9270 matches found
Docker Security Vulnerabilities
Docker is an open source application container engine from the American company Docker. The product supports the creation of a container lightweight virtual machine and the deployment and running of applications on Linux systems, as well as the automated installation, deployment, and upgrading of...
Amazon Linux AMI : docker (ALAS-2023-1881)
The version of docker installed on the remote host is prior to 20.10.13-3. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1881 advisory. http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Tenable has extracted the preceding description block...
Important: docker
Issue Overview: http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Affected Packages: docker Issue Correction: Run yum update docker or yum update --advisory ALAS-2023-1881 to update your system. New Packages: src: docker-20.10.13-3.amzn1.src x8664: ...
Amazon Linux 2 : docker (ALASECS-2023-019)
The version of docker installed on the remote host is prior to 20.10.25-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2023-019 advisory. http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Templates did not properly consider backticks...
Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File
Description The laters version of Kimai is found to be vulnerable to a critical Server-Side Template Injection SSTI which can be escalated to Remote Code Execution RCE. The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the software's PDF and HTML...
GHSA-FJHG-96CP-6FCW Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File
Description The laters version of Kimai is found to be vulnerable to a critical Server-Side Template Injection SSTI which can be escalated to Remote Code Execution RCE. The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the software's PDF and HTML...
EleKtra-Leak Cryptojacking Attacks Exploit AWS IAM Credentials Exposed on GitHub
A new ongoing campaign dubbed EleKtra-Leak has set its eyes on exposed Amazon Web Service AWS identity and access management IAM credentials within public GitHub repositories to facilitate cryptojacking activities. "As a result of this, the threat actor associated with the campaign was able to...
Exploit for CVE-2023-38646
CVE-2023-38646 Python script to exploit CVE-2023-38646 Metabas...
Exploit for CVE-2023-38646
CVE-2023-38646 Python script to exploit CVE-2023-38646 Metabas...
Amazon Linux 2023 : docker (ALAS2023-2023-397)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-397 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
Important: docker
Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 Affected Packages: docker Issue Correction: Run dnf update docker...
Credential Hijacking
github.com/artifacthub/hub is vulnerable to Credential Hijacking. This vulnerability exists in the registryIsDockerHub function in oci.go because it does not properly check the domain registry in docker hub, which allows an attacker to deploy a fake OCI registry on a domain ending with docker.io,...
Ubuntu 16.04 ESM : runC vulnerabilities (USN-4867-1)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4867-1 advisory. It was discovered that runC incorrectly checked mount targets. An attacker with a malicious container image could possibly mount over the /proc directory...
Amazon Linux 2 : docker (ALASNITRO-ENCLAVES-2023-030)
The version of docker installed on the remote host is prior to 20.10.25-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2023-030 advisory. http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Templates did not properly conside...
Amazon Linux 2 : docker (ALASECS-2023-013)
The version of docker installed on the remote host is prior to 20.10.22-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2023-013 advisory. A flaw was found in Moby. This flaw allows an attacker to bypass primary group restrictions due to a flaw in the...
Amazon Linux 2 : docker (ALASDOCKER-2023-031)
The version of docker installed on the remote host is prior to 20.10.25-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2023-031 advisory. 2025-03-03: CVE-2023-29409 was added to this advisory. 2024-05-09: CVE-2022-41723 was added to this advisory...
Amazon Linux 2 : docker (ALASECS-2023-015)
The version of docker installed on the remote host is prior to 20.10.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2023-015 advisory. A flaw was found in the userns-remap feature of Docker. The root user in the remapped namespace can modify files under...
Design/Logic Flaw
Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which the registryIsDockerHub function was only checking that the...
CVE-2023-45821 Incorrect Docker Hub registry check in Artifact Hub
Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which the registryIsDockerHub function was only checking that the...
CVE-2023-45821 Incorrect Docker Hub registry check in Artifact Hub
Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which the registryIsDockerHub function was only checking that the...