CVE-2024-24786 affecting package docker-compose for versions less than 2.27.0-1

CVE-2024-24786 affecting package docker-compose for versions less than 2.27.0-1. An upgraded version of the package is available that resolves this issue...

Exploit for CVE-2024-4701

CVE-2024-4701-POC POC for CVE-2024-4701 Download the genie do...

CSAF - Cyber Security Awareness Framework

The Cyber Security Awareness Framework CSAF is a structured approach aimed at enhancing Cybersecurity" title="Cybersecurity"cybersecurity awareness and understanding among individuals, organizations, and communities. It provides guidance for the development of effective Cybersecurity"...

OESA-2024-1466 docker security update

Docker is an open source project to build, ship and run any application as a lightweight container. Security Fixes: Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking...

AZL-38569 CVE-2023-45288 affecting package docker-compose for versions less than 2.27.0-1

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

Exploit for Use After Free in Linux Linux_Kernel

https://github.com/Notselwyn/CVE-2024-1086 usage docker...

CVE-2024-29018

Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows for many networks, each with their own IP address range and gateway, to be defined. This feature i...

GHSA-MQ39-4GV4-MVPX vulnerabilities

Vulnerabilities for packages: tkn, buf, docker-compose, cadvisor-fips, spire-server-fips, ctop, datadog-agent, kubescape, up, buildkitd, kaniko, datadog-agent-fips, loki, syft, crossplane, cadvisor, conftest, grype, ko, prometheus, aactl, conftest-fips, zot, kargo, wolfictl, dagger, melange,...

Bootiful Spring Boot in 2024 (part 1)

NB: the code is here on my Github account: github.com/joshlong/bootiful-spring-boot-2024-blog. Hi, Spring fans! I'm Josh Long, and I work on the Spring team. I'm excited to be keynoting and giving a talk at Microsoft's JDConf this year. I'm a Kotlin GDE and a Java Champion, and I'm of the opinion...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: rabbitmq-cluster-operator, prometheus-nats-exporter, local-path-provisioner, ip-masq-agent, hubble-fips, sigstore-scaffolding, ctop, crossplane-provider-aws-route53, crossplane-provider-aws-sqs, stakater-reloader, eksctl, certificate-transparency, envoy-ratelimit-fip...

AZL-35643 CVE-2024-24786 affecting package docker-compose for versions less than 2.27.0-1

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

AZL-35439 CVE-2024-23653 affecting package docker-compose for versions less than 2.27.0-1

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask...

AZL-35438 CVE-2024-23650 affecting package docker-compose for versions less than 2.27.0-1

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoi...

This Week in Spring - January 23rd, 2024

Hi, Spring fans, and greetings from CERN, home of the famous Large Hadron Collider, where I'm speaking again at the VOXXED Days CERN 2017 event. It's been an amazing almost week here in lovely Switzerland, first in Lugano for VOXXED Days Ticino, and now in Geneva. I'm super excited to be here, bu...

This Week in Spring - November 14th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's November 14th, and you know what that means? NINE MORE DAYS until Spring Boot 3.2 drops on the day of the US holiday of Thanksgiving, no less! Some key features include: virtual threads initial CRaC support more...

Exploit for Injection in Discourse

Table of contents ================= CVE-2023-47119cve...

CVE-2023-47108 vulnerabilities

Vulnerabilities for packages: cri-tools, kubernetes, k3s, docker-compose, volume-modifier-for-k8s, buildkitd, kubernetes-csi-external-resizer, metrics-server, envoy-ratelimit, temporal-server, kubevela, kubescape, kine, temporal...

AZL-35440 CVE-2023-47108 affecting package docker-compose for versions less than 2.27.0-1

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the...

Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File

Description The laters version of Kimai is found to be vulnerable to a critical Server-Side Template Injection SSTI which can be escalated to Remote Code Execution RCE. The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the software's PDF and HTML...

GHSA-FJHG-96CP-6FCW Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File

Description The laters version of Kimai is found to be vulnerable to a critical Server-Side Template Injection SSTI which can be escalated to Remote Code Execution RCE. The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the software's PDF and HTML...