9270 matches found
SUSE-SU-2024:4204-1 Security update for docker-stable
This update for docker-stable fixes the following issues: - CVE-2024-41110: Fixed Authz zero length regression bsc1228324. Bug fixes: - Allow users to disable SUSE secrets support by setting DOCKERSUSESECRETSENABLE=0 in /etc/sysconfig/docker bsc1231348. - Import specfile changes for docker-buildx...
CVE-2024-24786 affecting package docker-cli for versions less than 25.0.3-2
CVE-2024-24786 affecting package docker-cli for versions less than 25.0.3-2. A patched version of the package is available...
Exploit for Missing Authentication for Critical Function in Really-Simple-Plugins Really_Simple_Security
PoC Authentication Bypass MFA Really Simple Security WordPress...
Gafgyt Malware Targeting Docker Remote API Servers
Our researchers identified threat actors exploiting misconfigured Docker servers to spread the Gafgyt malware. This threat traditionally targets IoT devices; this new tactic signals a change in its behavior...
Gafgyt Malware Broadens Its Scope in Recent Attacks
Our researchers identified threat actors exploiting misconfigured Docker servers to spread the Gafgyt malware. This threat traditionally targets IoT devices; this new tactic signals a change in its behavior...
The vulnerability of the Docker-based registration system for incoming goods, which allows attackers to enhance their privileges.
The vulnerability of the Docker-based registration system for incoming goods involves deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...
AZL-53827 CVE-2024-36623 affecting package docker-cli for versions less than 25.0.3-3
moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes...
CVE-2024-36621
moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion...
CVE-2024-36623
moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes...
Exploit for Use of Hard-coded Credentials in Mariazevedo88 Travels-Java-Api
PoC Authentication Bypass MFA Really Simple Security WordPress...
CVE-2024-53844
E.D.D.I Enhanced Dialog Driven Interface is a middleware to connect and manage LLM API bots. A path traversal vulnerability exists in the backup export functionality of EDDI, as implemented in RestExportService.java. This vulnerability allows an attacker to access sensitive files on the server by...
CVE-2024-53844 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in labsai/eddi
E.D.D.I Enhanced Dialog Driven Interface is a middleware to connect and manage LLM API bots. A path traversal vulnerability exists in the backup export functionality of EDDI, as implemented in RestExportService.java. This vulnerability allows an attacker to access sensitive files on the server by...
CVE-2024-53844 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in labsai/eddi
E.D.D.I Enhanced Dialog Driven Interface is a middleware to connect and manage LLM API bots. A path traversal vulnerability exists in the backup export functionality of EDDI, as implemented in RestExportService.java. This vulnerability allows an attacker to access sensitive files on the server by...
CVE-2024-53844
CVE-2024-53844 affects labsai/eddi (EDDI), a middleware for LLM API bots. The vulnerability is a path traversal in the backup export functionality, exploitable via the botFilename parameter in RestExportService.java. Input is not properly sanitized, allowing attackers to access arbitrary files in...
CVE-2024-53844 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in labsai/eddi
E.D.D.I Enhanced Dialog Driven Interface is a middleware to connect and manage LLM API bots. A path traversal vulnerability exists in the backup export functionality of EDDI, as implemented in RestExportService.java. This vulnerability allows an attacker to access sensitive files on the server by...
Exploit for CVE-2024-21534
Vulnerability Information: CVE-2024-21534 The jsonpath-plus...
Exploit for CVE-2024-4439
CVE-2024-4439 CVE-2024-4439: Docker and POC Lab Setting...
ROS-20241121-04
Vulnerability of authorization plugins AuthZ of the software for automating deployment and management of applications in containerized environments Docker Engine is related to flaws in the AuthZ plugin. application management in containerization-enabled environments Docker Engine is related to...
Exploit for Allocation of Resources Without Limits or Throttling in Vmware Spring_Framework
Spring CVE-2022-22970 Proof of Concept This repo contains...
CVE-2024-11075
A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the underlying system e.g. local or via SSH a privilege escalation to the administrative level due to the usage of component vendor Docker images running with root permissions. Exploiting this misconfiguration...