CVE-2024-41960

CVE-2024-41960 affects mailcow: dockerized (Relay Hosts configuration). An authenticated admin can inject a JavaScript payload into the Relay Hosts config, and the payload executes in the user’s browser when the configuration page is viewed, enabling arbitrary script execution in the user context...

CVE-2024-41958 Two-Factor Authentication (2FA) Bypass in mailcow: dockerized

mailcow: dockerized is an open source groupware/email suite based on docker. A vulnerability has been discovered in the two-factor authentication 2FA mechanism. This flaw allows an authenticated attacker to bypass the 2FA protection, enabling unauthorized access to other accounts that are otherwi...

SUSE SLES12 Security Update : docker (SUSE-SU-2024:2709-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:2709-1 advisory. - Update to Docker 25.0.6-ce. See upstream changelog online at - CVE-2024-41110: A Authz zero length regression that could lead to...

Leaked GitHub Python Token

Heres a disaster that didnt happen: Cybersecurity researchers from JFrog recently discovered a GitHub Personal Access Token in a public Docker container hosted on Docker Hub, which granted elevated access to the GitHub repositories of the Python language, Python Package Index PyPI, and the Python...

SUSE-SU-2024:2709-1 Security update for docker

This update for docker fixes the following issues: - Update to Docker 25.0.6-ce. See upstream changelog online at - CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed bsc1228324 - Fix BuildKit's symlink resolution logic to correctly handle non-lexica...

Amazon Linux 2 : docker (ALASDOCKER-2024-040)

The version of docker installed on the remote host is prior to 25.0.6-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2024-040 advisory. 2025-01-04: CVE-2024-36620 was added to this advisory. 2025-01-04: CVE-2024-36623 was added to this advisory...

Important: docker

Issue Overview: The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

Amazon Linux 2023 : docker (ALAS2023-2024-674)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-674 advisory. 2024-08-28: CVE-2024-29018 was added to this advisory. 2024-08-28: CVE-2024-24786 was added to this advisory. The protojson.Unmarshal function can enter an infinite loop when unmarshaling certa...

OPENSUSE-SU-2024:14229-1 docker-26.1.5_ce-1.1 on GA media

These are all security issues fixed in the docker-26.1.5ce-1.1 package on the GA media of openSUSE Tumbleweed...

Exploit for Path Traversal in Apache Http_Server

Apache 2.4.50 - Path Traversal or Remote Code Execution CVE-20...

Amazon Linux 2 : docker (ALASNITRO-ENCLAVES-2024-041)

The version of docker installed on the remote host is prior to 25.0.6-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2024-041 advisory. 2025-01-04: CVE-2024-36620 was added to this advisory. 2025-01-04: CVE-2024-36623 was added to this advisory...

CVE-2024-41110: Once Again, Docker Addresses API Vulnerability That Can Bypass Auth Plugins

Summary A significant vulnerability CVE-2024-41110 was recently discovered in Docker Engine version 18.09.1.Although the issue was identified and fixed in 2019, the patch did not apply to other major versions, resulting in regression. The vulnerability was assigned a CVSS score of 10 critical...

CVE-2024-41110: Once Again, Docker Addresses API Vulnerability That Can Bypass Auth Plugins

Summary A significant vulnerability CVE-2024-41110 was recently discovered in Docker Engine version 18.09.1.Although the issue was identified and fixed in 2019, the patch did not apply to other major versions, resulting in regression. The vulnerability was assigned a CVSS score of 10 critical...

Exploit for Improper Input Validation in Apache Superset

CVE-2024-34693 Exploit This repository contains a sophisticat...

pREST vulnerable to jwt bypass + sql injection

Summary Probably jwt bypass + sql injection or what i'm doing wrong? PoC how to reproduce 1. Create following files: docker-compose.yml: services: postgres: image: postgres containername: postgrescontainermre environment: POSTGRESUSER: testuserpg POSTGRESPASSWORD: testpasspg POSTGRESDB: testdb...

GHSA-WM25-J4GW-6VR3 pREST vulnerable to jwt bypass + sql injection

Summary Probably jwt bypass + sql injection or what i'm doing wrong? PoC how to reproduce 1. Create following files: docker-compose.yml: services: postgres: image: postgres containername: postgrescontainermre environment: POSTGRESUSER: testuserpg POSTGRESPASSWORD: testpasspg POSTGRESDB: testdb...

Authz zero length regression

A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being exploited is low. This advisory outlines the issue, identifies the affected versions...

GHSA-V23V-6JW2-98FQ Authz zero length regression

A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being exploited is low. This advisory outlines the issue, identifies the affected versions...

Important: docker

Issue Overview: The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

Important: docker

Issue Overview: The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...