affecting package docker-compose for versions less than 2.27.0-3. A patched version of the package is available...
GHSA-36GQ-35J3-P9R9 Excessive Platform Resource Consumption within a Loop when unmarshalling Compose file having recursive loop
Impact The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 included...
Excessive Platform Resource Consumption within a Loop when unmarshalling Compose file having recursive loop
Impact The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 included...
PT-2025-1609 · Docker +1 · Docker Compose +1
Name of the Vulnerable Software and Affected Versions: compose-go versions v2.10 through v2.4.0 Docker Compose versions v2.27.0 through v2.29.7 Description: The issue allows an authorized user who sends malicious YAML payloads to cause excessive memory and CPU cycle consumption while parsing YAML...
CVE-2024-45337 affecting package docker-compose for versions less than 2.27.0-2
CVE-2024-45337 affecting package docker-compose for versions less than 2.27.0-2. A patched version of the package is available...
AZL-54446 CVE-2024-45338 affecting package docker-compose for versions less than 2.27.0-3
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...
AZL-54381 CVE-2024-45337 affecting package docker-compose for versions less than 2.27.0-2
Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...
Exploit for Injection in Oracle Agile_Plm
针对 loj4j2 CVE-2021-44228 漏洞的研究 实验平台 - VirtualBox 7.0.12 r159484 Qt5.15.2 - Attacker kali - 网络地址转换(NAT) - host-only 网络 192.168.56.101 - Victim kali 2023.3 - 网络地址转换(NAT) - host-only 网络 192.168.56.112 实验任务 - - x 搭建实验平台 - - x 漏洞存在性验证 以 loj4j2 CVE-2021-44228 为例 - - x 漏洞可利用验证 以 loj4j2 CVE-2021-44228 为例...
Exploit for Deserialization of Untrusted Data in Apache Activemq
CVE-2023-46604 !imagehttps://github.com/user-attachments/ass...