9255 matches found
GHSA-XCQ4-M2R3-CMRJ Trivy possibly leaks registry credential when scanning images from malicious registries
Impact If a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials for legitimate registries such as AWS Elastic Container Registry ECR, Google Cloud Artifact/Container Registry, or Azure Container Registr...
Trivy possibly leaks registry credential when scanning images from malicious registries
Impact If a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials for legitimate registries such as AWS Elastic Container Registry ECR, Google Cloud Artifact/Container Registry, or Azure Container Registr...
CVE-2024-23653 affecting package docker-buildx for versions less than 0.14.0-1
CVE-2024-23653 affecting package docker-buildx for versions less than 0.14.0-1. An upgraded version of the package is available that resolves this issue...
CVE-2024-24786 affecting package docker-compose for versions less than 2.27.0-1
CVE-2024-24786 affecting package docker-compose for versions less than 2.27.0-1. An upgraded version of the package is available that resolves this issue...
CVE-2024-23653 affecting package docker-compose for versions less than 2.27.0-1
CVE-2024-23653 affecting package docker-compose for versions less than 2.27.0-1. An upgraded version of the package is available that resolves this issue...
CVE-2023-47108 affecting package docker-compose for versions less than 2.27.0-1
CVE-2023-47108 affecting package docker-compose for versions less than 2.27.0-1. An upgraded version of the package is available that resolves this issue...
CVE-2023-45142 affecting package docker-buildx for versions less than 0.14.0-1
CVE-2023-45142 affecting package docker-buildx for versions less than 0.14.0-1. An upgraded version of the package is available that resolves this issue...
CVE-2024-23650 affecting package docker-buildx for versions less than 0.14.0-1
CVE-2024-23650 affecting package docker-buildx for versions less than 0.14.0-1. An upgraded version of the package is available that resolves this issue...
CVE-2023-47108 affecting package docker-buildx for versions less than 0.14.0-1
CVE-2023-47108 affecting package docker-buildx for versions less than 0.14.0-1. An upgraded version of the package is available that resolves this issue...
CVE-2024-24786 affecting package docker-buildx for versions less than 0.14.0-1
CVE-2024-24786 affecting package docker-buildx for versions less than 0.14.0-1. An upgraded version of the package is available that resolves this issue...
CVE-2024-23650 affecting package docker-compose for versions less than 2.27.0-1
CVE-2024-23650 affecting package docker-compose for versions less than 2.27.0-1. An upgraded version of the package is available that resolves this issue...
CVE-2023-48795 affecting package docker-buildx for versions less than 0.14.0-1
CVE-2023-48795 affecting package docker-buildx for versions less than 0.14.0-1. An upgraded version of the package is available that resolves this issue...
CVE-2023-44487 affecting package docker-buildx for versions less than 0.14.0-1
CVE-2023-44487 affecting package docker-buildx for versions less than 0.14.0-1. An upgraded version of the package is available that resolves this issue...
CVE-2023-44487 affecting package docker-compose for versions less than 2.27.0-1
CVE-2023-44487 affecting package docker-compose for versions less than 2.27.0-1. An upgraded version of the package is available that resolves this issue...
CVE-2023-45288 affecting package docker-compose for versions less than 2.27.0-1
CVE-2023-45288 affecting package docker-compose for versions less than 2.27.0-1. An upgraded version of the package is available that resolves this issue...
CVE-2023-45288 affecting package docker-buildx for versions less than 0.14.0-1
CVE-2023-45288 affecting package docker-buildx for versions less than 0.14.0-1. An upgraded version of the package is available that resolves this issue...
Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking
The cryptojacking group known as Kinsing has demonstrated an ability to continuously evolve and adapt, proving to be a persistent threat by swiftly integrating newly disclosed vulnerabilities to the exploit arsenal and expand its botnet. The findings come from cloud security firm Aqua, which...
[SECURITY] Fedora 40 Update: podman-5.0.3-1.fc40
podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...
Exploit for Path Traversal in Jenkins
PoC para explotar la vulnerabilidad CVE-2024-23897 en versiones...
A Bootiful Podcast: Oleg Šelajev, Docker and Testcontainers legend
Hi, Spring and Testcontainers fans! In this interview, I talk to Oleg Šelajev...