9239 matches found
EulerOS 2.0 SP8 : docker-engine (EulerOS-SA-2024-2462)
According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache...
lobe-chat implemented an insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964)
Summary SSRF protection implemented in https://github.com/lobehub/lobe-chat/blob/main/src/app/api/proxy/route.ts does not consider redirect and could be bypassed when attacker provides external malicious url which redirects to internal resources like private network or loopback address. PoC 1. Ru...
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-2462)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
The Damn Vulnerable Drone is an intentionally vulnerable drone hacking simulator based on the popular ArduPilot/MAVLink architecture, providing a realistic environment for hands-on drone hacking. About the Damn Vulnerable Drone What is the Damn Vulnerable Drone? The Damn Vulnerable Drone is a...
Stirling-PDF 跨站脚本漏洞
Stirling-PDF is a powerful, locally hosted, web-based PDF manipulation tool using Docker, open-sourced by Stirling Tools. A cross-site scripting vulnerability exists in Stirling-PDF version 0.28.3 and earlier, which stems from unknown code in the Markdown-to-PDF component and results in a...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.37 bug fix and security update
Red Hat OpenShift Container Platform release 4.14.37 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...
Docker Desktop < 4.34.2 Multiple Vulnerabilities
The version of Docker Desktop for Linux is prior to 4.34.2. It is therefore affected by multiple vulnerabilities. - A remote code execution RCE vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2. - A remote code...
Docker Desktop < 4.34.2 Multiple Vulnerabilities
The version of Docker Desktop for Linux is prior to 4.34.2. It is therefore affected by multiple vulnerabilities. - A remote code execution RCE vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2. - A remote code...
Docker Desktop < 4.34.2 Multiple Vulnerabilities
The version of Docker Desktop for Linux is prior to 4.34.2. It is therefore affected by multiple vulnerabilities. - A remote code execution RCE vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2. - A remote code...
Vulnerabilities fixed in Docker Desktop
Vulnerabilities have been fixed in Docker Desktop. A malicious party can exploit the vulnerabilities to execute arbitrary code in the context of the Desktop application. Since the Docker Desktop is mostly used by developers, it cannot be ruled out that the execution of arbitrary code can take pla...
Dockwatch Remote Command Execution Exploit
Dockwatch is a container management web UI for docker. It runs by default without authentication, although guidance is available for how to setup credentials for access. It has a Commands feature that allows a user to run docker commands such as inspect, network, ps. Prior to fix, it did not...
GHSA-QQV8-PH7F-H3F7 OpenShift Builder has a path traversal, allows command injection in privileged BuildContainer
A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the "Docker" strategy, executable files inside the privileged build containe...
OpenShift Builder has a path traversal, allows command injection in privileged BuildContainer
A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the "Docker" strategy, executable files inside the privileged build containe...
CVE-2024-7387
A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the “Docker” strategy, executable files inside the privileged build containe...
CVE-2024-7387 Openshift/builder: path traversal allows command injection in privileged buildcontainer using docker build strategy
A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the “Docker” strategy, executable files inside the privileged build containe...
CVE-2024-7387 Openshift/builder: path traversal allows command injection in privileged buildcontainer using docker build strategy
A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the “Docker” strategy, executable files inside the privileged build containe...
CVE-2024-7387
OpenShift CVE-2024-7387 is a symlink-traversal/path traversal vulnerability in the openshift/builder docker build path. A privileged build container can have its destinationDir override a symlink (e.g., usr_bin -> /usr/bin), enabling overwriting of system binaries like /usr/bin/cp and executio...
CVE-2024-7387
A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the “Docker” strategy, executable files inside the privileged build containe...
DockerSpy - DockerSpy Searches For Images On Docker Hub And Extracts Sensitive Information Such As Authentication Secrets, Private Keys, And More
DockerSpy searches for images on Docker Hub and extracts sensitive information such as authentication secrets, private keys, and more. What is Docker? Docker is an open-source platform that automates the deployment, scaling, and management of applications using containerization technology...
RHSA-2024:1270 Red Hat Security Advisory: docker security update
Bulletin has no description...