RHEL 7 : docker (RHSA-2020:1234)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1234 advisory. Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that...

Awspx - A Graph-Based Tool For Visualizing Effective Access And Resource Relationships In AWS Environments

auspex ˈau̯s.pɛks noun : An augur of ancient Rome, especially one who interpreted omens derived from the observation of birds. awspx is a graph-based tool for visualizing effective access and resource relationships within AWS. It resolves policy information to determine what actions affect which...

Pulsar - Network Footprint Scanner Platform - Discover Domains And Run Your Custom Checks Periodically

Pulsar is an automated network footprint scanner for Red Teams, Pentesters and Bounty Hunters. Its focused on discovery of organization public facing assets with minimal knowledge about its infrastructure. Along with network data visualization, it attempts to give a basic vulnerability score to...

GitLab EE/CE Access Control Error Vulnerability

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab Community and...

openSUSE: Security Advisory for cni, (openSUSE-SU-2020:0398-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2020-10952

GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images...

CVE-2020-10952

GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images...

Code injection

GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images...

CVE-2020-10952

GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images...

CVE-2020-10952

CVE-2020-10952 affects GitLab Community and Enterprise Editions (GitLab CE/EE) 8.11–12.9.1. An access control error allows blocked users to pull and push docker images, enabling unintended image access/manipulation. According to the linked advisories, GitLab released security updates fixing this ...

CVE-2020-10952

GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images...

CVE-2020-10952

Removed by vendor...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to be vulnerable to various types of attacks. The probable entry points are not specified, but the environments are likel...

PT-2020-12444 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE/CE versions 8.11 through 12.9.1 Description: The issue allows blocked users to pull and push Docker images. This is a significant concern as it bypasses the intended access restrictions for blocked users. Recommendations: For GitLab...

The vulnerability of the docker-compose-remote-api package from the package manager NPM allows a attacker to execute arbitrary commands.

The vulnerability of the docker-compose-remote-api package from the package manager NPM is related to insufficient validation of arguments passed in commands. Exploiting this vulnerability allows an attacker to execute arbitrary commands on the target system remotely...

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Arbitrary File Read when Moving an Issue Path Traversal in NPM Package Registry SSRF on Project Import External Users Can Create Personal Snippet Triggers Decription Can be Updated by Other Maintainers in Project Information Disclosure on Confidential Issues Moved to Private...

Envizon v3.0 - Network Visualization And Vulnerability Management/Reporting

This tool is designed, developed and supported by evait security. In order to give something back to the security community, we publish our internally used and developed, state of the art network visualization and vulnerability reporting tool, 'envizon'. We hope your feedback will help to improve...

CVE-2020-5252

The command-line "safety" package for Python has a potential security issue. There are two Python characteristics that allow malicious code to “poison-pill” command-line Safety package detection routines by disguising, or obfuscating, other malicious or non-secure packages. This vulnerability is...

CVE-2020-5252

The command-line "safety" package for Python has a potential security issue. There are two Python characteristics that allow malicious code to “poison-pill” command-line Safety package detection routines by disguising, or obfuscating, other malicious or non-secure packages. This vulnerability is...

PYSEC-2020-101

The command-line "safety" package for Python has a potential security issue. There are two Python characteristics that allow malicious code to “poison-pill” command-line Safety package detection routines by disguising, or obfuscating, other malicious or non-secure packages. This vulnerability is...