9245 matches found
Exploit for OS Command Injection in Cacti
CVE-2020-8813 Cacti v1.2.8 Unauthenticated Remote Code Executi...
opencontainers runc contains procfs race condition with a shared volume mount
Impact By crafting a malicious root filesystem with /proc being a symlink to a directory which was inside a volume shared with another running container, an attacker in control of both containers can trick runc into not correctly configuring the container's security labels and not correctly maski...
mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs
Summary runc 1.0.0-rc94 and earlier are vulnerable to a symlink exchange attack whereby an attacker can request a seemingly-innocuous container configuration that actually results in the host filesystem being bind-mounted into the container allowing for a container escape. CVE-2021-30465 has been...
systemd security, bug fix, and enhancement update
239-45.0.1 - backport upstream pstore tmpfiles patch Orabug: 31420486 - udev rules: fix memory hot add and remove Orabug: 31310273 - fix to enable systemd-pstore.service Orabug: 30951066 - journal: change support URL shown in the catalog entries Orabug: 30853009 - fix to generate...
Denial-of-Service within Docker container
Impact If you run teler inside a Docker container and encounter errors.Exit function, it will cause denial-of-service SIGSEGV because it doesn't get process ID and process group ID of teler properly to kills. Specific Go Packages Affected ktbs.dev/teler/pkg/errors Patches Upgrade to the = 0.0.1...
GHSA-JHJ6-5MH6-4PVF Denial-of-Service within Docker container
Impact If you run teler inside a Docker container and encounter errors.Exit function, it will cause denial-of-service SIGSEGV because it doesn't get process ID and process group ID of teler properly to kills. Specific Go Packages Affected ktbs.dev/teler/pkg/errors Patches Upgrade to the = 0.0.1...
NULL Pointer Dereference
In teler before version 0.0.1, if you run teler inside a Docker container and encounter errors.Exit function, it will cause denial-of-service SIGSEGV because it doesn't get process ID and process group ID of teler properly to kills. The issue is patched in teler 0.0.1 and 0.0.1-dev5.1...
CVE-2021-1559
Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected device. These vulnerabilities are due to insufficient input sanitization when executing affected commands. A high-privileged attacker could...
CVE-2021-1560
Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected device. These vulnerabilities are due to insufficient input sanitization when executing affected commands. A high-privileged attacker could...
CVE-2021-1560
Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected device. These vulnerabilities are due to insufficient input sanitization when executing affected commands. A high-privileged attacker could...
CVE-2021-1559
Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected device. These vulnerabilities are due to insufficient input sanitization when executing affected commands. A high-privileged attacker could...
Command injection
Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected device. These vulnerabilities are due to insufficient input sanitization when executing affected commands. A high-privileged attacker could...
CVE-2021-1560 Cisco DNA Spaces Connector Command Injection Vulnerabilities
Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected device. These vulnerabilities are due to insufficient input sanitization when executing affected commands. A high-privileged attacker could...
CVE-2021-1560 Cisco DNA Spaces Connector Command Injection Vulnerabilities
Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected device. These vulnerabilities are due to insufficient input sanitization when executing affected commands. A high-privileged attacker could...
CVE-2021-1559 Cisco DNA Spaces Connector Command Injection Vulnerabilities
Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected device. These vulnerabilities are due to insufficient input sanitization when executing affected commands. A high-privileged attacker could...
CVE-2021-1559 Cisco DNA Spaces Connector Command Injection Vulnerabilities
Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected device. These vulnerabilities are due to insufficient input sanitization when executing affected commands. A high-privileged attacker could...
DivideAndScan - Divide Full Port Scan Results And Use It For Targeted Nmap Runs
DivideEt Impera And Scan and also merge the scan results D ivideA ndS can is used to efficiently automate port scanning routine by splitting it into 3 phases: 1. Discover open ports for a bunch of targets. 2. Run Nmap individually for each target with version grabbing and NSE actions. 3. Merge th...
vulhub
This repository is an open-source collection of pre-built vulnerable docker environments, referred to as 'Vulhub'. It is not a specific exploit or tool, but rather a collection of vulnerable environments for testing and learning purposes. The repository contains various vulnerable docker...
Exploit for OS Command Injection in Vim
cve-2019-12735 Docker image that lets me study the exploitatio...
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2021-1896)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...