Security
Headlines
HeadlinesLatestCVEs

Tag

#docker

JFrog Launches Project Pyrsia to Help Prevent Software Supply Chain Attacks

Open source software community initiative utilizes blockchain technology.

DARKReading
Open in Source
#vulnerability#mac#git#oracle#zero_day#docker#ssl
CVE-2021-44719: Redirecting…

Docker Desktop 4.3.0 has Incorrect Access Control.

How Secrets Lurking in Source Code Lead to Major Breaches

If one word could sum up the 2021 infosecurity year (well, actually three), it would be these: "supply chain attack".  A software supply chain attack happens when hackers manipulate the code in third-party software components to compromise the 'downstream' applications that use them. In 2021, we have seen a dramatic rise in such attacks: high profile security incidents like the SolarWinds,

CVE-2022-1815: SSRF in /service endpoint in drawio

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.1.2.

GHSA-4wpp-w5r4-7v5v: Server-Side Request Forgery in charm

We've discovered a vulnerability in which attackers could forge HTTP requests to manipulate the `charm` data directory to access or delete anything on the server. This has been patched in https://github.com/charmbracelet/charm/commit/3c90668f955c7ce5ef721e4fc9faee7053232fd3 and is available in release [v0.12.1](https://github.com/charmbracelet/charm/releases/tag/v0.12.1). We recommend that all users running self-hosted `charm` instances update immediately. This vulnerability was found in-house and we haven't been notified of any potential exploiters. ### Additional notes * Encrypted user data uploaded to the Charm server is safe as Charm servers cannot decrypt user data. This includes filenames, paths, and all key-value data. * Users running the official Charm [Docker images](https://github.com/charmbracelet/charm/blob/main/docker.md) are at minimal risk because the exploit is limited to the containerized filesystem. ### For more information If you have any questions or comments a...

Yes, Containers Are Terrific, But Watch the Security Risks

Containers revolutionized the development process, acting as a cornerstone for DevOps initiatives, but containers bring complex security risks that are not always obvious. Organizations that don’t mitigate these risks are vulnerable to attack.  In this article, we outline how containers contributed to agile development, which unique security risks containers bring into the picture – and what

CVE-2022-1775: Weak Password Policy in trudesk

Weak Password Requirements in GitHub repository polonel/trudesk prior to 1.2.2.

CVE-2022-1803: UI REDRESSING in trudesk

Improper Restriction of Rendered UI Layers or Frames in GitHub repository polonel/trudesk prior to 1.2.2.