Traefik docker container using 100% CPU

Summary The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration. Details While attempting to set up Traefik to handle traffic for Docker containers, I observed in the...

GHSA-FVHJ-4QFH-Q2HM Traefik incorrectly processes fragment in the URL, leads to Authorization Bypass

Summary When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates the RFC because in the origin-form the URL should only contain the absolute path and the query. When this is combined with another fronte...

Denial Of Service (DoS)

github.com/traefik/traefik is vulnerable to is vulnerable to Denial Of Service DoS. The vulnerability exists due to improper default route configuration when traefik is ran using docker, allowing an attacker to crash the application if they know the name of the running container...

CVE-2023-47633 Uncontrolled Resource Consumption in Traefik

Traefik is an open source HTTP reverse proxy and load balancer. The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration. This issue has been addressed in versions...

October CMS 3.4.0 Author Cross Site Scripting

OctoberCMS v3.4.0 Author Stored Cross-Site Scripting Vulnerability Vendor: October CMS Product web page: https://www.octobercms.com Affected version: 3.4.0 Summary: OctoberCMS is a self-hosted content management system CMS based on the PHP programming language and Laravel web application framewor...

October CMS 3.4.0 Wiki Article Cross Site Scripting

OctoberCMS v3.4.0 Wikiarticle Stored Cross-Site Scripting Vulnerability Vendor: October CMS Product web page: https://www.octobercms.com Affected version: 3.4.0 Summary: OctoberCMS is a self-hosted content management system CMS based on the PHP programming language and Laravel web application...

October CMS 3.4.0 About Cross Site Scripting

OctoberCMS v3.4.0 About Stored Cross-Site Scripting Vulnerability Vendor: October CMS Product web page: https://www.octobercms.com Affected version: 3.4.0 Summary: OctoberCMS is a self-hosted content management system CMS based on the PHP programming language and Laravel web application framework...

OctoberCMS v3.4.0 (Wiki_article) Stored Cross-Site Scripting Vulnerability

Summary OctoberCMS is a self-hosted content management system CMS based on the PHP programming language and Laravel web application framework. It supports MySQL, SQLite and PostgreSQL for the database back end and uses a flat file database for the front end structure. The October CMS covers a ran...

OctoberCMS v3.4.0 (Author) Stored Cross-Site Scripting Vulnerability

Summary OctoberCMS is a self-hosted content management system CMS based on the PHP programming language and Laravel web application framework. It supports MySQL, SQLite and PostgreSQL for the database back end and uses a flat file database for the front end structure. The October CMS covers a ran...

SUSE SLES12 Security Update : containerd, docker, runc (SUSE-SU-2023:4625-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4625-1 advisory. - A potential vulnerability in the AMD extension to Linux hwmon service may allow an attacker to use the Linux-based Running Averag...

CVE-2023-49103 - Critical Information Disclosure in ownCloud Graph API

Rapid7 is responding to CVE-2023-49103, an unauthenticated information disclosure vulnerability impacting ownCloud. Background ownCloud is a file sharing platform designed for enterprise environments. On November 21, 2023, ownCloud disclosed CVE-2023-49103, an unauthenticated information disclosu...

Exploit for Improper Access Control in Joomla Joomla\!

Joomla-CVE-2023-23752 This Python implementation serves an edu...

CVE-2023-49077

CVE-2023-49077 affects Mailcow: dockerized. A Cross-Site Scripting (XSS) vulnerability exists in the Quarantine UI, whereby an attacker could leverage a crafted email to execute malicious JavaScript in an administrator’s browser. The issue is documented across multiple sources and has been patche...

Mageia: Security Advisory (MGASA-2023-0329)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated docker packages fix security vulnerabilities and bugs

This update fixes several security issues and also solves some other issues - manage change of launch option earlier in post process - Automatically convert -g option to --data-root in installed /etc/sysconfig/docker-storage - Fix CVE-2023-26054 and CVE-2023-28840-2...

etcd-browser 87ae63d75260 Directory Traversal

An issue was discovered in server.js in etcd-browser 87ae63d75260. By supplying a /../../../ Directory Traversal input to the URL's GET request while connecting to the remote server port specified during setup, an attacker can retrieve local operating system files from the remote system...

etcd-browser 87ae63d75260 Directory Traversal Vulnerability

An issue was discovered in server.js in etcd-browser 87ae63d75260. By supplying a /../../../ Directory Traversal input to the URL's GET request while connecting to the remote server port specified during setup, an attacker can retrieve local operating system files from the remote system...

Iac-Scan-Runner - Service That Scans Your Infrastructure As Code For Common Vulnerabilities

Service that scans your Infrastructure as Code for common vulnerabilities. Aspect | Information ---|--- Tool name | IaC Scan Runner Docker image | xscanner/runner PyPI package | iac-scan-runner Documentation | docs Contact us | [email protected] Purpose and description The IaC Scan Runner is...

News & Blog Designer Pack – WordPress Blog Plugin < 3.4.2 - Unauthenticated Remote Code Execution via Local File Inclusion

Description The News & Blog Designer Pack – WordPress Blog Plugin — Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry plugin for WordPress is vulnerable to Remote Code Execution via Local File Inclusion in all versions up to, and including, 3.4.1 via the...

Remote code execution

The News & Blog Designer Pack – WordPress Blog Plugin — Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry plugin for WordPress is vulnerable to Remote Code Execution via Local File Inclusion in all versions up to, and including, 3.4.1 via the bdpgetmorepost...