EulerOS 2.0 SP9 : docker-runc (EulerOS-SA-2024-1483)

According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an...

Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2024-1483)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Security Verify Directory products are vulnerable to CVE-2022-32751

Summary A Security Vulnerability discovered by the IBM Ethical Hacking team has been fixed in IBM Security Directory products. Vulnerability Details CVEID:CVE-2022-32751 DESCRIPTION: IBM Security Verify Directory 10.0.0 could disclose sensitive server information that could be used in further...

Attackgen - Cybersecurity Incident Response Testing Tool That Leverages The Power Of Large Language Models And The Comprehensive MITRE ATT&CK Framework

AttackGen is a cybersecurity incident response testing tool that leverages the power of large language models and the comprehensive MITRE ATT&CK framework. The tool generates tailored incident response scenarios based on user-selected threat actor groups and your organisation's details. Star the...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: nri-rabbitmq, prometheus-operator, secrets-store-csi-driver-provider-azure, memcached-exporter, secrets-store-csi-driver, external-dns, tempo, bank-vaults, helm, hubble, grafana-operator, nri-nagios, chartmuseum, crossplane-provider-aws-dynamodb, eksctl, gcsfuse,...

AZL-38569 CVE-2023-45288 affecting package docker-compose for versions less than 2.27.0-1

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

AZL-38260 CVE-2023-45288 affecting package docker-buildx for versions less than 0.14.0-1

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

AZL-38338 CVE-2023-45288 affecting package docker-cli for versions less than 25.0.7-1

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

CVE-2024-31204

CVE-2024-31204 affects mailcow: dockerized prior to 2024-04. The issue is in the exception handling path when DEV_MODE is disabled: exception details are stored in a session array without proper sanitization and later rendered into HTML/JavaScript without escaping, enabling Cross-Site Scripting (...

SUSE-SU-2024:0586-2 Security update for docker

This update for docker fixes the following issues: Vendor latest buildkit v0.11 including bugfixes for the following: CVE-2024-23653: BuildKit API doesn't validate entitlement on container creation bsc1219438. CVE-2024-23652: Fixed arbitrary deletion of files bsc1219268. CVE-2024-23651: Fixed rac...

Security Bulletin: IBM Security Verify Access is vulnerable to a specially crafted HTTP request

Summary IBM Security Verify Access Appliance/Container and IBM Application Gateway are vulnerable to information disclosure or denial of service due to a specially crafted HTTP request. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details...

Exploit for Use After Free in Linux Linux_Kernel

https://github.com/Notselwyn/CVE-2024-1086 usage docker...

[SECURITY] Fedora 38 Update: podman-4.9.4-1.fc38

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

[SECURITY] Fedora 39 Update: podman-4.9.4-1.fc39

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

Exploit for Embedded Malicious Code in Tukaani Xz

xzk8s !Docker Pulls xzk8shttps://img.shields.io/docker/pul...

Drozer - The Leading Security Assessment Framework For Android

drozer formerly Mercury is the leading security testing framework for Android. drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps' IPC endpoints and the underlying OS. drozer provides tools to...

Exploit for Embedded Malicious Code in Tukaani Xz

CVE-2024-3094 Malicious code was discovered in the upstream ta...

Security Bulletin: Multiple Security Vulnerabilities have been fixed in the IBM Directory Server and IBM Directory Suite products (CVE-2022-22473. CVE-2021-38951)

Summary Multiple Security Vulnerabilities in the IBM WebSphere Application Server product as shipped with the IBM Directory Server and IBM Directory Suite products have been fixed. Vulnerability Details CVEID:CVE-2022-22473 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 coul...

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Docker Registry, OpenSSH and go-git

Summary go-git and DockerRegistry are consumed through OSE packages. OSE package is shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2017-11468 DESCRIPTION: Docker...

Security Bulletin: Security Vulnerabilities discovered in IBM Security Verify Access.

Summary IBM Security Verify Access could disclose sensitive information in the snapshot file due to reuse of encryption keys. Vulnerability Details CVEID:CVE-2024-25027 DESCRIPTION: IBM Security Verify Access could disclose sensitive snapshot information due to missing encryption. CVSS Base score...