9246 matches found
CVE-2021-32699 Asymmetric Resource Consumption (Amplification) in Docker containers created by Wings
Wings is the control plane software for the open source Pterodactyl game management system. All versions of Pterodactyl Wings prior to 1.4.4 are vulnerable to system resource exhaustion due to improper container process limits being defined. A malicious user can consume more resources than intend...
Wormable DarkRadiation Ransomware Targets Linux and Docker Instances
Cybersecurity researchers are sounding the alarm bell over a new ransomware strain called "DarkRadiation" that's implemented entirely in Bash and targets Linux and Docker cloud containers, while banking on messaging service Telegram for command-and-control C2 communications. "The ransomware is...
Websvn 2.6.0 Remote Code Execution
Exploit Title: Websvn 2.6.0 - Remote Code Execution Unauthenticated Date: 20/06/2021 Exploit Author: g0ldm45k Vendor Homepage: https://websvnphp.github.io/ Software Link: https://github.com/websvnphp/websvn/releases/tag/2.6.0 Version: 2.6.0 Tested on: Docker + Debian GNU/Linux Buster CVE :...
Websvn 2.6.0 - Remote Code Execution (Unauthenticated) Exploit
Exploit Title: Websvn 2.6.0 - Remote Code Execution Unauthenticated Exploit Author: g0ldm45k Vendor Homepage: https://websvnphp.github.io/ Software Link: https://github.com/websvnphp/websvn/releases/tag/2.6.0 Version: 2.6.0 Tested on: Docker + Debian GNU/Linux Buster CVE : CVE-2021-32305 import...
vulhub
This repository is an open-source collection of vulnerable web applications and environments for testing and learning purposes. It is maintained by phith0n and hosted on GitHub. The repository contains a variety of applications, including web servers, databases, and other services, that are...
openSUSE: Security Advisory for containerd, (openSUSE-SU-2021:0878-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
org.apache.unomi:unomi-docker (>=1.5.0 <=1.5.4) potentially affected by CVE-2021-31164 via org.apache.unomi:unomi (>=1.5.0 <=1.5.4)
org.apache.unomi:unomi MAVEN version =1.5.0, =1.5.0, =1.5.4 Source cves: CVE-2021-31164 Source advisory: OSV:GHSA-RM7F-MPCJ-W4F6...
OPENSUSE-SU-2021:0878-1 Security update for containerd, docker, runc
This update for containerd, docker, runc fixes the following issues: Docker was updated to 20.10.6-ce bsc1184768, bsc1182947, bsc1181594 Switch version to use -ce suffix rather than ce to avoid confusing other tools bsc1182476. CVE-2021-21284: Fixed a potential privilege escalation when the root...
Security update for containerd, docker, runc (important)
openSUSE Security Update: Security update for containerd, docker, runc Announcement ID: openSUSE-SU-2021:0878-1 Rating: important References: 1168481 1175081 1175821 1181594 1181641 1181677 1181730 1181732 1181749 1182451 1182476 1182947 1183024 1183855 1184768 1184962 1185405 Cross-References:...
container-tools:ol8 security update
buildah 1.19.7-2.0.1 - Fixes troubles with oracle registry login Orabug: 29937283 1.19.7-2 - revert changes to the state of 3.0-8.4.0 - Related: 1954702 conmon 2:2.0.26-3 - fix 'Permission on /dev/null are changing from 666 to 777 after running podman as root rhel-8.4.0.z' - Resolves: 1961682...
Vulnerabilities fixed in Docker
Vulnerabilities have been fixed in Docker. The vulnerabilities potentially enable a local, authenticated malicious agent to execute attacks that result in the following categories of damage: Denial-of-Service DoS Access to system data Increased user privileges Successful misuse requires the...
Updated docker-containerd packages fix security vulnerability
In containerd an industry-standard container runtime before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service that share the same image may receive incorrect...
CVE-2021-20182
A privilege escalation flaw was found in openshift4/ose-docker-builder. The build container runs with high privileges using a chrooted environment instead of runc. If an attacker can gain access to this build container, they can potentially utilize the raw devices of the underlying node, such as...
Nebula - Cloud C2 Framework, Which At The Moment Offers Reconnaissance, Enumeration, Exploitation, Post Exploitation On AWS
Nebula is a Cloud and hopefully DevOps Penetration Testing framework. It is build with modules for each provider and each functionality. As of April 2021, it only covers AWS, but is currently an ongoing project and hopefully will continue to grow to test GCP, Azure, Kubernetes, Docker, or...
SUSE SLES15: containerd / docker / docker-bash-completion / etc (SUSE-SU-2021:1954-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:1954-1 advisory. Docker was updated to 20.10.6-ce bsc1184768, bsc1182947, bsc1181594 Switch version to use -ce suffix rather than ce to avoid...
Exploit for Improper Encoding or Escaping of Output in F5 Nginx
This is an open-source project for vulnerability research and training, called Vulhub. It is a collection of vulnerable systems and applications, designed to help security researchers and students learn about various types of vulnerabilities and how to exploit them. The project is maintained by...
SUSE-SU-2021:1954-1 Security update for containerd, docker, runc
This update for containerd, docker, runc fixes the following issues: Docker was updated to 20.10.6-ce bsc1184768, bsc1182947, bsc1181594 Switch version to use -ce suffix rather than ce to avoid confusing other tools bsc1182476. CVE-2021-21284: Fixed a potential privilege escalation when the root...
Microsoft: Big Cryptomining Attacks Hit Kubeflow
Microsoft has spotted a new, widespread, ongoing attack targeting Kubernetes clusters running Kubeflow instances, in order to plant malicious TensorFlow pods that are used to mine for cryptocurrency. The Kubeflow open-source project is a popular framework for running machine learning ML tasks in...
CVE-2020-15378
The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network, increasing the potential attack surface...
CVE-2020-15378
The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network, increasing the potential attack surface...