CVE-2020-14300

CVE-2020-14300 affects Red Hat Enterprise Linux 7 Extras Docker packaging (docker-1.13.1-108.git4ef4b30.el7). The issue arises from an incorrect runc version in that package, regressing the fix for CVE-2016-9962 and potentially allowing a process inside a container to escape the container namespa...

CVE-2020-14300

The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 https://access.redhat.com/errata/RHBA-2020:0053 included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in...

CVE-2020-14298

CVE-2019-5736 (runc escape) is a widely noticed container escape vulnerability in runc. Multiple sources describe that runc handled file descriptors related to /proc/self/exe insecurely, allowing a container to overwrite the host’s runc binary and potentially execute arbitrary commands on the hos...

CVE-2020-14298

The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the...

CVE-2020-14298

The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the...

PT-2020-13966 · Docker +2 · Docker +1

The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 https://access.redhat.com/errata/RHBA-2020:0053 included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in...

PT-2020-13964 · Open Container Initiative +1 · Runc +1

Name of the Vulnerable Software and Affected Versions: docker version 1.13.1-108.git4ef4b30.el7 Description: This issue could allow a malicious or compromised container to compromise the container host and other containers running on the same host. The problem arose due to an incorrect version of...

Exploit for Improper Encoding or Escaping of Output in F5 Nginx

It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID present in the provided context is not explicitly stated, but the repository contains various vulnerable environments based on Docker-Compose, including ones for CVE-2016-9086, CVE-2017-1000353,...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID present in the provided context is CVE-2016-9086. The target product/service or framework is GitLab. The vulnerability class/vector is not explicitly stated, but it is likely related to the mentioned...

vulhub-200710

It is an offensive tool for web application security training. The repository contains a collection of pre-built vulnerable environments based on Docker-Compose, designed for web application security training. The tool is not explicitly stated to be a PoC exploit or an exploit module/toolkit, but...

Exploit for Improper Encoding or Escaping of Output in F5 Nginx

It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID is not explicitly mentioned, but the project is based on various vulnerabilities, including CVE-2016-9086, CVE-2013-4547, CVE-2017-1000353, and CVE-2018-1000006. The target product/service or framework...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID present in the context is CVE-2016-9086. The target product/service or framework is GitLab. The vulnerability class/vector is not explicitly stated, but the context suggests it is related to a GitLab...

SUSE SLES15 Security Update : containerd, docker, docker-runc, golang-github-docker-libnetwork (SUSE-SU-2020:1657-1)

This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues : Docker was updated to 19.03.11-ce runc was updated to version 1.0.0-rc10 containerd was updated to version 1.2.13 CVE-2020-13401: Fixed an issue where an attacker with CAPNETRAW capabilit...

Fedora 31 : coturn (2020-9eadf517de)

Coturn 4.5.1.3 ============== - merge PR 575: Fix rpm packaging - merge PR 576: Tell tar to not include the metadata into release - merge PR 574: Change Docker turnserver.conf to latest turnserver.conf - merge PR 566: Remove reference to SSLv3 - merge PR 579: Ignore MD5 for BoringSSL - merge PR...

Shhgit - Find GitHub Secrets In Real Time

Shhgit finds secrets and sensitive files across GitHub code and Gists committed in near real time by listening to the GitHub Events API. NEW: LIVE VERSION. Find GitHub secrets straight from your browser! Finding secrets in GitHub is nothing new. There are many great tools available to help with...

Updated docker packages fix security vulnerability

Updated docker packages fix security vulnerability: A flaw was found in Docker when it creates network bridges that accept IPv6 router advertisements by default. This flaw allows an attacker who can execute code in a container to possibly spoof rogue IPv6 router advertisements to perform a...

MGASA-2020-0279 Updated docker packages fix security vulnerability

Updated docker packages fix security vulnerability: A flaw was found in Docker when it creates network bridges that accept IPv6 router advertisements by default. This flaw allows an attacker who can execute code in a container to possibly spoof rogue IPv6 router advertisements to perform a...

Exploit for Path Traversal in Bludit

Bludit Directory Traversal Vulnerability CVE-2019–16113 Blu...

[SECURITY] [DSA 4716-1] docker.io security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4716-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 02, 2020 https://www.debian.org/security/faq -...

CVE-2020-15080

In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some files should not be in the release archive, and others should not be accessible. The problem is fixed in version 1.7.6.6 A possible workaround is to make sure composer.json and docker-compose.yml are not accessible on your server...