Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2021-1943)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Krane - Kubernetes RBAC Static Analysis And Visualisation Tool

Krane is a simple Kubernetes RBAC static analysis tool. It identifies potential security risks in K8s RBAC design and makes suggestions on how to mitigate them. Krane dashboard presents current RBAC security posture and lets you navigate through its definition. Features RBAC Risk rules - Krane...

Metarget - Framework Providing Automatic Constructions Of Vulnerable Infrastructures

1 Introduction Metarget = meta- + target, a framework providing automatic constructions of vulnerable infrastructures, used to deploy simple or complicated vulnerable cloud native targets swiftly and automatically. 1.1 Why Metarget? During security researches, we might find that the deployment of...

vulhub

This is a pre-built vulnerable environment based on Docker-Compose, maintained by Vulhub. The repository contains various vulnerable environments, including CouchDB, FFmpeg, Git, InfluxDB, and more. The environments are designed to be easily reproducible and can be used for testing and training...

Unspecified Vulnerability in Jitsi Meet jitsi-meet-prosody

8X8 Docker Jitsi Meet is a tool for building Jitsi Meet videoconferencing solutions in Docker from 8x8 USA. A security vulnerability exists in jitsi-meet-prosody in versions of Jitsi Meet prior to 5026, which stems from an uncertainty in the default setting of restrictroomcreation. No detailed...

EulerOS 2.0 SP9 : docker-engine (EulerOS-SA-2021-1943)

According to the version of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashe...

EulerOS 2.0 SP9 : docker-engine (EulerOS-SA-2021-1922)

According to the version of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashe...

Apache Airflow 1.10.10 Remote Code Execution

Exploit Title: Apache Airflow 1.10.10 - 'Example Dag' Remote Code Execution Date: 2021-06-02 Exploit Author: Pepe Berba Vendor Homepage: https://airflow.apache.org/ Software Link: https://airflow.apache.org/docs/apache-airflow/stable/installation.html Version: = 1.10.10 Tested on: Docker...

Apache Airflow 1.10.10 - 'Example Dag' Remote Code Execution

Exploit Title: Apache Airflow 1.10.10 - 'Example Dag' Remote Code Execution Date: 2021-06-02 Exploit Author: Pepe Berba Vendor Homepage: https://airflow.apache.org/ Software Link: https://airflow.apache.org/docs/apache-airflow/stable/installation.html Version: = 1.10.10 Tested on: Docker...

Synology Docker Path Traversal Vulnerability

Docker is an open source application container engine. It supports creating a container lightweight virtual machine and deploying and running applications on a Linux system, as well as automating the installation, deployment, and upgrading of applications through configuration files. A path...

CVE-2021-33183

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability container volume management component in Synology Docker before 18.09.0-0515 allows local users to read or write arbitrary files via unspecified vectors...

CVE-2021-33183

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability container volume management component in Synology Docker before 18.09.0-0515 allows local users to read or write arbitrary files via unspecified vectors...

Path traversal

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability container volume management component in Synology Docker before 18.09.0-0515 allows local users to read or write arbitrary files via unspecified vectors...

Caronte - A Tool To Analyze The Network Flow During Attack/Defence Capture The Flag Competitions

Caronte is a tool to analyze the network flow during capture the flag events of type attack/defence. It reassembles TCP packets captured in pcap files to rebuild TCP connections, and analyzes each connection to find user-defined patterns. The patterns can be defined as regex or using protocol...

CVE-2021-33183

The CVE-2021-33183 entry concerns Synology Docker’s container volume management component. A path traversal vulnerability due to improper limitation of a pathname allows local users to read or write arbitrary files, with the issue occurring in versions before 18.09.0-0515. Impact is described as ...

CVE-2021-33183

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability container volume management component in Synology Docker before 18.09.0-0515 allows local users to read or write arbitrary files via unspecified vectors...

Docker 路径遍历漏洞

Docker is an open source application container engine. It supports creating a container lightweight virtual machine and deploying and running applications on a Linux system, as well as automating the installation, deployment, and upgrading of applications through configuration files. A path...

Exploit for Incorrect Authorization in Buddypress

CVE-2021-21389 BuddyPress 7.2.1 - REST API Privilege Esca...

Important: Red Hat Security Advisory: docker security update

An update for docker is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Security Bulletin: Multiple Security Vulnerabilities have been resolved in IBM Application Gateway (CVE-2021-20576, CVE-2021-20575, CVE-2021-29665)

Summary Multiple Security vulnerabilities have been fixed in the IBM Application Gateway product. Vulnerability Details CVEID: CVE-2021-20576 DESCRIPTION: IBM Application Gateway could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash...