OPENSUSE-SU-2021:1162-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: ansible: - The support level for ansible is l2, not l3 dracut-saltboot: - Force installation of libexpat.so.1 bsc1188846 - Use kernel parameters from PXE formula also for local boot golang-github-prometheus-prometheus: - Provide and reload firewalld...

NinjaDroid - Ninja Reverse Engineering On Android APK Packages

NinjaDroid is a simple tool to reverse engineering Android APK packages. Published at: https://snapcraft.io/ninjadroid $ snap install ninjadroid --channel=beta Overview NinjaDroid uses AXMLParser together with a series of Python scripts based on aapt, keytool, string and such to extract a series ...

Exploit for Cross-site Scripting in Ampache

CVE-2021-32644 위 취약점은 Ampache 4.4.3 이전 버전까지 영향을 주었던 XSS 취약점입니다...

Exploit for Off-by-one Error in Sudo_Project Sudo

CVE-2021-3156 Introduction This repository was created f...

CVE-2021-37353

Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in tablepopulation.php...

CVE-2021-37353

Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in tablepopulation.php...

Design/Logic Flaw

Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in tablepopulation.php...

Crypto-scams you should be steering clear of in 2021

A fair few cryptocurrency scams have been doing the rounds across 2021. Most of them are similar if not identical to tactics used in previous years with an occasional twist. Here’s some of the most visible ones you should be steering clear of. Recovery code theft Many Bitcoin wallets make use of...

CVE-2021-37353

CVE-2021-37353 is an SSRF flaw in Nagios XI Docker Wizard prior to version 1.1.3, caused by improper sanitization in table_population.php. It is documented across multiple sources as part of Nagios XI vulnerabilities; remediation is to upgrade to Docker Wizard 1.13 or newer (as part of broader up...

CVE-2021-37353

Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in tablepopulation.php...

Nagios XI 代码问题漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A code issue vulnerability exists in the Nagios XI Docker Wizard, which stems from improper cleanup in...

openSUSE: Security Advisory for golang-github-prometheus-prometheus (openSUSE-SU-2021:2664-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2021-37841

Docker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes. This security issue leads an attacker with...

CVE-2021-37841

Docker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes. This security issue leads an attacker with...

Code injection

Docker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes. This security issue leads an attacker with...

CVE-2021-37841

Docker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes. This security issue leads an attacker with...

CVE-2021-37841

Docker Desktop (Windows) vulnerability CVE-2021-37841 affects versions prior to 3.6.0. The issue is erroneous access control that allows a low-privilege user who can access the Windows containers server to read, write, and potentially execute code inside containers, enabling full container compro...

Docker Desktop 安全漏洞

Docker Desktop is a container technology-based desktop software for lightweight deployment of applications from the U.S. company Docker. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...

Security update for golang-github-prometheus-prometheus (moderate)

openSUSE Security Update: Security update for golang-github-prometheus-prometheus Announcement ID: openSUSE-SU-2021:2664-1 Rating: moderate References: 1186242 SLE-18254 Cross-References: CVE-2021-29622 CVSS scores: CVE-2021-29622 NVD : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected...

Informational: Impact of Microsoft PowerShell Vulnerability CVE-2021-26701 on Cortex XSOAR

Palo Alto Networks Cortex XSOAR maintains Docker Images with PowerShell available for customers to use. The base docker images with PowerShell were updated on May 19, 2021 with PowerShell version 7.1.3. Palo Alto Networks urges customers to upgrade their docker images to a version with the tag...