9263 matches found
Vulnerabilities fixed in several Docker tools
Vulnerabilities have been fixed in Docker Moby, Docker desktop, runc and buildkit. A malicious party could exploit the vulnerabilities through a rogue docker image to gain elevated privileges within the environment and thus gain access to sensitive data or execute arbitrary code on the host where...
PT-2024-12252 · Ibm · Ibm Security Verify Access Appliance +1
Name of the Vulnerable Software and Affected Versions: IBM Security Verify Access Appliance versions 10.0.0.0 through 10.0.6.1 IBM Security Verify Access Docker versions 10.0.0.0 through 10.0.6.1 Description: The issue could allow an attacker to cause a denial of service due to uncontrolled...
PT-2024-1725 · Ibm · Ibm Security Verify Access Appliance +1
Name of the Vulnerable Software and Affected Versions: IBM Security Verify Access Appliance versions 10.0.0.0 through 10.0.6.1 IBM Security Verify Access Docker versions 10.0.0.0 through 10.0.6.1 Description: The issue is related to the incorrect restriction of XML external entity references in t...
CVE-2024-24756
Crafatar serves Minecraft avatars based on the skin for use in external applications. Files outside of the lib/public/ directory can be requested from the server. Instances running behind Cloudflare including crafatar.com are not affected. Instances using the Docker container as shown in the READ...
Directory traversal
Crafatar serves Minecraft avatars based on the skin for use in external applications. Files outside of the lib/public/ directory can be requested from the server. Instances running behind Cloudflare including crafatar.com are not affected. Instances using the Docker container as shown in the READ...
CVE-2024-24756 Crafatar path traversal vulnerability
Crafatar serves Minecraft avatars based on the skin for use in external applications. Files outside of the lib/public/ directory can be requested from the server. Instances running behind Cloudflare including crafatar.com are not affected. Instances using the Docker container as shown in the READ...
CVE-2024-24756 Crafatar path traversal vulnerability
Crafatar serves Minecraft avatars based on the skin for use in external applications. Files outside of the lib/public/ directory can be requested from the server. Instances running behind Cloudflare including crafatar.com are not affected. Instances using the Docker container as shown in the READ...
CVE-2024-24756
CVE-2024-24756 is a path traversal vulnerability in Crafatar. Affected: Crafatar versions prior to 2.1.5, including Docker deployments; Cloudflare-protected or external CDN setups are not affected. The issue allows requesting files outside the lib/public directory from within the container, with ...
CVE-2024-24756 Crafatar path traversal vulnerability
Crafatar serves Minecraft avatars based on the skin for use in external applications. Files outside of the lib/public/ directory can be requested from the server. Instances running behind Cloudflare including crafatar.com are not affected. Instances using the Docker container as shown in the READ...
Classic builder cache poisoning
The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions most important being HEALTHCHECK and ONBUILD would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache...
GHSA-XW73-RW38-6VJC vulnerabilities
Vulnerabilities for packages: flux, kubescape, policy-controller, cosign, policy-controller-fips, helm-operator, helm, datadog-agent, gitsign, cert-manager, cri-tools, argo-workflows-fips, goreleaser, k8sgpt, datadog-agent-fips, flux-image-reflector-controller, slsa-verifier, vexctl, loki, ko-fip...
Minio unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation
Summary When someone creates an access key, it inherits the permissions of the parent key. Not only for s3: actions, but also admin: actions. Which means unless somewhere above in the access-key hierarchy, the admin rights are denied, access keys will be able to simply override their own s3...
CVE-2024-24557
Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions most important being HEALTHCHECK and ONBUILD would not cause a cache miss. An...
CVE-2024-24557 vulnerabilities
Vulnerabilities for packages: flux, kubescape, policy-controller, cosign, policy-controller-fips, helm-operator, helm, datadog-agent, gitsign, cert-manager, cri-tools, argo-workflows-fips, goreleaser, k8sgpt, datadog-agent-fips, flux-image-reflector-controller, slsa-verifier, vexctl, loki, ko-fip...
Design/Logic Flaw
Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions most important being HEALTHCHECK and ONBUILD would not cause a cache miss. An...
UBUNTU-CVE-2024-24557
Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions most important being HEALTHCHECK and ONBUILD would not cause a cache miss. An...
CVE-2024-24557
Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions most important being HEALTHCHECK and ONBUILD would not cause a cache miss. An...
Security Bulletin: IBM Edge Application Manager 4.5.4 addresses the security vulnerabilities listed in the CVEs below.
Summary IBM Edge Application Manager 4.5.4 addresses the security vulnerabilities listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: OpenSSH is vulnerable to a machine-in-the-middle attack, caused by a flaw in the extension negotiation process in the SSH transport...
CVE-2024-24557 Moby classic builder cache poisoning
Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions most important being HEALTHCHECK and ONBUILD would not cause a cache miss. An...
CVE-2024-24557
CVE-2024-24557 affects Moby/Docker’s classic builder cache. The risk arises when building from scratch: HEALTHCHECK and ONBUILD changes may not trigger a cache miss, enabling cache poisoning if an attacker knows the Dockerfile. Impact varies by Buildkit usage: 23.0 and earlier are broadly affecte...