CVE-2014-8178

Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands...

UBUNTU-CVE-2014-8178

Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands...

Command injection

Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands...

CVE-2014-8179

CVE-2014-8179 affects Docker Engine prior to 1.8.3 and CS Docker Engine prior to 1.6.2-CS7. The vulnerability arises from improper validation and extraction of the manifest object from a JSON representation during a pull, enabling an attacker to inject new attributes into a JSON object and bypass...

CVE-2014-8179

Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation...

CVE-2014-8178

Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands...

React Prereleases-Preparing for the Future

By Owais Sultan Recently, React has come up with prerelease channels to update users with the latest changes taking place in the React ecosystem. They spoke about this through a blog published on their React website. React relies on an open-source community to report bugs, open pull requests and...

Fedora 30 : libmp4v2 (2019-1030f4816a)

Fix crash made by the new patches ---- Fix https://nvd.nist.gov/vuln/detail/CVE-2018-14446 https://nvd.nist.gov/vuln/detail/CVE-2018-14403 https://nvd.nist.gov/vuln/detail/CVE-2018-14379 https://nvd.nist.gov/vuln/detail/CVE-2018-14326 https://nvd.nist.gov/vuln/detail/CVE-2018-14325...

GHSA-V7X3-7HW7-PCJG Renovate vulnerable to leakage of temporary repository tokens into Pull Request comments

Impact Temporary repository tokens were leaked into Pull Requests comments in during certain Go Modules update failure scenarios. Patches The problem has been patched. Self-hosted users should upgrade to v19.38.7 or later. Workarounds Disable Go Modules support. References Blog post:...

Renovate vulnerable to leakage of temporary repository tokens into Pull Request comments

Impact Temporary repository tokens were leaked into Pull Requests comments in during certain Go Modules update failure scenarios. Patches The problem has been patched. Self-hosted users should upgrade to v19.38.7 or later. Workarounds Disable Go Modules support. References Blog post:...

Insecure Default

Overview github.com/goharbor/harbor/src/core/api is a cloud native registry project that stores, signs, and scans content. Affected versions of this package are vulnerable to Insecure Default. Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to...

gitea -- information disclosure

The Gitea Team reports: When a comment in an issue or PR mentions a user using @username, the mentioned user receives a mail notification even if they don't have permission to see the originating repository...

RUSTSEC-2019-0013 Wrong memory orderings in RwLock potentially violates mutual exclusion

Wrong memory orderings inside the RwLock implementation allow for two writers to acquire the lock at the same time. The drop implementation used Ordering::Relaxed, which allows the compiler or CPU to reorder a mutable access on the locked data after the lock has been yielded. Only users of the...

Information Disclosure

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.51. See the following advisory for the container...

Session Fixation

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.51. See the following advisory for the container...

Remote Code Execution (RCE)

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.51. See the following advisory for the container...

Cross-Site Scripting (XSS)Cross-Site Scripting (XSS)

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.51. See the following advisory for the container...

[SECURITY] Fedora 29 Update: pagure-5.3-1.fc29

Pagure is a light-weight git-centered forge based on pygit2. Currently, Pagure offers a web-interface for git repositories, a ticket system and possibilities to create new projects, fork existing ones and create/merge pull-requests across or within projects...

BeEF - The Browser Exploitation Framework Project

What is BeEF? BeEF is short for The BrowserExploitation Framework. It is a penetration testing tool that focuses on the web browser. Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual securi...

XSRFProbe - The Prime Cross Site Request Forgery Audit And Exploitation Toolkit

XSRFProbe is an advanced Cross Site Request Forgery CSRF/XSRF Audit and Exploitation Toolkit. Equipped with a Powerful Crawling Engine and Numerous Systematic Checks, it is now able to detect most cases of CSRF vulnerabilities, their related bypasses and futher generate maliciously exploitable...