9273 matches found
This Week in Spring - November 14th, 2023
Hi, Spring fans! Welcome to another installment of This Week in Spring! It's November 14th, and you know what that means? NINE MORE DAYS until Spring Boot 3.2 drops on the day of the US holiday of Thanksgiving, no less! Some key features include: virtual threads initial CRaC support more...
OracleIV DDoS Botnet Malware Targets Docker Engine API Instances
By Waqas While OracleIV is not a supply chain attack, it highlights the ongoing threat of misconfigured Docker Engine API deployments. This is a post from HackRead.com Read the original post: OracleIV DDoS Botnet Malware Targets Docker Engine API Instances...
Exploit for Injection in Discourse
Table of contents ================= CVE-2023-47119cve...
GHSA-8PGV-569H-W5RW vulnerabilities
Vulnerabilities for packages: kine, kubernetes, volume-modifier-for-k8s, kubevela, temporal-server, kubernetes-csi-external-resizer, k3s, buildkitd, kubescape, temporal, cri-tools, docker-compose, metrics-server, envoy-ratelimit...
The vulnerability of the automation tool for deploying and managing applications in Docker-enabled environments, related to improper permission storage, allows attackers to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the automation tool for deploying and managing applications in Docker-enabled environments is related to improper storage of permissions. Exploiting this vulnerability can allow attackers to access confidential data, compromise its integrity, and cause service failures...
The vulnerability of the replication function of Docker, a tool for automating the deployment and management of applications in containerized environments, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of the replication function of Docker’s containerization and application deployment/management tools is related to improper storage of permissions. Exploiting this vulnerability can allow attackers to access confidential data, compromise its integrity, and cause service failures...
CVE-2023-47108 vulnerabilities
Vulnerabilities for packages: kine, kubernetes, volume-modifier-for-k8s, kubevela, temporal-server, kubernetes-csi-external-resizer, k3s, buildkitd, kubescape, temporal, cri-tools, docker-compose, metrics-server, envoy-ratelimit...
AZL-35434 CVE-2023-47108 affecting package docker-buildx for versions less than 0.14.0-1
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the...
AZL-35440 CVE-2023-47108 affecting package docker-compose for versions less than 2.27.0-1
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the...
[SECURITY] Fedora 39 Update: podman-4.7.2-1.fc39
podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2023-3118)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
NewStart CGSL MAIN 6.06 : neod Multiple Vulnerabilities (NS-SA-2023-0142)
The remote NewStart CGSL host, running version MAIN 6.06, has neod packages installed that are affected by multiple vulnerabilities: - runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectl...
CVE-2023-40453
Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action via escape sequence injection, or might have a data size that causes a denial of service to a bastio...
CVE-2023-40453
Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action via escape sequence injection, or might have a data size that causes a denial of service to a bastio...
CVE-2023-40453
Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action via escape sequence injection, or might have a data size that causes a denial of service to a bastio...
Sql injection
Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action via escape sequence injection, or might have a data size that causes a denial of service to a bastio...
Rocky Linux 8 : container-tools:3.0 (RLSA-2022:1793)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1793 advisory. - A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby Docker Engine where...
Moderate: buildah security update
The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...
Fedora 39 : moby-engine (2023-b9c1d0e4c5)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-b9c1d0e4c5 advisory. - Update moby-engine to 24.0.5 - Security fix for CVE-2021-41803 - Security fix for CVE-2023-28842 - Security fix for CVE-2023-28841 - Security fix...
Rocky Linux 8 : container-tools:3.0 (RLSA-2022:1565)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:1565 advisory. - A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby Docker...