Koharin

**Name of the Vulnerable Software and Affected Versions** ChargePoint Home Flex version 5.5.4.13 **Description** The software does not validate a user-controlled string for bz2 decompression, which can lead to command execution as the nobody user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ghost Docker images versions prior to 2.16.1-alpine **Description** The issue concerns a blank password for a root user in the official Ghost Docker images. This could allow a remote attacker to gain root access to systems using the affected Docker container. **Recommendations** For Ghost Docker images versions prior to 2.16.1-alpine, update to version 2.16.1-alpine or later to resolve the issue. As a temporary workaround, consider changing the root password to a secure value until the update can be applied. Restrict access to the Docker container to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** composer versions prior to 1.8.3 **Description** The official composer docker images contain a blank password for a root user. Systems using the composer docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. **Recommendations** For versions prior to 1.8.3, update to version 1.8.3 or later to resolve the issue. As a temporary workaround, consider changing the root password in the composer docker container to prevent unauthorized access. Restrict access to the composer docker container to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** adminer versions prior to 4.7.0-fastcgi **Description** The official adminer docker images contain a blank password for a root user. Systems using the adminer docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. **Recommendations** For versions prior to 4.7.0-fastcgi, update to version 4.7.0-fastcgi or later to resolve the issue. As a temporary workaround, consider changing the root password to a secure value until a patch is applied. Restrict access to the adminer docker container to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Telegraf versions prior to 1.9.4-alpine **Description** The issue concerns a blank password for a root user in the official Telegraf Docker images. This could allow a remote attacker to achieve root access with a blank password on systems using the Telegraf Docker container deployed by affected versions of the Docker image. **Recommendations** For versions prior to 1.9.4-alpine, update to version 1.9.4-alpine or later to resolve the issue. As a temporary workaround, consider changing the root password to a secure value to prevent unauthorized access. Restrict access to the Docker container to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Kong Docker images versions prior to 1.0.2-alpine **Description** The issue concerns a blank password for a root user in the official Kong Docker images. This could allow a remote attacker to achieve root access with a blank password on systems using the Kong Docker container deployed by affected versions of the Docker image. **Recommendations** For versions prior to 1.0.2-alpine, update to version 1.0.2-alpine or later to resolve the issue. As a temporary workaround, consider changing the root password to a secure value until a patch is applied. Restrict access to the Docker container to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** plone versions prior to 4.3.18-alpine **Description** The issue concerns a blank password for a root user in the official plone Docker images. This could allow a remote attacker to achieve root access with a blank password, potentially affecting systems that use the plone docker container deployed by affected versions of the docker image. **Recommendations** For versions prior to 4.3.18-alpine, update to version 4.3.18-alpine or later to resolve the issue. As a temporary workaround, consider changing the root password to a secure value until the update can be applied. Restrict access to the plone docker container to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** drupal versions prior to 8.5.10-fpm-alpine **Description** The official drupal docker images contain a blank password for a root user. Systems using the drupal docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. **Recommendations** For versions prior to 8.5.10-fpm-alpine, update to version 8.5.10-fpm-alpine or later to resolve the issue. As a temporary workaround, consider changing the root password to a secure value until a patch is applied. Restrict access to the drupal docker container to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Vault versions prior to 0.11.6 **Description** The issue concerns Vault Docker images that have a blank password set for the root user. This could allow a remote attacker to gain root access to systems using the affected Vault Docker container. **Recommendations** For versions prior to 0.11.6, update to version 0.11.6 or later to resolve the issue. As a temporary workaround, consider changing the root password in the Vault Docker container to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** haproxy versions prior to 1.8.18-alpine **Description** The official haproxy docker images contain a blank password for a root user, which may allow a remote attacker to achieve root access with a blank password. Systems using the haproxy docker container deployed by affected versions of the docker image are at risk. **Recommendations** For versions prior to 1.8.18-alpine, update to version 1.8.18-alpine or later to resolve the issue. As a temporary workaround, consider changing the root password to a secure value until a patch is applied. Restrict access to the haproxy docker container to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** rabbitmq versions prior to 3.7.13-beta.1-management-alpine **Description** The official rabbitmq docker images contain a blank password for a root user, which may allow a remote attacker to achieve root access with a blank password. Systems using the rabbitmq docker container deployed by