CVE-2020-26213

In teler before version 0.0.1, if you run teler inside a Docker container and encounter errors.Exit function, it will cause denial-of-service SIGSEGV because it doesn't get process ID and process group ID of teler properly to kills. The issue is patched in teler 0.0.1 and 0.0.1-dev5.1...

Code injection

In teler before version 0.0.1, if you run teler inside a Docker container and encounter errors.Exit function, it will cause denial-of-service SIGSEGV because it doesn't get process ID and process group ID of teler properly to kills. The issue is patched in teler 0.0.1 and 0.0.1-dev5.1...

CVE-2020-26213

CVE-2020-26213 affects the teler project prior to version 0.0.1 when run inside a Docker container. The root cause is that teler does not correctly obtain the process ID and process group ID when encountering errors.Exit, leading to a denial-of-service via SIGSEGV. A fix is available in teler 0.0...

PT-2020-16343 · Teler · Teler

Name of the Vulnerable Software and Affected Versions: teler versions prior to 0.0.1 Description: The issue causes a denial-of-service SIGSEGV when teler is run inside a Docker container and encounters the errors.Exit function. This is because it doesn't get the process ID and process group ID of...

vulhub2

It is an offensive tool for web application security training. The primary target product/service or framework is not explicitly stated, but the repository contains various vulnerable environments based on Docker-Compose, including Flask, Apache, Nginx, and others. The vulnerability class/vector ...

vulhub

It is an offensive tool for Docker environments. The repository contains a collection of pre-built vulnerable Docker environments, allowing users to easily set up and test various vulnerabilities without requiring prior knowledge of Docker. The environments are designed to be simple to use, with...

vulhub

It is an offensive tool for web application security training. The primary target is not explicitly stated, but based on the provided code and metadata, it appears to be a collection of vulnerable environments based on Docker-Compose. The tool includes various vulnerable environments, such as Fla...

vulhub

It is an offensive tool for web application security training. The primary target product/service or framework is not explicitly stated, but the repository contains various vulnerable environments based on Docker-Compose, including Flask, Apache, Nginx, and others. The vulnerability class/vector ...

Oracle Linux 7 : containerd (ELSA-2020-5906)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2020-5906 advisory. - Addresses CVE-2020-15157 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not test...

The vulnerability of the AppArmor component of the runc container runtime tool, related to authentication mechanisms that are flawed, allows a malicious actor to mount a malicious Docker image in the /proc directory.

The vulnerability of the AppArmor component in the runc container isolation tool is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows a remote attacker to mount a malicious Docker image as a file in the /proc directory...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to be vulnerable to various attacks. The target product/service or framework varies depending on the specific environment...

vulhub

This is an open-source collection of pre-built vulnerable docker environments. It is a collection of docker-compose files that can be used to create vulnerable environments for testing and training purposes. The environments are designed to be easy to use and require no pre-existing knowledge of...

Exploit for Improper Input Validation in Redhat Openshift

This is a pre-built vulnerable Docker environment collection called Vulhub. It is an open-source project that provides a collection of vulnerable Docker environments for testing and learning purposes. The project is maintained by phith0n and is available on GitHub. The repository contains a varie...

Information Disclosure

podman is vulnerable to information disclosure. The vulnerability exists through environment variables leak between containers when started via Varlink or Docker-compatible REST API...

DDoS attacks in Q3 2020

News overview Q3 was relatively calm from a DDoS perspective. There were no headline innovations, although cybercriminals did continue to master techniques and develop malware already familiar to us from the last reporting period. For example, another DDoS botnet joined in the assault on Docker...

Oracle Linux 7 : docker-engine / docker-cli (ELSA-2020-5900)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5900 advisory. - Fix for CVE-2020-15157 - Address CVE-2020-16845 - update to 19.03.11 for CVE-2020-13401 - apply e4931e664feac6fa8846f3f04268a0cc98822549, fixes CVE-2019-5736 ...

RHEL 7 / 8 : OpenShift Container Platform 4.6.1 (RHSA-2020:4297)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4297 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use...

Grype - A Vulnerability Scanner For Container Images And Filesystems

A vulnerability scanner for container images and filesystems. Easily install the binary to try it out. Features Scan the contents of a container image or filesystem to find known vulnerabilities. Find vulnerabilities for major operating system packages Alpine BusyBox CentOS / Red Hat Debian Ubunt...

podman: environment variables leak between containers when started via Varlink or Docker-compatible REST API

An information disclosure flaw was found in containers/podman. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container leak into subsequent containers. This flaw allows an...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.6.1 package security update

An update for jenkins-2-plugins, openshift-clients, podman, runc, and skopeo is now available for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...