CVE-2024-23651 vulnerabilities

Vulnerabilities for packages: conftest, skaffold, datadog-agent, buildkitd, guac, trivy, scorecard, kaniko, docker, kubescape, zot...

CVE-2024-23650 vulnerabilities

Vulnerabilities for packages: conftest, datadog-agent-fips, skaffold, datadog-agent, buildkitd, conftest-fips, guac, trivy, scorecard, kaniko, docker, kubescape, zot...

CVE-2024-21626 vulnerabilities

Vulnerabilities for packages: newrelic-infrastructure-agent, buildkitd, kubescape, wolfictl, cadvisor, skaffold, kubernetes, skopeo, runc, nerdctl, k9s, syft, datadog-agent, k3d, kots, podman, trivy, ctop, zarf, k3s, kaniko, docker, grype, zot...

CVE-2024-21626 vulnerabilities

Vulnerabilities for packages: newrelic-infrastructure-agent, buildkitd, kubescape, datadog-agent-fips, wolfictl, cadvisor, skaffold, kubernetes, skopeo, runc, nerdctl, kubernetes-fips, k9s, syft, datadog-agent, k3d, kots, podman, trivy, ctop, zarf, k3s, kaniko, docker, grype, zot...

CVE-2024-23650 vulnerabilities

Vulnerabilities for packages: conftest, skaffold, datadog-agent, buildkitd, guac, trivy, scorecard, kaniko, docker, kubescape, zot...

RunC Flaws Enable Container Escapes, Granting Attackers Host Access

Multiple security vulnerabilities have been disclosed in the runC command line tool that could be exploited by threat actors to escape the bounds of the container and stage follow-on attacks. The vulnerabilities, tracked as CVE-2024-21626, CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653, have...

CVE-2024-21653

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not expose...

Authentication flaw

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not expose...

PYSEC-2024-33

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not expose...

PYSEC-2024-34

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not expose...

CVE-2024-21653 vantage6 insecure SSH configuration for node and server containers

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not expose...

CVE-2024-21653 vantage6 insecure SSH configuration for node and server containers

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not expose...

CVE-2024-21653 vantage6 insecure SSH configuration for node and server containers

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not expose...

Exploit for Path Traversal in Jenkins

CVE-2024-23897 CVE-2024-23897 - Arbitrary file read vulne...

CVE-2024-23055

An issue in Plone Docker Official Image 5.2.13 5221 open-source software allows for remote code execution via improper validation of input by the HOST headers...

Internet Bug Bounty: Denial of Service caused by HTTP/2 CONTINUATION Flood

A denial of service vulnerability was discovered in Apache Tomcat versions 11.0.0-M1 to 11.0.0-M16, 10.1.0-M1 to 10.1.18, 9.0.0-M1 to 9.0.85, and 8.5.0 to 8.5.98. The vulnerability was caused by the way Tomcat processed HTTP/2 requests that exceeded configured limits for headers. A fix was releas...

PT-2024-1348

Name of the Vulnerable Software and Affected Versions Plone Docker Official Image version 5.2.13 5221 Description The issue allows for remote code execution via improper validation of input by the HOST headers. This can be exploited by an attacker to execute arbitrary code by injecting code into...

PT-2024-1629 · Plone · Plone

Name of the Vulnerable Software and Affected Versions: Plone Docker version 5.2.13 5221 Description: The issue is related to the absence of a mechanism to prevent unintended changes to resources when processing requests. This allows unauthenticated attackers to execute dangerous actions, such as...

CVE-2024-23055

Plone Docker Official Image 5.2.13 (5221) is vulnerable to Host Header Injection due to improper validation of input by the HOST headers. The Nuclei template describes this issue as enabling Cross-Site Scripting when a malicious Host header is reflected in the response, with the broader impact no...

The vulnerability of the software protection tool for accessing applications in Docker environments. IBM Security Verify Access Docker, a access management system from IBM Security Verify Access, which involves storing passwords in a reversible format. This allows attackers to exploit the protected information.

The vulnerability of the Docker-based application access control software, IBM Security Verify Access, lies in its password storage mechanism. Exploiting this vulnerability could allow attackers to disclose the protected information...