9270 matches found
CVE-2023-45821
Artifact Hub (artifacthub.io) has a vulnerability in the registryIsDockerHub check where the code only inspects the registry domain ending with docker.io, enabling credential hijacking by using a fake OCI registry on a domain that ends with docker.io. The issue affects how Docker credentials used...
CVE-2023-45821 Incorrect Docker Hub registry check in Artifact Hub
Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which the registryIsDockerHub function was only checking that the...
Artifact Hub has Incorrect Docker Hub registry check
Impact During a security audit of Artifact Hub's code base, a security researcher at OffSec identified a bug in which the registryIsDockerHub function was only checking that the registry domain had the docker.io suffix. Artifact Hub allows providing some Docker credentials that are used to increa...
GHSA-G6PQ-X539-7W4J Artifact Hub has Incorrect Docker Hub registry check
Impact During a security audit of Artifact Hub's code base, a security researcher at OffSec identified a bug in which the registryIsDockerHub function was only checking that the registry domain had the docker.io suffix. Artifact Hub allows providing some Docker credentials that are used to increa...
Artifact Hub Security Breach
Artifact Hub is a web-based application that finds, installs, and distributes packages and configurations for CNCF projects. A security vulnerability exists in Artifact Hub, which stems from the "registryIsDockerHub" function only checking if a registry domain has the suffix "docker.io"...
PT-2023-29710 · Unknown · Artifact Hub
Name of the Vulnerable Software and Affected Versions: Artifact Hub versions prior to 1.16.0 Description: A security issue was identified in Artifact Hub's code base where the registryIsDockerHub function only checked if the registry domain had the docker.io suffix. This allowed for the potential...
TinyLab linux-lab Security Vulnerabilities
linux-lab is Tai Xiao Technology tinyclub open source a Docker/Qemu-based Linux kernel learning, development and testing environment. TinyLab linux-lab v1.1-rc1, cloud-labv0.8-rc2, v1.1-rc1 version of the security vulnerability , the vulnerability stems from the application is susceptible to...
Security Bulletin: Remote code execution / denial of service attack is possible in IBM Observability with Instana (Self-hosted on Docker) due to use of Apache Kafka
Summary Apache Kafka is used by IBM Observability with Instana Self-hosted on Docker as part of it's container images. CVE-2023-25194 Vulnerability Details CVEID:CVE-2023-25194 DESCRIPTION: Apache Kafka could allow a remote authenticated attacker to execute arbitrary code on the system, caused by...
Medium: docker
Issue Overview: A flaw was found in Moby. This flaw allows an attacker to bypass primary group restrictions due to a flaw in the supplementary group access setup. CVE-2022-36109 Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permissions. Unauthorized users outside the Docker...
Important: docker
Issue Overview: http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Templates did not properly consider backticks as Javascript string delimiters, and as such did not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contained a G...
Gcp_Scanner - A Comprehensive Scanner For Google Cloud
This is a GCP resource scanner that can help determine what level of access certain credentials possess on GCP. The scanner is designed to help security engineers evaluate the impact of a certain VM/container compromise, GCP service account or OAuth2 token key leak. Currently, the scanner support...
The vulnerability of the Cisco IOx software platform for the Cisco IOS XE operating system allows a hacker to gain access to the basic operating system as a root user.
The vulnerability of the Cisco IOx software platform for the Cisco IOS XE operating system is related to an error in blocking the privileged mode options for Docker containers during application development. Exploiting this vulnerability could allow a malicious actor to gain access to the basic...
Security Bulletin: IBM Security Verify Access OpenID Connect Provider container has fixed multiple vulnerabilities (CVE-2022-43868, CVE-2022-43739, CVE-2022-43740)
Summary Multiple security vulnerabilities have been addressed in the IBM Security Verify Access OpenID Connect OIDC Provider container. Vulnerability Details CVEID:CVE-2022-43868 DESCRIPTION: IBM Security Verify Access OIDC Provider could disclose directory information that could aid attackers in...
Security Bulletin: Postgresql JDBC drivers shipped with IBM Security Verify Access have a vulnerability (CVE-2022-41946)
Summary Postgresql JDBC as shipped with IBM Security Verify Access has addressed a vulnerability that could allow a local authenticated attacker to obtain sensitive information. Vulnerability Details CVEID:CVE-2022-41946 DESCRIPTION: Postgresql JDBC could allow a local authenticated attacker to...
Security Bulletin: Security Vulnerabilities fixed in IBM Security Verify Access (CVE-2022-40303)
Summary A Security Vulnerability in libxml2 as shipped with IBM Security Verify Access has been fixed. Vulnerability Details CVEID:CVE-2022-40303 DESCRIPTION: Gnome libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the XMLPARSEHUGE...
AZL-35437 CVE-2023-45142 affecting package docker-buildx for versions less than 0.14.0-1
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...
Exploit for Out-of-bounds Write in Haxx Libcurl
Quick description This showcases the cURL CVE-2023-38545. It...
Exploit for Uncontrolled Resource Consumption in Ietf Http
CVE-2023-44487 Basic vulnerability scanning to see if web serv...
AZL-35441 CVE-2023-44487 affecting package docker-compose for versions less than 2.27.0-1
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
AZL-35436 CVE-2023-44487 affecting package docker-buildx for versions less than 0.14.0-1
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...