9241 matches found
Medium: docker
Issue Overview: When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorizatio...
Medium: docker
Issue Overview: When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorizatio...
Amazon Linux 2 : docker (ALASDOCKER-2024-045)
The version of docker installed on the remote host is prior to 25.0.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2024-045 advisory. When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an...
Amazon Linux 2 : docker (ALASNITRO-ENCLAVES-2024-046)
The version of docker installed on the remote host is prior to 25.0.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2024-046 advisory. When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial...
Amazon Linux 2 : docker (ALASNITRO-ENCLAVES-2024-045)
The version of docker installed on the remote host is prior to 25.0.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2024-045 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body ...
Exploit for Path Traversal in Apache Http_Server
CVE-2021-41773 POC & Lab For CVE-2021-41773 Setup Lab...
SUSE CVE-2024-24557
Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions most important being HEALTHCHECK and ONBUILD would not cause a cache miss. An...
Exploit for Deserialization of Untrusted Data in Givewp
This post is a research article published by EQSTLabhttps://g...
Malicious code in confluent-docker-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 bc7d66b033c3d09c07ce3226cd534199a9f8cb2200a79035526192fb140b94d9 The package is designed to exfiltrate basic data, like hostname and OS details, as well as collect information about the stacktrace it's imported from. ---...
MAL-2024-9963 Malicious code in confluent-docker-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 bc7d66b033c3d09c07ce3226cd534199a9f8cb2200a79035526192fb140b94d9 The package is designed to exfiltrate basic data, like hostname and OS details, as well as collect information about the stacktrace it's imported from. ---...
CVE-2024-42364
Homepage is a highly customizable homepage with Docker and service API integrations. The default setup of homepage 0.9.1 is vulnerable to DNS rebinding. Homepage is setup without certificate and authentication by default, leaving it to vulnerable to DNS rebinding. In this attack, an attacker will...
CVE-2024-42364 homepage DNS rebinding vulnerability (GHSL-2024-096)
Homepage is a highly customizable homepage with Docker and service API integrations. The default setup of homepage 0.9.1 is vulnerable to DNS rebinding. Homepage is setup without certificate and authentication by default, leaving it to vulnerable to DNS rebinding. In this attack, an attacker will...
CVE-2024-42364
CVE-2024-42364 – DNS rebinding vulnerability in Homepage 0.9.1. The default, unauthenticated setup of Homepage (0.9.1) can be abused via DNS rebinding to route requests to the internal IP of the Homepage instance, allowing an attacker-controlled site to access sensitive data (e.g., API keys) due ...
CVE-2024-42364 homepage DNS rebinding vulnerability (GHSL-2024-096)
Homepage is a highly customizable homepage with Docker and service API integrations. The default setup of homepage 0.9.1 is vulnerable to DNS rebinding. Homepage is setup without certificate and authentication by default, leaving it to vulnerable to DNS rebinding. In this attack, an attacker will...
Exploit for Improper Encoding or Escaping of Output in Apache Http_Server
CVE-2024-38473 Nuclei Template !imagehttps://github.com/us...
GO-2022-0985 Docker supplementary group permissions not set up properly, allowing attackers to bypass primary group restrictions in github.com/docker/docker
Docker supplementary group permissions not set up properly, allowing attackers to bypass primary group restrictions in github.com/docker/docker...
GO-2022-0919 Asymmetric Resource Consumption (Amplification) in Docker containers created by Wings in github.com/pterodactyl/wings
Asymmetric Resource Consumption Amplification in Docker containers created by Wings in github.com/pterodactyl/wings...
GO-2022-0903 Denial-of-Service within Docker container in ktbs.dev/teler
Denial-of-Service within Docker container in ktbs.dev/teler...
GO-2022-0647 Arbitrary File Write in Libcontainer in github.com/docker/docker
Arbitrary File Write in Libcontainer in github.com/docker/docker...
GO-2022-0752 Privilege Escalation in Docker in github.com/docker/docker
Privilege Escalation in Docker in github.com/docker/docker...