9239 matches found
GHSA-H99M-6755-RGWC Rancher Remote Code Execution via Cluster/Node Drivers
Impact A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the chroot jail and gain root access to the Rancher container itself. In production environments, further privilege escalation is possible based on living off the land within the Rancher...
Exploit for Cross-site Scripting in Roundcube Webmail
CVE-2024-37383-POC Proof of concept for CVE-2024-37383 Int...
Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks
Bad actors have been observed targeting Docker remote API servers to deploy the SRBMiner crypto miner on compromised instances, according to new findings from Trend Micro. "In this attack, the threat actor used the gRPC protocol over h2c to evade security solutions and execute their crypto mining...
Using gRPC and HTTP/2 for Cryptominer Deployment: An Unconventional Approach
In this blog entry, we discuss how malicious actors are exploiting Docker remote API servers via gRPC/h2c to deploy the cryptominer SRBMiner to facilitate their mining of XRP on Docker hosts...
Attackers Target Exposed Docker Remote API Servers With perfctl Malware
We observed an unknown threat actor abusing exposed Docker remote API servers to deploy the perfctl malware...
[SECURITY] Fedora 41 Update: podman-5.2.5-1.fc41
podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...
Docker Desktop < 4.34.3 RCE
The version of Docker installed on the remote host is prior to 4.34.3. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-9348 advisory. - Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view. CVE-2024-9348 Note that Nessus has not...
Docker for Windows < 4.34.3 RCE
The version of Docker Desktop installed on the remote host is prior to 4.34.3. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-9348 advisory. - Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view. CVE-2024-9348 Note that Nessus has...
Docker Desktop < 4.34.3 RCE (macOS)
The version of Docker installed on the remote host is prior to 4.34.3. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-9348 advisory. - Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view. CVE-2024-9348 Note that Nessus has not...
The vulnerability of the Docker Desktop platform for developing and delivering container applications lies in the lack of mechanisms for encoding or shielding output data. This allows attackers to execute arbitrary code.
The vulnerability of the Docker Desktop platform for developing and delivering container applications is related to the lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by introducing it through an...
CVE-2024-9348
Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view...
CVE-2024-9348 Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view
Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view...
CVE-2024-9348 Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view
Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view...
CVE-2024-9348
Docker Desktop is affected by CVE-2024-9348 on versions prior to 4.34.3. The issue is a remote code execution (RCE) vulnerability caused by unsanitized GitHub source links in the Build view, allowing an attacker to execute arbitrary code. Public sources across Nessus plug‑ins, CVELIST, CNNVD, and...
Exploit for Deserialization of Untrusted Data in Apache Activemq
CVE-2023-46604 !imagehttps://github.com/user-attachments/ass...
Docker Desktop 安全漏洞
Docker Desktop is a desktop software for lightweight deployment of applications based on container technology from Docker Inc. in the United States. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...
GHSA-4R7V-WHPG-8RX3 changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command Execution
Summary A Server Side Template Injection in changedetection.io caused by usage of unsafe functions of Jinja2 allows Remote Command Execution on the server host. Details changedetection.io version: 0.45.20 docker images REPOSITORY TAG IMAGE ID CREATED SIZE dgtlmoon/changedetection.io latest...
changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command Execution
Summary A Server Side Template Injection in changedetection.io caused by usage of unsafe functions of Jinja2 allows Remote Command Execution on the server host. Details changedetection.io version: 0.45.20 docker images REPOSITORY TAG IMAGE ID CREATED SIZE dgtlmoon/changedetection.io latest...
Security Bulletin: IBM Edge Application Manager 4.5.8 addresses the security vulnerabilities listed in the CVEs below.
Summary IBM Edge Application Manager 4.5.8 addresses the security vulnerabilities listed in the CVEs below. Vulnerability Details CVEID:CVE-2024-43799 DESCRIPTION: pillarjs send is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could...
Security Bulletin: IBM Edge Application Manager 4.5.8 addresses the security vulnerabilities listed in the CVEs below.
Summary IBM Edge Application Manager 4.5.8 addresses the security vulnerabilities listed in the CVEs below. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get processed as protocol...