9190 matches found
CVE-2025-32111
The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks "persist-credentials: false" for actions/checkout...
CVE-2025-32111
The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks "persist-credentials: false" for actions/checkout...
CVE-2025-32111
The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks "persist-credentials: false" for actions/checkout...
CVE-2025-32111
The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks "persist-credentials: false" for actions/checkout...
acme.sh 安全漏洞
acme.sh is a scripting tool in the acme.sh open source. A security vulnerability exists in versions of acme.sh prior to 40b6db6, which stems from a missing persist-credentials: false configuration in the github/workflows/dockerhub.yml file on which the Docker image is based...
CVE-2025-32111
CVE-2025-32111 affects the acme.sh Docker image built from a .github/workflows/dockerhub.yml workflow. The root cause is that actions/checkout lacked persist-credentials: false, potentially exposing credentials. The provided metrics indicate high impact (CVSS 3.1: AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/...
CVE-2025-32111
The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks "persist-credentials: false" for actions/checkout...
AWS SAM CLI < 1.133.0 multiple vulnerabilities
The version of AWS SAM CLI installed on the remote host is prior to 1.133.0 and is, therefore, affected by multiple vulnerabilities: - When running the AWS SAM CLI build process with Docker and symlinks are included in the build files, the container environment allows a user to access privileged...
SUSE SLES12 Security Update : docker, docker-stable (SUSE-SU-2025:1102-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1102-1 advisory. - CVE-2025-22868: Fixed unexpected memory consumption during token parsing in golang.org/x/oauth2 bsc1239185. - CVE-2025-22869: Fixed Denial of...
CVE-2025-3047
When running the AWS Serverless Application Model Command Line Interface SAM CLI build process with Docker and symlinks are included in the build files, the container environment allows a user to access privileged files on the host by leveraging the elevated permissions granted to the tool. A use...
CVE-2025-3048
After completing a build with AWS Serverless Application Model Command Line Interface SAM CLI which include symlinks, the content of those symlinks are copied to the cache of the local workspace as regular files or directories. As a result, a user who does not have access to those symlinks outsid...
appscanstandard-integration:ibm-security-appscanstandard-scanner (>=1.0 <=2.8), com.cloudbees.jenkins.plugins:additional-identities-plugin (>=109.v2c51a_117a_7b_4 <=141.vd9ede1e02477) +497 more potentially affected by CVE-2025-31720 via org.jenkins-ci.main:jenkins-core (>=2.0 <=2.492.2)
org.jenkins-ci.main:jenkins-core MAVEN version =2.0, =1.0, =109.v2c51a117a7b4, =1.155.v3d884c1bdee1, =4050.v8ba69b587c39, =4050.v8ba69b587c39, =1.0.5, =2.0.0, =2.0, =1.0.2, =1.0.0, =2.2.0, =2.0.0, =0.1.0, =0.2.0 and more Source cves: CVE-2025-31720https://vulners.com/cve/CVE-2025-3...
SUSE-SU-2025:1102-1 Security update for docker, docker-stable
This update for docker, docker-stable fixes the following issues: - CVE-2025-22868: Fixed unexpected memory consumption during token parsing in golang.org/x/oauth2 bsc1239185. - CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh bsc1239322. - CVE-2024-29018:...
openSUSE Security Advisory (SUSE-SU-2025:1062-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
AWS SAM CLI Path Traversal allows file copy to build container
Summary The AWS Serverless Application Model Command Line Interface AWS SAM CLI is an open-source CLI tool that helps Lambda developers to build and develop Lambda applications locally on their computers using Docker. When running the AWS SAM CLI build process with Docker and symlinks are include...
SUSE-SU-2025:20259-1 Security update for docker
This update for docker fixes the following issues: - This update includes fixes for: CVE-2024-41110: Fixed Authz zero length regression bsc1228324 CVE-2023-47108: Fixed otelgrpc: DoS vulnerability in otelgrpc uncontrolled resource consumption due to unbound cardinality bsc1217070 bsc1229806...
Security update for docker
This update for docker fixes the following issues: This update includes fixes for: CVE-2024-41110: Fixed Authz zero length regression bsc1228324 CVE-2023-47108: Fixed otelgrpc: DoS vulnerability in otelgrpc uncontrolled resource consumption due to unbound cardinality bsc1217070 bsc1229806...
CVE-2025-3047
When running the AWS Serverless Application Model Command Line Interface SAM CLI build process with Docker and symlinks are included in the build files, the container environment allows a user to access privileged files on the host by leveraging the elevated permissions granted to the tool. A use...
CVE-2025-3047
When running the AWS Serverless Application Model Command Line Interface SAM CLI build process with Docker and symlinks are included in the build files, the container environment allows a user to access privileged files on the host by leveraging the elevated permissions granted to the tool. A use...
CVE-2025-3047 Path Traversal in AWS SAM CLI allows file copy to build container
When running the AWS Serverless Application Model Command Line Interface SAM CLI build process with Docker and symlinks are included in the build files, the container environment allows a user to access privileged files on the host by leveraging the elevated permissions granted to the tool. A use...