9259 matches found
MGASA-2021-0500 Updated docker packages fix security vulnerabilities
Updated docker packages fix security vulnerabilities: A bug was found in Moby Docker Engine where attempting to copy files using docker cp into a specially-crafted container can result in Unix file permission changes for existing files in the hosts filesystem, widening access to others. This bug...
Security update for containerd, docker, runc (important)
openSUSE Security Update: Security update for containerd, docker, runc Announcement ID: openSUSE-SU-2021:1404-1 Rating: important References: 1102408 1185405 1187704 1188282 1190826 1191015 1191121 1191334 1191355 1191434 Cross-References: CVE-2021-30465 CVE-2021-32760 CVE-2021-41089 CVE-2021-410...
Dockerized-Android - A Container-Based Framework To Enable The Integration Of Mobile Components In Security Training Platforms
Dockerized Android is a container-based framework that allows to execute and Android Emulator inside Docker and control it through a browser. This project has been developed in order to provide a starting point for integrating mobile security components into Cyber Ranges but it can be used for an...
Fedora: Security Advisory for moby-engine (FEDORA-2021-b5a9a481a2)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 35 Update: moby-engine-20.10.9-1.fc35
Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between - and they don'...
Exploit for OS Command Injection in Docker
CVE-2019-5736 is a container escape vulnerability in Docker. The exploit works by overwriting and executing the host system's runc binary from within the container. The vulnerability allows an attacker to gain root access on the host system. The exploit is implemented in Go and consists of two us...
Exploit for Code Injection in Gitlab
Vuln Impact An issue has been discovered in GitLab CE/EE af...
编号撤回
Portainer is a lightweight user management interface for managing Docker environments and Docker hosts. Portainer suffers from a privilege permission and access control issue vulnerability that can be exploited by an attacker to obtain sensitive information...
NewStart CGSL CORE 5.04 / MAIN 5.04 : docker-ce Vulnerability (NS-SA-2021-0097)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has docker-ce packages installed that are affected by a vulnerability: - In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd...
openSUSE 15 Security Update : containerd, docker, runc (openSUSE-SU-2021:3506-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3506-1 advisory. - runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be...
SUSE SLES15: containerd / docker / docker-bash-completion / etc (SUSE-SU-2021:3506-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3506-1 advisory. Docker was updated to 20.10.9-ce. bsc1191355 See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md...
Exploit for Path Traversal in Apache Http_Server
Apache 2.4.50 - Path Traversal or Remote Code Execution CVE-20...
SUSE-SU-2021:3550-1 Security update for Salt
This update fixes the following issues: salt: - Fix the regression of dockercontainer state module - Support querying for JSON data in external sql pillar - Exclude the full path of a download URL to prevent injection of malicious code bsc1190265 CVE-2021-21996 - Fix wrong relative paths resoluti...
NewStart CGSL CORE 5.05 / MAIN 5.05 : docker-ce Vulnerability (NS-SA-2021-0181)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has docker-ce packages installed that are affected by a vulnerability: - In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd...
NewStart CGSL MAIN 6.02 : docker-ce Multiple Vulnerabilities (NS-SA-2021-0124)
The remote NewStart CGSL host, running version MAIN 6.02, has docker-ce packages installed that are affected by multiple vulnerabilities: - In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege...
NewStart CGSL CORE 5.05 / MAIN 5.05 : docker-ce Multiple Vulnerabilities (NS-SA-2021-0138)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has docker-ce packages installed that are affected by multiple vulnerabilities: - Lack of content verification in Docker-CE Also known as Moby versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2,...
NewStart CGSL CORE 5.04 / MAIN 5.04 : docker-ce Vulnerability (NS-SA-2021-0103)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has docker-ce packages installed that are affected by a vulnerability: - In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege...
Keeweb - Free Cross-Platform Password Manager Compatible With KeePass
This webapp is a browser and desktop password manager compatible with KeePass databases. It doesn't require any server or additional resources. The app can run either in browser, or as a desktop app. Quick Links Apps: Web, Desktop Timeline: Release Notes, TODO On one page: Features, FAQ Website:...
Mediator - An Extensible, End-To-End Encrypted Reverse Shell With A Novel Approach To Its Architecture
Mediator is an end-to-end encrypted reverse shell in which the operator and the shell connect to a "mediator" server that bridges the connections. This removes the need for the operator/handler to set up port forwarding in order to listen for the connection. Mediator also allows you to create...
Webdiscover - The Purpose Of This Script Is To Automate The Web Enumeration Process And Search For Exploits
The purpose of this script is to automate the web enumeration process and search for exploits and vulns. Added Tools dependencies are installed during script execution: seclist ffuf namelist dnsrecon subfinder whatweb gospider nuclei searchsploit go-exploitdb It creates a directory with the scan...