#docker

Cybersecurity today is less about single attacks and more about chains of small weaknesses that connect into big risks. One overlooked update, one misused account, or one hidden tool in the wrong hands can be enough to open the door. The news this week shows how attackers are mixing methods—combining stolen access, unpatched software, and clever tricks to move from small entry points to large

A critical vulnerability (CVE-2025-9074) in Docker Desktop for Windows and macOS was fixed. The flaw allowed a malicious…

## Summary A 32-bit integer overflow in the BMP encoder’s scanline-stride computation collapses `bytes_per_line` (stride) to a tiny value while the per-row writer still emits `3 × width` bytes for 24-bpp images. The row base pointer advances using the (overflowed) stride, so the first row immediately writes past its slot and into adjacent heap memory with attacker-controlled bytes. This is a classic, powerful primitive for heap corruption in common auto-convert pipelines. - **Impact:** Attacker-controlled heap out-of-bounds (OOB) write during conversion **to BMP**. - **Surface:** Typical upload → normalize/thumbnail → `magick ... out.bmp` workers. - **32-bit:** **Vulnerable** (reproduced with ASan). - **64-bit:** Safe from this specific integer overflow (IOF) by arithmetic, but still add product/size guards. - **Proposed severity:** **Critical 9.8** (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). --- ## Scope & Affected Builds - **Project:** ImageMagick (B...

Docker has released fixes to address a critical security flaw affecting the Docker Desktop app for Windows and macOS that could potentially allow an attacker to break out of the confines of a container. The vulnerability, tracked as CVE-2025-9074, carries a CVSS score of 9.3 out of 10.0. It has been addressed in version 4.44.3. "A malicious container running on Docker Desktop could access the

This vulnerability was discovered by researchers at **Check Point**. We are sharing this report as part of a responsible disclosure process and are happy to assist in validation and remediation if needed. ### Summary A privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can invoke the internal CLI command **langflow superuser** to create a new administrative user. This results in full superuser access, even if the user initially registered through the UI as a regular (non-admin) account. ### Details Langflow's Docker image includes a CLI binary at /app/.venv/bin/langflow that exposes sensitive commands, including: `langflow superuser` This command allows creation of a new superuser without checking whether one already exists. When combined with code execution (e.g., via the authenticated **/api/v1/validate/code** endpoint), a low-privileged user can execute: `/app/.venv/bin/langflow superuser` inside the container, and el...

### Impact This is a configuration vulnerability affecting nginx-defender deployments. Example configuration files [config.yaml](https://github.com/Anipaleja/nginx-defender/blob/main/config.yaml), [docker-compose.yml](https://github.com/Anipaleja/nginx-defender/blob/main/docker-compose.yml) contain default credentials (`default_password: "change_me_please"`, `GF_SECURITY_ADMIN_PASSWORD=admin123`). If users deploy nginx-defender without changing these defaults, attackers with network access could gain administrative control, bypassing security protections. **Who is impacted?** All users who deploy nginx-defender with default credentials and expose the admin interface to untrusted networks. ### Patches The issue is addressed in v1.5.0 and later. Startup warnings are added if default credentials are detected. Documentation now strongly recommends changing all default passwords before deployment. Patched versions: 1.5.0 and later **Will be fully patched in v1.7.0 and later** ### Worka...

### Overview OpenFGA v1.9.3 to v1.9.4 ( openfga-0.2.40 <= Helm chart <= openfga-0.2.41, v1.9.3 <= docker <= v.1.9.4) are vulnerable to improper policy enforcement when certain Check and ListObject calls are executed. ### Am I Affected? You are affected by this vulnerability if you are using OpenFGA v1.9.3 to v1.9.4, specifically under the following preconditions: - Calling Check API or ListObjects with an [authorization model](https://openfga.dev/docs/concepts#what-is-an-authorization-model) that has a relationship directly assignable by more than 1 [userset](https://openfga.dev/docs/modeling/building-blocks/usersets) with same [type](https://openfga.dev/docs/concepts#what-is-a-type), and - There are check or list object queries that rely on the above relationship, and - You have userset tuples that are assigned to the above relationship ### Fix Upgrade to v1.9.5. This upgrade is backwards compatible. ### Workaround Downgrade to v1.9.2 with enable-check-optimizations removed from O...

Power doesn’t just disappear in one big breach. It slips away in the small stuff—a patch that’s missed, a setting that’s wrong, a system no one is watching. Security usually doesn’t fail all at once; it breaks slowly, then suddenly. Staying safe isn’t about knowing everything—it’s about acting fast and clear before problems pile up. Clarity keeps control. Hesitation creates risk. Here are this

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEC Traffic Analyzer Vulnerabilities: NULL Pointer Dereference, Use After Free, Uncontrolled Resource Consumption, Execution with Unnecessary Privileges, Exposure of Sensitive Information to an Unauthorized Actor, Irrelevant Code, Channel Accessible by Non-Endpoint 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition or gain elevated access and access to sensitive resources. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports the following products are affected: Siemens...

Developers maintaining the images made the "intentional choice" to leave the artifacts available as "a historical curiosity," given the improbability they'd be exploited.