CVE-2023-49103

An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information...

CureIAM - Clean Accounts Over Permissions In GCP Infra At Scale

Clean up of over permissioned IAM accounts on GCP infra in an automated way CureIAM is an easy-to-use, reliable, and performant engine for Least Privilege Principle Enforcement on GCP cloud infra. It enables DevOps and Security team to quickly clean up accounts in GCP infra that have granted...

Exploit for Incorrect Comparison in Dynamic-Linq Linq

Dynamic Linq injection to RCE - CVE-2023-32571 About Dynami...

Amazon Linux 2 : docker (ALASECS-2023-025)

The version of docker installed on the remote host is prior to 20.10.7-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2023-025 advisory. The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI...

GHSA-8PGV-569H-W5RW vulnerabilities

Vulnerabilities for packages: metrics-server, kubevela, temporal, buildkitd, temporal-server, kubernetes, kubescape, k3s, volume-modifier-for-k8s, cri-tools, kubernetes-csi-external-resizer, kine, envoy-ratelimit, docker-compose...

NewStart CGSL MAIN 6.06 : neod Multiple Vulnerabilities (NS-SA-2023-0142)

The remote NewStart CGSL host, running version MAIN 6.06, has neod packages installed that are affected by multiple vulnerabilities: - runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectl...

Moderate: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

Fedora 39 : moby-engine (2023-b9c1d0e4c5)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-b9c1d0e4c5 advisory. - Update moby-engine to 24.0.5 - Security fix for CVE-2021-41803 - Security fix for CVE-2023-28842 - Security fix for CVE-2023-28841 - Security fix...

Important: docker

Issue Overview: http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Affected Packages: docker Issue Correction: Run yum update docker or yum update --advisory ALAS-2023-1881 to update your system. New Packages: src: docker-20.10.13-3.amzn1.src x8664: ...

Amazon Linux AMI : docker (ALAS-2023-1881)

The version of docker installed on the remote host is prior to 20.10.13-3. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1881 advisory. http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Tenable has extracted the preceding description block...

Amazon Linux 2 : docker (ALASECS-2023-019)

The version of docker installed on the remote host is prior to 20.10.25-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2023-019 advisory. http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Templates did not properly consider backticks...

GHSA-FJHG-96CP-6FCW Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File

Description The laters version of Kimai is found to be vulnerable to a critical Server-Side Template Injection SSTI which can be escalated to Remote Code Execution RCE. The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the software's PDF and HTML...

Amazon Linux 2023 : docker (ALAS2023-2023-397)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-397 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

Ubuntu 16.04 ESM : runC vulnerabilities (USN-4867-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4867-1 advisory. It was discovered that runC incorrectly checked mount targets. An attacker with a malicious container image could possibly mount over the /proc directory...

Amazon Linux 2 : docker (ALASECS-2023-013)

The version of docker installed on the remote host is prior to 20.10.22-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2023-013 advisory. A flaw was found in Moby. This flaw allows an attacker to bypass primary group restrictions due to a flaw in the...

Amazon Linux 2 : docker (ALASDOCKER-2023-031)

The version of docker installed on the remote host is prior to 20.10.25-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2023-031 advisory. 2025-03-03: CVE-2023-29409 was added to this advisory. 2024-05-09: CVE-2022-41723 was added to this advisory...

Amazon Linux 2 : docker (ALASECS-2023-015)

The version of docker installed on the remote host is prior to 20.10.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2023-015 advisory. A flaw was found in the userns-remap feature of Docker. The root user in the remapped namespace can modify files under...

Amazon Linux 2 : docker (ALASNITRO-ENCLAVES-2023-030)

The version of docker installed on the remote host is prior to 20.10.25-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2023-030 advisory. http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Templates did not properly conside...

Security Bulletin: Remote code execution / denial of service attack is possible in IBM Observability with Instana (Self-hosted on Docker) due to use of Apache Kafka

Summary Apache Kafka is used by IBM Observability with Instana Self-hosted on Docker as part of it's container images. CVE-2023-25194 Vulnerability Details CVEID:CVE-2023-25194 DESCRIPTION: Apache Kafka could allow a remote authenticated attacker to execute arbitrary code on the system, caused by...

Important: docker

Issue Overview: http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Templates did not properly consider backticks as Javascript string delimiters, and as such did not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contained a G...