9264 matches found
SUSE SLES15: libopenvswitch-2_13-0 / libovn-20_03-0 / openvswitch / etc (SUSE-SU-2024:0526-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0526-1 advisory. - CVE-2024-22563: Fixed memory leak via the function xmalloc in /lib/util.c bsc1219059. Tenable has extracted the preceding description bloc...
Low: containerd
Issue Overview: Containerd is not affected by CVE-2023-39325. While it contains the affected module, it does not use it in a way that exposes users to CVE-2023-39325. Affected Packages: containerd Note: This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more...
The vulnerability of the software protection tool for accessing applications in Docker environments. IBM Security Verify Access Docker, a access control system from IBM Security Verify Access, has a flaw related to improper restrictions on XML links to external objects. This allows attackers to carry out XXE attacks.
The vulnerability of the Docker-based application access control software, IBM Security Verify Access, lies in the improper restriction on XML links to external objects. Exploiting this vulnerability allows a malicious actor to perform XXE attacks remotely...
OSV-2024-117 Security exception in com.spotify.docker.client.shaded.com.fasterxml.jackson.databind.util.TokenBuffer
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66745 Crash type: Security exception Crash state: com.spotify.docker.client.shaded.com.fasterxml.jackson.databind.util.TokenBuffer java.base/java.nio.charset.CharsetEncoder. java.base/sun.nio.cs.CESU8$Encoder...
FreeBSD : gitea -- Prevent anonymous container access (bd7592a1-cbfd-11ee-a42a-5404a6f3ca32)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the bd7592a1-cbfd-11ee-a42a-5404a6f3ca32 advisory. - Even with RequireSignInView enabled, anonymous users can use docker pull to fetch public images...
WEB-Wordlist-Generator - Creates Related Wordlists After Scanning Your Web Applications
WEB-Wordlist-Generator scans your web applications and creates related wordlists to take preliminary countermeasures against cyber attacks. Done x Scan Static Files. Scan Metadata Of Public Documents pdf,doc,xls,ppt,docx,pptx,xlsx etc. Create a New Associated Wordlist with the Wordlist Given as a...
The vulnerability of the official interface for developing container applications in Plone Docker allows a hacker to gain access to modify or delete files.
The vulnerability of the official Plone Docker image for container applications lies in the absence of a mechanism to prevent unintended modifications to resources during request processing. Exploiting this vulnerability could allow an attacker to gain access to modify or delete files using PUT a...
CVE-2024-1355
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of this vulnerability...
Command injection
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of this vulnerability...
CVE-2024-1355 Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of this vulnerability...
CVE-2024-1355
CVE-2024-1355 describes a command injection in GitHub Enterprise Server. An attacker with the Management Console editor role could exploit the actions-console docker container to gain admin SSH access to the appliance by manipulating a service URL. Exploitation required access to the GitHub Enter...
Security Bulletin: Multiple Security Vulnerabilities were identified in IBM Security Verify Access
Summary There were multiple Security Vulnerabilities that were reported against IBM Security Verify Access. These have been addressed in IBM Security Verify Access updates. Vulnerability Details CVEID:CVE-2023-31003 DESCRIPTION: IBM Security Access Manager Container IBM Security Verify Access...
Metasploit Weekly Wrap-Up 02/09/2024
Go go gadget Fortra GoAnywhere MFT Module This Metasploit release contains a module for one of 2024's hottest vulnerabilities to date: CVE-2024-0204. The path traversal vulnerability in Fortra GoAnywhere MFT allows for unauthenticated attackers to access the InitialAccountSetup.xhtml endpoint whi...
Docker Desktop < 4.27.1 Multiple Vulnerabilities
The version of Docker Desktop for Windows is prior to 4.27.1. It is therefore affected by multiple vulnerabilities. - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacke...
Docker Desktop < 4.27.1 Multiple Vulnerabilities
The version of Docker Desktop for Linux is prior to 4.27.1. It is therefore affected by multiple vulnerabilities. - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker...
Docker Desktop < 4.27.1 Multiple Vulnerabilities
The version of Docker Desktop for Mac is prior to 4.27.1. It is therefore affected by multiple vulnerabilities. - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker...
CVE-2024-23756
The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 5221, allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them...
CVE-2024-23756
The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 5221, allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them...
Design/Logic Flaw
The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 5221, allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them...
Exploit for Code Injection in Apache Commons_Text
Install maven - maven-linuxhttps://www.digitalocean.com/c...