kubernetes: Docker config secrets leaked when file is malformed and loglevel >= 4

A flaw was found in kubernetes. In Kubernetes, if the logging level is to at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This can occur with client tools like...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.6.13 packages and security update

Red Hat OpenShift Container Platform release 4.6.13 is now available with updates to packages and images that fix several bugs. A security update for cri-o, openshift, openshift-clients, openshift-kuryr, and skopeo is now also available for Red Hat OpenShift Container Platform 4.6. Red Hat Produc...

Nagios XI Remote Code Execution Vulnerability (CNVD-2021-06864)

Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting and rich data visualization. A remote code execution vulnerability exists in the Nagios Docker Configuration Wizard in Nagios XI 5.7 and earlier. An attacker can...

Docker Desktop Community Access Control Error Vulnerability

Docker Desktop is a container technology-based desktop software for lightweight deployment of applications from the U.S. company Docker. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...

CDK

It is an offensive tool for container exploitation. The primary CVE ID is not explicitly stated in the provided context, but the tool is designed for container exploitation, which may involve various vulnerabilities. The tool, CDK, is a zero-dependency container penetration toolkit that offers...

Exploit for Improperly Implemented Security Check for Standard in Thekelleys Dnsmasq

dnspooq DNSpooq PoC - dnsmasq cache poisoning CVE-2020-25686,...

Exploit for SQL Injection in Zabbix

This repository is an open-source collection of pre-built vulnerable docker environments, referred to as 'Vulhub'. It is an offensive tool for cybersecurity training and research. The primary vulnerability class targeted by Vulhub is not explicitly stated, but based on the provided context, it...

Exploit for CVE-2021-3129

CVE-2021-3129 Laravel Debug RCE How to use Run docke...

CVE-2021-3193

CVE-2021-3193 affects the Nagios Docker Config Wizard (before 1.1.2) as used in Nagios XI up to v5.7. The issue is improper access and command validation, allowing an unauthenticated attacker to execute remote code as the apache user. The connected documents confirm the vulnerable component and t...

CVE-2021-3193

Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user...

Exploit for Improper Authentication in Projectsend

This repository contains the description of the vulnerability fo...

Privilege Escalation

github.com/weaveworks/weave is vulnerable to Privilege Escalation. The vulnerability exists because the hostPID setting is set to true allowing an attacker to take over any host in the Docker containers cluster...

CVE-2020-26278

Weave Net is open source software which creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery. Weave Net before version 2.8.0 has a vulnerability in which can allow an attacker to take over any host in the cluster. Weave Net is...

CVE-2020-26278

Weave Net is open source software which creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery. Weave Net before version 2.8.0 has a vulnerability in which can allow an attacker to take over any host in the cluster. Weave Net is...

CVE-2020-26278

Weave Net versions prior to 2.8.0 expose a privilege escalation risk: the pods running on every node are deployed with privileged: true and hostPID: true, enabling the pod to access host processes and write to the host filesystem. This can allow an attacker to take over a host in the Kubernetes c...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

This repository is an offensive tool for a vulnerability hub. It contains various tools and exploits for testing and demonstrating vulnerabilities in different software and systems. The repository includes a range of tools, such as Docker image builders, format checkers, and Markdown linters, as...

vulhub

This is an open-source collection of pre-built vulnerable docker environments. It is a repository for testing and demonstrating various vulnerabilities in different applications and frameworks. The repository contains a variety of vulnerable environments, including web applications, databases, an...

MyJWT - A Cli For Cracking, Testing Vulnerabilities On Json Web Token (JWT)

This cli is for pentesters, CTF players, or dev. You can modify your jwt, sign, inject ,etc... Check Documentation for more information. If you see problems or enhancement send an issue.I will respond as soon as possible. Enjoy : Documentation Documentation is available at...

CVE-2021-3162

Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation...

CVE-2021-3162

Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation...