9260 matches found
Medium: docker
Issue Overview: Docker Engine before 18.09 allows attackers to cause a denial of service dockerd memory consumption via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemonunix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go. CVE-2018-20699 A command injectio...
Medium: containerd, docker
Issue Overview: In the OCI Distribution Specification version 1.0.0 and prior and in the OCI Image Specification version 1.0.1 and prior, manifest and index documents are ambiguous without an accompanying Content-Type HTTP header. Versions of Moby Docker Engine prior to 20.10.11 and versions of...
Medium: containerd, docker
Issue Overview: In the OCI Distribution Specification version 1.0.0 and prior and in the OCI Image Specification version 1.0.1 and prior, manifest and index documents are ambiguous without an accompanying Content-Type HTTP header. Versions of Moby Docker Engine prior to 20.10.11 and versions of...
Amazon Linux AMI : containerd, docker (ALAS-2021-1551)
The version of containerd installed on the remote host is prior to 1.4.6-7.11. The version of docker installed on the remote host is prior to 20.10.7-5.76. It is, therefore, affected by a vulnerability as referenced in the ALAS-2021-1551 advisory. In the OCI Distribution Specification version 1.0...
Medium: docker
Issue Overview: A flaw was found in the userns-remap feature of Docker. The root user in the remapped namespace can modify files under /var/lib/docker/, leading to possible privilege escalation to the root user in the host. The highest threat from this vulnerability is to data integrity...
Medium: docker
Issue Overview: A flaw was found in the userns-remap feature of Docker. The root user in the remapped namespace can modify files under /var/lib/docker/, leading to possible privilege escalation to the root user in the host. The highest threat from this vulnerability is to data integrity...
CVE-2021-41092
A confidential data leak vulnerability was found in Docker CLI. The execution of docker login to a private registry may send provided credentials in a misconfigured docker credentials store to the registry-1.docker.io rather than the specified private registry. This flaw allows an attacker to ste...
CVE-2021-41091
A file permissions vulnerability was found in the Moby Docker Engine. The Moby data directory usually /var/lib/docker contains subdirectories with insufficiently restricted permissions, allowing unprivileged Linux users to traverse directory contents and execute programs. When the running contain...
Docker Desktop < 2.1.0.1 Privilege Escalation
The version of Docker Desktop for Windows is prior to 2.1.0.1. Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting f...
Amazon Linux AMI : docker (ALAS-2021-1550)
The version of docker installed on the remote host is prior to 20.10.7-2.69. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1550 advisory. A flaw was found in the userns-remap feature of Docker. The root user in the remapped namespace can modify files under...
ChopChop - ChopChop Is A CLI To Help Developers Scanning Endpoints And Identifying Exposition Of Sensitive Services/Files/Folders
ChopChop is a command-line tool for dynamic application security testing on web applications, initially written by the Michelin CERT. Its goal is to scan several endpoints and identify exposition of services/files/folders through the webroot. Checks/Signatures are declared in a config file by...
JetBrains TeamCity Information Disclosure Vulnerability (CNVD-2021-89060)
TeamCity is a Java-based build management and continuous integration server from JetBrains. An information disclosure vulnerability exists in JetBrains TeamCity versions prior to 2021.1. An attacker can exploit this vulnerability to obtain information via the Docker Registry connection dialog...
Ubuntu: Security Advisory (USN-5134-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-43196
In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible...
CVE-2021-43196
In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible...
Information disclosure
In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible...
CVE-2021-43196
In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible...
CVE-2021-43196
CVE-2021-43196 affects JetBrains TeamCity prior to 2021.1, where information disclosure is possible via the Docker Registry connection dialog. The vulnerability is reported in multiple sources (NVD/NVD CVE entry and CNVD) with an impact on confidentiality (partial to high) and network attack vect...
Ddosify - High-performance Load Testing Tool
Features Protocol Agnostic - Currently supporting HTTP, HTTPS, HTTP/2. Other protocols are on the way. Scenario-Based - Create your flow in a JSON file. Without a line of code! Different Load Types - Test your system's limits across different load types. Installation ddosify is available via...
USN-5134-1: Docker vulnerability
An information disclosure issue was discovered in the command line interface of Docker. A misconfigured credential store could result in supplied credentials being leaked to the public registry, when using the docker login command with a private registry...