#docker

An unpatched security issue in the Travis CI API has left tens of thousands of developers' user tokens exposed to potential attacks, effectively allowing threat actors to breach cloud infrastructures, make unauthorized code changes, and initiate supply chain attacks. "More than 770 million logs of free tier users are available, from which you can easily extract tokens, secrets, and other

**What are some of the services affected by this vulnerability?** The following table lists some of the affected services, and the changes associated with the remedy for this vulnerability: Affected Product New Version Number Customer action required DSC Patch for Version 3: 3.0.0.7 and Patch for Version 2: 2.71.1.33 No Customer Action required; these are auto updated for all customers. SCOM For 2016: 7.6.1108.0; for 2019: 10.19.1152.0; and for 2022: 10.22.1024.0 Customers need to update MPs 2016, 2019, and 2022. OMS 1.14.13 There are 2 ways to install OMS Agent: Bundle or through VM Extension. Using a Bundle Link and for VM Extensions, through Azure Powershell CMDlets or Azure CLI. ASC 1.14.13 Update via VM extension. Container Monitoring Solution Image tag: microsoft-oms-latest with full ID: sha256:6131e66cdf7bd07f9db3bbb17902ea8695a2f2bda0cf72ff16170aaf93b56f3b See How to Upgrade OMS Docker for details on how to check your current image ID and to upgrade OMS-docke...

Public Travis CI logs loaded with GitHub, AWS, Docker Hub account tokens, and other sensitive data could be leveraged for lateral cloud attacks.

Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege.

In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side Template Injection, allowing for remote code execution.

Red Hat Security Advisory 2022-4985-01 - New Cryostat 2.1.1 on RHEL 8 container images have been released, containing bug fixes and addressing security vulnerabilities. Issues addressed include a deserialization vulnerability.

New Cryostat 2.1.1 on RHEL 8 container images are now availableThis content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25647: com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson * CVE-2022-28948: golang-gopkg-yaml: crash when attempting to deserialize invalid input

A vulnerability, which was classified as critical, was found in Podman and Varlink 1.5.1. This affects an unknown part of the component API. The manipulation leads to Privilege Escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

OS Command injection vulnerability in Mintzo Docker-Tester through 1.2.1 allows attackers to execute arbitrary commands via shell metacharacters in the 'ports' entry of a crafted docker-compose.yml file.

Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.