9270 matches found
Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data
Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components.This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...
Exploit for CVE-2024-38816
CVE-2024-38816 Proof of Concept PoC This is a proof of conc...
GLSA-202409-29 : Docker: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202409-29 Docker: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in Docker. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly fro...
Docker: Multiple Vulnerabilities
Background Docker contains the the core functions you need to create Docker images and run Docker containers Description Multiple vulnerabilities have been discovered in Docker. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
CVE-2024-47182
Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches to bcrypt, a more appropriate hash for passwords, in version 8.5.3...
CVE-2024-47182 Dozzle uses unsafe hash for passwords
Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches to bcrypt, a more appropriate hash for passwords, in version 8.5.3...
CVE-2024-47179
RSSHub is an RSS network. Prior to commit 64e00e7, RSSHub's docker-test-cont.yml workflow is vulnerable to Artifact Poisoning, which could have lead to a full repository takeover. Downstream users of RSSHub are not vulnerable to this issue, and commit 64e00e7 fixed the underlying issue and made t...
CVE-2024-47179 RSSHub's `docker-test-cont.yml` workflow is vulnerable to Artifact Poisoning which may lead to a full repository takeover.
RSSHub is an RSS network. Prior to commit 64e00e7, RSSHub's docker-test-cont.yml workflow is vulnerable to Artifact Poisoning, which could have lead to a full repository takeover. Downstream users of RSSHub are not vulnerable to this issue, and commit 64e00e7 fixed the underlying issue and made t...
PT-2024-32460 · Rsshub · Rsshub
Name of the Vulnerable Software and Affected Versions: RSSHub versions prior to commit 64e00e7 Description: RSSHub's docker-test-cont.yml workflow is vulnerable to Artifact Poisoning, which could have led to a full repository takeover. The workflow gets triggered when the PR - Docker build test...
RSSHub 输入验证错误漏洞
RSSHub is the world's largest RSS network open-sourced by DIYgod, consisting of over 5000 global instances. RSSHub suffers from an input validation error vulnerability that stems from the vulnerability of RSSHub's docker-test-cont.yml workflow to a poisoning attack, which could lead to a takeover...
Malicious code in faest (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f66b290465d72fc55bce4fef4200ebea68c430be84cdcbbabec5263958041781 When using this library to do any request, a "validateorigin" function is called L1320 in client.py. This method, located in utils.py, collects all request dat...
EulerOS 2.0 SP8 : docker-engine (EulerOS-SA-2024-2462)
According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache...
lobe-chat implemented an insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964)
Summary SSRF protection implemented in https://github.com/lobehub/lobe-chat/blob/main/src/app/api/proxy/route.ts does not consider redirect and could be bypassed when attacker provides external malicious url which redirects to internal resources like private network or loopback address. PoC 1. Ru...
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-2462)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
The Damn Vulnerable Drone is an intentionally vulnerable drone hacking simulator based on the popular ArduPilot/MAVLink architecture, providing a realistic environment for hands-on drone hacking. About the Damn Vulnerable Drone What is the Damn Vulnerable Drone? The Damn Vulnerable Drone is a...
Stirling-PDF 跨站脚本漏洞
Stirling-PDF is a powerful, locally hosted, web-based PDF manipulation tool using Docker, open-sourced by Stirling Tools. A cross-site scripting vulnerability exists in Stirling-PDF version 0.28.3 and earlier, which stems from unknown code in the Markdown-to-PDF component and results in a...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.37 bug fix and security update
Red Hat OpenShift Container Platform release 4.14.37 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...
Docker Desktop < 4.34.2 Multiple Vulnerabilities
The version of Docker Desktop for Linux is prior to 4.34.2. It is therefore affected by multiple vulnerabilities. - A remote code execution RCE vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2. - A remote code...
Docker Desktop < 4.34.2 Multiple Vulnerabilities
The version of Docker Desktop for Linux is prior to 4.34.2. It is therefore affected by multiple vulnerabilities. - A remote code execution RCE vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2. - A remote code...
Docker Desktop < 4.34.2 Multiple Vulnerabilities
The version of Docker Desktop for Linux is prior to 4.34.2. It is therefore affected by multiple vulnerabilities. - A remote code execution RCE vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2. - A remote code...