Steven Murdoch

**Name of the Vulnerable Software and Affected Versions** Moby (Docker Engine) versions prior to 20.10.18 **Description** The issue is related to the improper setup of supplementary groups in Moby (Docker Engine), which can allow an attacker with direct access to a container to bypass primary group restrictions. This could potentially lead to access to sensitive information or the ability to execute code in the container. The problem can be exploited if an attacker manipulates their supplementary group access. **Recommendations** For versions prior to 20.10.18, update to Moby (Docker Engine) 20.10.18 to fix the issue. For users unable to upgrade, do not use the "USER $USERNAME" Dockerfile instruction. Instead, call ENTRYPOINT ["su", "-", "user"] to set up supplementary groups properly. Stop and restart running containers for the permissions to be fixed.

**Name of the Vulnerable Software and Affected Versions** ScatterChat versions 1.0.x **Description** The issue allows attackers to identify patterns in large numbers of messages by exploiting collisions using a birthday attack on the custom padding mechanism for ECB mode encryption. **Recommendations** For ScatterChat versions 1.0.x, consider disabling the custom padding mechanism for ECB mode encryption as a temporary workaround until a patch is available. Restrict access to sensitive messages to minimize the risk of exploitation.