vulhub

It is an offensive tool for Docker environments. The primary CVE ID is not explicitly mentioned, but the tool targets various vulnerable Docker environments, including CouchDB, FFmpeg, Git, InfluxDB, and Oracle Java. The tool is designed to test and demonstrate vulnerabilities in these...

Install Apache Zeppelin and connect it to AWS Athena for data exploration, visualization and collaboration

Introduction Apache Zeppelin is a Web-based, open source, notebook system that enables data-driven, interactive data analytics and collaborative documents with SQL. At Imperva Research Group we use it on a daily basis to query data from the Threat Research Data Lake using AWS Athena query engine...

vulhub

It is an offensive tool for Docker environments. The repository contains a collection of vulnerable Docker environments, including CouchDB, ffmpeg, git, and influxdb, among others. The environments are designed to be used for testing and training purposes, allowing users to practice exploiting...

Windows Docker Information Disclosure Vulnerability

...

Windows Docker Information Disclosure Vulnerability

Docker is an open source application container engine from the American company Docker. The product supports creating a container lightweight virtual machine and deploying and running applications on Linux systems, as well as automating the installation, deployment, and upgrading of applications...

PT-2021-1690 · Microsoft · Windows Docker +1

Name of the Vulnerable Software and Affected Versions: Windows Docker affected versions not specified Description: The issue is related to an information disclosure vulnerability in Windows Docker. It allows attackers to obtain sensitive information and potentially affect the system. There is no...

vulhub

It is an offensive tool for web application security training. The primary vulnerability is not explicitly stated, but the repository contains a variety of vulnerable docker environments, including those for web applications, databases, and other services. The environments are designed to be...

Security update for cobbler (moderate)

openSUSE Security Update: Security update for cobbler Announcement ID: openSUSE-SU-2021:0046-1 Rating: moderate References: 1020376 1029276 1048183 1074594 1075014 1081714 1081739 1090205 1097733 1101670 1104189 1104190 1104287 1105440 1105442 1113747 1128754 1128926 1130658 1134588 1149075 11518...

Gotenberg Directory Traversal Vulnerability (CNVD-2021-03336)

Gotenberg is a Docker-powered stateless API for converting HTML, Markdown and Office documents to PDF. A directory traversal vulnerability exists in Gotenberg 6.2.1 and earlier versions of the Markdown engine. An attacker can exploit this vulnerability to read any container file...

Docker Engine Path Traversal Vulnerability

Docker Engine is a set of lightweight runtime environments and package management tools from Docker, Inc. A path traversal vulnerability exists in Docker Engine versions prior to 19.03.9. No detailed vulnerability details are provided at this time...

Thecodingmachine Gotenberg 安全漏洞

Gotenberg is a Docker-powered stateless API for converting HTML, Markdown and Office documents to PDF. Gotenberg 6.2.1 and earlier versions are vulnerable. An attacker can exploit this vulnerability to overwrite LibreOffice configuration files and execute arbitrary code via macros...

Thecodingmachine Gotenberg 安全漏洞

Gotenberg is a Docker-powered stateless API for converting HTML, Markdown and Office documents to PDF. A file overwrite vulnerability exists in Gotenberg 6.2.1 and earlier versions. The vulnerability stems from insecure permissions in tini. An attacker can exploit the vulnerability to overwrite...

Gotenberg 6.2.0 Traversal / Code Execution / Insecure Permissions

1 Multiple vulnerabilities in Gotenberg │ │ │ │ My PDF │ │ │ │ Path: │ .DirPath │ PASSWD: │ toHTML .DirPath "../../../../etc/passwd" │ IP: │ toHTML .DirPath "../../../...

Node.js: DNS rebinding in --inspect (insufficient fix of CVE-2018-7160)

Summary: While the debugger i.e., the --inspect option tries to prevent DNS rebinding, the whitelist is excessive. Description: The whitelist includes “localhost6”, which is not that widespread. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS...

Exploit for Cross-site Scripting in Redhat Keycloak

reconFTW...

CVE-2020-27534

util/binfmtmisc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call...

CVE-2020-27534

util/binfmtmisc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call...

CVE-2020-27534

util/binfmtmisc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call...

Design/Logic Flaw

util/binfmtmisc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call...

CVE-2020-27534

util/binfmtmisc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call...