9248 matches found
GHSA-7GJR-HCC3-XFR4 Improper line feed handling in zenml
A denial of service DoS vulnerability exists in zenml-io/zenml version 0.56.3 due to improper handling of line feed \n characters in component names. When a low-privileged user adds a component through the API endpoint api/v1/workspaces/default/components with a name containing a \n character, it...
CVE-2024-4460
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2024-4460
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2024-4460
CVE-2024-4460: ZenML prior to v0.57.1 is affected by a DoS due to improper handling of newline characters in component names when adding components via API (api/v1/workspaces/default/components). This can cause uncontrolled resource consumption and prevent adding components or registering stacks;...
CVE-2024-4460
...
CVE-2024-4460
...
Important: docker
Issue Overview: A file permissions vulnerability was found in Moby Docker Engine. Copying files by using into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, which might lead to permissions escalation and allow an attacker acce...
CVE-2020-27352
When generating the systemd service units for the docker snap and other similar snaps, snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading syst...
CVE-2020-27352
The CVE-2020-27352 issue affects snapd (e.g., the docker snap and similar snaps) where the systemd service units for these snaps are generated without setting Delegate=yes. This omission allows systemd to move processes from containers managed by the snap into the cgroup of the snap’s main daemon...
CVE-2020-27352
When generating the systemd service units for the docker snap and other similar snaps, snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading syst...
CVE-2020-27352
When generating the systemd service units for the docker snap and other similar snaps, snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading syst...
CVE-2020-27352
When generating the systemd service units for the docker snap and other similar snaps, snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading syst...
Extrude - Analyse Binaries For Missing Security Features, Information Disclosure And More...
Analyse binaries for missing security features, information disclosure and more. Extrude is in the early stages of development, and currently only supports ELF and MachO binaries. PE Windows binaries will be supported soon. Usage Usage: extrude flags file Flags: -a, --all Show details of all test...
New Malware Targets Exposed Docker APIs for Cryptocurrency Mining
Cybersecurity researchers have uncovered a new malware campaign that targets publicly exposed Docket API endpoints with the aim of delivering cryptocurrency miners and other payloads. Included among the tools deployed is a remote access tool that's capable of downloading and executing more...
GHSA-34JH-P97F-MPXF vulnerabilities
Vulnerabilities for packages: py3-urllib3, kubeflow-pipelines, datadog-agent, mlflow, kubeflow-jupyter-web-app, ggshield, dask-gateway, reflex, airflow, kubeflow-katib, checkov, superset, kubeflow-pipelines-visualization-server, confluent-docker-utils, k8s-sidecar, kubeflow-volumes-web-app,...
CVE-2024-37891 vulnerabilities
Vulnerabilities for packages: py3-urllib3, kubeflow-pipelines, datadog-agent, mlflow, kubeflow-jupyter-web-app, ggshield, dask-gateway, reflex, airflow, kubeflow-katib, checkov, superset, kubeflow-pipelines-visualization-server, confluent-docker-utils, k8s-sidecar, kubeflow-volumes-web-app,...
Exploit for Code Injection in Iterm2
CVE-2024-38396 and CVE-2024-38395 This PoC can e used either...
OPENSUSE-SU-2024:12876-1 docker-compose-2.17.3-1.1 on GA media
These are all security issues fixed in the docker-compose-2.17.3-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:11647-1 docker-20.10.11_ce-1.1 on GA media
These are all security issues fixed in the docker-20.10.11ce-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:13689-1 docker-24.0.7_ce-3.1 on GA media
These are all security issues fixed in the docker-24.0.7ce-3.1 package on the GA media of openSUSE Tumbleweed...