EulerOS 2.0 SP9 : docker-engine (EulerOS-SA-2021-2547)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be...

TIBCO Security Advisory: October 5, 2021 - TIBCO FTL -2021-35497

TIBCO FTL unvalidated SAN in client certificates Original release date: October 5, 2021 Last revised:March 10, 2022 CVE-2021-35497 Source: TIBCO SoftwareInc. Products Affected TIBCO ActiveSpaces - Community Edition versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2 TIBCO ActiveSpaces - Develop...

The vulnerability of the table_population.php file, a tool for monitoring Nagios XI Docker Wizard, allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the tablepopulation.php file of the Nagios XI Docker Wizard tool is related to insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

Security Bulletin:Multiple vulnerabilities fixed in IBM Security Verify Bridge - Docker

Summary Multiple vulnerabilities fixed in IBM Security Verify Bridge - Docker Vulnerability Details CVEID: CVE-2021-3450 DESCRIPTION: OpenSSL could allow a remote attacker to bypass security restrictions, caused by a a missing check in the validation logic of X.509 certificate chains by the...

Security Bulletin: Cache control vulnerability affects IBM Edge (CVE-2020-4805).

Summary IBM Edge is affected by a cache control vulnerability. IBM Edge has resolved this vulnerability. Vulnerability Details CVEID: CVE-2020-4805 DESCRIPTION: IBM Edge allows web pages to be stored locally which can be read by another user on the system. CVSS Base score: 4 CVSS Temporal Score:...

Security Bulletin: Cacheable HTTPs Response vulnerability affects IBM Edge (CVE-2020-4809)

Summary IBM Edge is affected by a cacheable HTTPs response vulnerability. IBM Edge has resolved the vulnerability. Vulnerability Details CVEID: CVE-2020-4809 DESCRIPTION: IBM Edge allows web pages to be stored locally which can be read by another user on the system. CVSS Base score: 4 CVSS Tempor...

Security Bulletin: Unexpected Content-Type vulnerability affects IBM Edge (CVE-2020-4941)

Summary IBM Edge is affected by an Unexpected Content-Type vulnerability. IBM Edge has resolved this vulnerability. Vulnerability Details CVEID: CVE-2020-4941 DESCRIPTION: IBM Edge could reveal sensitive version information about the server from error pages that could aid an attacker in further...

Security Bulletin: Cache control vulnerability affects IBM Edge (CVE-2020-4803).

Summary IBM Edge is affected by a cache control vulnerability. IBM Edge has resolved this vulnerability. Vulnerability Details CVEID: CVE-2020-4803 DESCRIPTION: IBM Edge allows web pages to be stored locally which can be read by another user on the system. CVSS Base score: 4 CVSS Temporal Score:...

Exploit for CVE-2021-38647

Details OMIGod - CVE-2021-38647 Open Management Infrastruct...

Cross-site Scripting (XSS) - Stored in causefx/organizr

Description When creating a new Tab, the name of the tab can store JavaScript. This also happens, when editing the name of an existing Tab. - I tested it with docker image for Organizr hash 7fb764ccd226. organizr/organizr latest 7fb764ccd226 4 weeks ago 73.3MB - Branch is v2-master. Proof of...

kubernetes input validation error vulnerability

Kubernetes is an open source Docker container cluster management system from the American Linux Foundation. The system provides resource scheduling, deployment operations, service discovery, and scale-up and scale-down for containerized applications. kubernetes has a security vulnerability that c...

vulhub

This repository is an offensive tool for building vulnerable environments based on Docker-Compose. It contains a collection of vulnerable applications and services, including CouchDB, FFmpeg, Git, and Jenkins, among others. The repository is maintained by phith0n and is licensed under the MIT...

Wallarm API Firewall outperforms Nginx in a production environment

Wallarm API Firewall is a free light-weighted API Firewall that protects your API endpoints in cloud-native environments with API schema validation. Wallarm API Firewall relies on a positive security model allowing calls that match a predefined API specification, while rejecting everything else...

Pollenisator - Collaborative Pentest Tool With Highly Customizable Tools

Pollenisator is a tool aiming to assist pentesters and auditor automating the use of some tools/scripts and keep track of them. Written in python 3 Provides a modelisation of "pentest objects" : Scope, Hosts, Ports, Commands, Tools etc. Tools/scripts are separated into 4 categories : wave,...

vulhub

This repository is an offensive tool for creating pre-built vulnerable environments based on Docker-Compose. It is a collection of vulnerable applications and services that can be used for testing and training purposes. The repository includes a variety of vulnerable applications, such as CouchDB...

Microsoft Warns of Cross-Account Takeover Bug in Azure Container Instances

Microsoft on Wednesday said it remediated a vulnerability in its Azure Container Instances ACI services that could have been weaponized by a malicious actor "to access other customers' information" in what the researchers described as the "first cross-account container takeover in the public...

Exploit for OS Command Injection in Docker

CVE-2019-5736 is a vulnerability in the runc container runtime that allows for container escape. The exploit works by overwriting the runc binary with a malicious payload, which is achieved by modifying the /bin/sh file in the container to point to the runc binary on the host. The attacker can th...

Exploit for Deserialization of Untrusted Data in Google Tensorflow

CVE-2021-37678 Explo...

Exploit for Integer Overflow or Wraparound in Haproxy

CVE-2021-40346 CVE-2021-40346 PoC HAProxy HTTP Smuggling Fo...

Security Bulletin: Container Environment Vulnerabilities Affect IBM Secure Proxy (CVE-2020-14298, CVE-2020-14300)

Summary There are multiple container environment vulnerabilities in IBM Secure Proxy. IBM Secure Proxy has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-14298 DESCRIPTION: runc could allow a local attacker to bypass security restrictions, caused by a flaw in the usage of...