Amazon Linux 2022 : docker (ALAS2022-2022-237)

The version of docker installed on the remote host is prior to 20.10.17-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-237 advisory. - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby...

Improper Control of Generation of Code ('Code Injection')

Akeneo PIM is an open source Product Information Management PIM. Akeneo PIM Community Edition versions before v5.0.119 and v6.0.53 allows remote authenticated users to execute arbitrary PHP code on the server by uploading a crafted image. Akeneo PIM Community Edition after the versions...

Exploit for Code Injection in Apache Commons_Text

Text4shell-exploit This is a Proof of Concept exploiting the v...

Exploit for Path Traversal in Apache Http_Server

Exploit for Apache2 Exploit for path transversal vulnerabilit...

Snyk plugins vulnerable to Command Injection

The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin...

Dell PowerPath Management Appliance has an unspecified vulnerability

Dell PowerPath Management Appliance is a PowerPath host management application from Dell USA that offers two models: a virtual machine-based appliance and a Docker containerized appliance.Dell PowerPath Management Appliance has a security vulnerability for which no information is available...

Moderate: buildah security and bug fix update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

CVE-2022-45385

CVE-2022-45385 concerns a missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin (versions 2.6.2 and earlier). The flaw allows unauthenticated users to trigger builds for attacker-specified repositories via webhook endpoints. Multiple connected advisories confirm th...

CVE-2022-0324 Buffer Overflow in Dhcp6relay in Software for Open Networking in the Cloud (SONiC)

There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp...

CVE-2022-0324

CVE-2022-0324 describes a buffer overflow in the DHCPv6 packet parsing code within dhcp6relay. The connected documents specify that a remote attacker could craft a DHCPv6 packet to trigger an out-of-bounds memcpy write, causing dhcp6relay to crash and potentially shutdown the related DHCP relay d...

Fedora: Security Advisory for golang-github-distribution-3 (FEDORA-2022-741325e9a0)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for moby-engine (FEDORA-2022-2c33bba286)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 37 Update: golang-github-distribution-3-3.0.0-0.1.pre1.20221009git0122d7d.fc37

The Docker toolset to pack, ship, store, and deliver content. This repository's main product is the Docker Registry 2.0 implementation for storing and distributing Docker images. It supersedes the docker/docker-regis try project with a new API design, focused around security and performance...

[SECURITY] Fedora 37 Update: moby-engine-20.10.20-1.fc37

Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between - and they don'...

CVE-2022-43679

The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusteddomains config useless. This could be abused to spoof the URL in password-reset e-mail messages...

Design/Logic Flaw

The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusteddomains config useless. This could be abused to spoof the URL in password-reset e-mail messages...

NGWAF - First Iteration Of ML Based Feedback WAF

The Motivation | What is the N3XT ST3P? With the explosive growth of web applications since the early 2000s, web-based attacks have progressively become more rampant. One common solution is the Web Application Firewall WAF. However, tweaking rules of current WAFs to improve the detection mechanis...

CVE-2022-43679

The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusteddomains config useless. This could be abused to spoof the URL in password-reset e-mail messages...

Docker Daemon API Remote Code Execution

A remote code execution vulnerability exists in Docker. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Security Bulletin: IBM Security Verify Access is vulnerable to execute arbitrary code due to jsr-sasign component. [CVE-2022-25898]

Summary jsr-sasign is used by IBM Security Verify Access product. This has been fixed by updating the version used by IBM Security Verify Access. CVE-2022-25898 Vulnerability Details CVEID:CVE-2022-25898 DESCRIPTION: Node.js jsrsasign module could allow a remote attacker to execute arbitrary code...