affected versions of the docker image are at risk. **Recommendations** For versions prior to 3.7.13-beta.1-management-alpine, update to version 3.7.13-beta.1-management-alpine or later to resolve the issue. As a temporary workaround, consider changing the root password to a secure value to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** memcached versions prior to 1.5.11-alpine **Description** The official memcached docker images contain a blank password for a root user, which may allow a remote attacker to achieve root access with a blank password. Systems using the memcached docker container deployed by affected versions of the docker image are at risk. **Recommendations** For versions prior to 1.5.11-alpine, update to version 1.5.11-alpine or later to resolve the issue. As a temporary workaround, consider changing the root password to a secure value until a patch is applied. Restrict access to the memcached docker container to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** sonarqube versions prior to Alpine **Description** The official sonarqube docker images contain a blank password for a root user, which may allow a remote attacker to achieve root access with a blank password. This issue affects systems using the sonarqube docker container deployed by affected versions of the docker image. **Recommendations** For sonarqube versions prior to Alpine, update to Alpine or a later version to resolve the issue. As a temporary workaround, consider changing the root password to a secure value until a patch is available. Restrict access to the sonarqube docker container to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Eggdrop Docker images versions prior to 1.8.4rc2 **Description** The issue concerns Eggdrop Docker images that have a blank password set for the root user. This could allow a remote attacker to gain root access to systems using the affected Docker container. **Recommendations** For versions prior to 1.8.4rc2, update to version 1.8.4rc2 or later to resolve the issue. As a temporary workaround, consider changing the root password to a secure value until the update can be applied. Restrict access to the Docker container to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** znc versions prior to 1.7.1-slim **Description** The official znc docker images contain a blank password for a root user, which may allow a remote attacker to achieve root access. This issue affects systems using the znc docker container deployed by affected versions of the Docker image. **Recommendations** For versions prior to 1.7.1-slim, update to version 1.7.1-slim or later to resolve the issue. As a temporary workaround, consider changing the root password to a secure value until a patch is applied. Restrict access to the znc docker container to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Piwik Docker images versions prior to fpm-alpine **Description** The issue concerns a blank password for a root user in the official Piwik Docker images. This could allow a remote attacker to achieve root access on systems using the Piwik Docker container deployed by affected versions of the Docker image. **Recommendations** For versions prior to fpm-alpine, update to the fpm-alpine version or later to resolve the issue. As a temporary workaround, consider changing the root password to a secure value until a patch is applied. Restrict access to the Docker container to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Express Gateway versions prior to 1.14.0 **Description** The official Express Gateway Docker images contain a blank password for a root user, which may allow a remote attacker to achieve root access. This issue affects systems using the Express Gateway Docker container deployed by affected versions of the Docker image. **Recommendations** For versions prior to 1.14.0, update to version 1.14.0 or later to resolve the issue. As a temporary workaround, consider disabling root access to the container until a patch is applied. Restrict access to the container to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Storm Docker images versions prior to 1.2.1 **Description** The issue concerns a blank password for a root user in the official Storm Docker images. This could allow a remote attacker to gain root access with a blank password. Systems using the Storm Docker container deployed by affected versions of the Docker image are at risk. **Recommendations** For versions prior to 1.2.1, update to version 1.2.1 or later to resolve the issue. As a temporary workaround, consider changing the root password to a secure value until a patch is applied. Restrict access to the Docker container to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** spiped versions prior to 1.5-alpine **Description** The official spiped docker images contain a blank password for a root user. This allows a remote attacker to achieve root access with a blank password. Systems using the spiped docker container deployed by affected versions of the docker image are at risk. **Recommendations** For versions prior to 1.5-alpine, update to version 1.5-alpine or later to resolve the issue. As a temporary workaround, consider changing the root password to a secure value until a patch is applied. Restrict access to the spiped docker container to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Notary Docker images versions prior to signer-0.6.1-1 **Description** The issue concerns a blank password for a root user in the official Notary Docker images. This could allow a remote attacker to gain root access to systems using the Notary Docker container deployed by affected versions of the Docker image. **Recommendations** For versions prior to signer-0.6.1-1, update to version signer-0.6.1-1 or later to resolve the issue. As a temporary workaround, consider changing the root password in the Notary Docker container to prevent unauthorized access. Restrict access to the container to minimize the risk of exploitation.