Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2021-1869)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Path Traversal in Docker

Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an 1 image or 2 build in a Dockerfile...

GHSA-VJ3F-3286-R4PF Path Traversal in Docker

Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an 1 image or 2 build in a Dockerfile...

GPGME Go wrapper contains Use After Free

The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification...

GHSA-M6WG-2MWG-4RFQ GPGME Go wrapper contains Use After Free

The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification...

Mediator - An Extensible, End-To-End Encrypted Reverse Shell With A Novel Approach To Its Architecture

Mediator is an end-to-end encrypted reverse shell in which the operator and the shell connect to a "mediator" server that bridges the connections. This removes the need for the operator/handler to set up port forwarding in order to listen for the connection. Mediator also allows you to create...

EulerOS 2.0 SP8 : docker-engine (EulerOS-SA-2021-1869)

According to the version of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashe...

EulerOS 2.0 SP5 : docker-engine (EulerOS-SA-2021-1896)

According to the version of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashe...

vulhub

This repository is an open-source collection of pre-built vulnerable Docker environments, known as Vulhub. It is an offensive tool for testing and demonstrating vulnerabilities in various software and systems. The primary vulnerability class/vector targeted by Vulhub is not explicitly stated, but...

Exploit for SQL Injection in Zabbix

This repository is an open-source collection of pre-built vulnerable docker environments, known as Vulhub. It is a collection of vulnerable environments, not a single exploit or tool. The repository contains various vulnerable environments, including CouchDB, ffmpeg, git, and influxdb, among...

Mubeng - An Incredibly Fast Proxy Checker And IP Rotator With Ease

An incredibly fast proxy checker & IP rotator with ease. Features Proxy IP rotator : Rotates your IP address for every specific request. Proxy checker : Check your proxy IP which is still alive. All HTTP/S methods are supported. HTTP & SOCKSv5 proxy protocols apply. All parameters & URIs are...

Rapid7 Source Code Breached in Codecov Supply-Chain Attack

Cybersecurity company Rapid7 on Thursday revealed that unidentified actors improperly managed to get hold of a small portion of its source code repositories in the aftermath of the software supply chain compromise targeting Codecov earlier this year. "A small subset of our source code repositorie...

Security Bulletin: Vulnerabilities in the Python, Docker, and ICP affect IBM Spectrum Discover

Summary Vulnerabilities in the Python, Docker, and ICP such as a hole to obtain confidential information, denial of service, unauthorized access with high privileges, duplicate entries and CRLF injection, may affect IBM Spectrum Discover Vulnerability Details CVEID: CVE-2020-8566 DESCRIPTION:...

Security Bulletin: Spectrum Discover has addressed multiple security vulnerabilities (CVE-2020-13401, CVE-2019-20372)

Summary Spectrum Discover prior to version 2.0.3.3 shipped with a vulnerable version of Docker and Nginx. Vulnerability Details CVEID: CVE-2020-13401 DESCRIPTION: Docker Docker CE is vulnerable to a man-in-the-middle attack, caused by improper validation of router advertisements. By sending rogue...

BSA-2021-1481

Security Advisory ID : BSA-2021-1481 Component : IPv6 networking Revision : 1.0 The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network, increasing the potential attack surface. When IPv6 networking is enabled on t...

BSA-2020-1037

Security Advisory ID : BSA-2020-1037 Component : Docker Engine Revision : 1.0 An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAPNETRAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive...

Exploit for Incorrect Authorization in Apache Solr

Apache Solr RCE CVE-2020-13957 Docker Demo !docker-demo...

exframe-integration (>=1.0.0 <=1.1.15), test-integration (>=2.0.0 <=2.2.7) potentially affected by CVE-2020-7606 via docker-compose-remote-api (=0.1.4)

docker-compose-remote-api NPM version =0.1.4 is affected by a known vulnerability. The following packages have a transitive dependency on docker-compose-remote-api and may be impacted: - exframe-integration =1.0.0, =2.0.0, =2.2.7 Source cves: CVE-2020-7606 Source advisory: OSV:GHSA-Q6PJ-JH94-5FPR...

GHSA-Q6PJ-JH94-5FPR OS Command Injection in docker-compose-remote-api

docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within index.js of the package, the function execserviceName, cmd, fnStdout, fnStderr, fnExit uses the variable serviceName which can be controlled by users without any sanitization...

OS Command Injection in docker-compose-remote-api

docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within index.js of the package, the function execserviceName, cmd, fnStdout, fnStderr, fnExit uses the variable serviceName which can be controlled by users without any sanitization...