DamnVulnerableCryptoApp - An App With Really Insecure Crypto

Why? If you try to learn a little bit more about crypto, either because you want to know how the attacks work or just because you want to do safe code, you end up diving really fast into the math behind the algorithms, and for a lot of people this is a NO. This project was created with some key...

Security Bulletin: Vulnerability in Docker affects Cloud Pak Sytem (CVE-2020-13401)

Summary Vulnerability identified within Docker shipped as pType component with Cloud Pak System Software. IBM Cloud Pak System Software addressed this vulnerability. Vulnerability Details CVEID: CVE-2020-13401 DESCRIPTION: Docker Docker CE is vulnerable to a man-in-the-middle attack, caused by...

vulhub

It is an offensive tool for web application security training. The primary target is the web application, specifically the Flask framework. The vulnerability class/vector is Server-Side Template Injection SSTI. The probable entry points are scripts/modules such as flask/ssti/exploit.py. Notable...

[SECURITY] Fedora 31 Update: podman-2.1.1-3.fc31

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

Security Bulletin: Security vulnerabilities have been fixed in IBM Security Access Manager and IBM Security Verify Access (CVE-2020-4661, CVE-2020-4699, CVE-2020-4660)

Summary Several security vulneraabilties have been fixed in both IBM Security Access Manager and IBM Security Verify Access products. Vulnerability Details CVEID: CVE-2020-4661 DESCRIPTION: IBM Security Access Manager Appliance could allow an attacker to obtain sensitive using timing side channel...

vPrioritizer - Tool To Understand The Contextualized Risk (vPRisk) On Asset-Vulnerability Relationship Level Across The Organization

As indicated by sources like vulndb & cve, on a daily basis, approximately 50 new vulnerabilities become known to industry and it’s safe to assume that count is going to increase furthermore. It’s a huge number of vulnerabilities to assess and remediate effectively and quickly. So today...

CVE-2020-13347

A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKERAUTHCONFIG build variable...

CVE-2020-13347

A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKERAUTHCONFIG build variable...

Command injection

A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKERAUTHCONFIG build variable...

CVE-2020-13347

A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKERAUTHCONFIG build variable...

UBUNTU-CVE-2020-13347

A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKERAUTHCONFIG build variable...

CVE-2020-13347

CVE-2020-13347 affects GitLab Runner on Windows when using the Docker executor. The vulnerability is a command injection in the runner prior to versions 13.2.4, 13.3.2 and 13.4.1, exploitable via the DOCKER_AUTH_CONFIG build variable, allowing an attacker to execute arbitrary commands on the Wind...

CVE-2020-13347

A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKERAUTHCONFIG build variable...

CVE-2020-13347

Removed by vendor...

PT-2020-13488 · Gitlab · Gitlab Runner +1

Name of the Vulnerable Software and Affected Versions: Gitlab runner versions prior to 13.2.4 Gitlab runner versions prior to 13.3.2 Gitlab runner versions prior to 13.4.1 Description: A command injection issue was discovered. When the runner is configured on a Windows system with a docker...

vulhub

This is a Docker Compose file for a vulnerability environment. It is a collection of services that can be used to test and demonstrate various types of vulnerabilities. The file is written in YAML format and defines the services, their ports, and the networks they use. The file contains several...

[SECURITY] Fedora 33 Update: skopeo-1.2.0-3.fc33

Command line utility to inspect images and repositories directly on Docker registries without the need to pull them...

[SECURITY] Fedora 33 Update: podman-2.1.1-10.fc33

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

Fedora: Security Advisory for skopeo (FEDORA-2020-7b6058fec9)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Kube-Score - Kubernetes Object Analysis With Recommendations For Improved Reliability And Security

kube-score is a tool that performs static code analysis of your Kubernetes object definitions. The output is a list of recommendations of what you can improve to make your application more secure and resilient. You can test kube-score out in the browser with the online demo source. Installation...