Fedora: Security Advisory for skopeo (FEDORA-2020-f317e13ecf)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUDO_KILLER - A Tool To Identify And Exploit Sudo Rules' Misconfigurations And Vulnerabilities Within Sudo

Linux Privilege Escalation through SUDO abuse. If you like the tool and for my personal motivation so as to develop other tools please a +1 star The tool can be used by pentesters, system admins, CTF players, students, System Auditors and trolls :. INTRO WARNING: SUDOKILLER is part of the KILLER...

Important Photon OS Security Update - PHSA-2020-0238

Updates of 'docker', 'linux', 'linux-esx' packages of Photon OS have been released...

AFLplusplus

This is a code repository for AFLplusplus, a tool for fuzz testing and vulnerability discovery. The repository contains various files and directories related to the project, including configuration files, makefiles, and documentation. The repository is organized as follows: .clang-format is a...

CVE Api - Parse & filter the latest CVEs from cve.mitre.org

Parse & filter the latest CVEs from https://cve.mitre.org. Docs Usage http://localhost:4000/cve?target=KEYWORD The year parameter is optional. http://localhost:4000/cve?target=KEYWORD&year=YEAR Examples http://localhost:4000/cve?target=ruby%20on%20rails...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector targeted by this repository is not explicitly stated, but it appears to be a collection of various vulnerabilities in different environments. The probable entry points for these...

CVE-2019-12825

Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate user changes the path of a group, Docker registries are not adapted, leaving...

CVE-2019-12825

Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate user changes the path of a group, Docker registries are not adapted, leaving...

CVE-2019-12825

Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate user changes the path of a group, Docker registries are not adapted, leaving...

Path traversal

Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate user changes the path of a group, Docker registries are not adapted, leaving...

CVE-2019-12825

Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate user changes the path of a group, Docker registries are not adapted, leaving...

CVE-2019-12825

Removed by vendor...

openSUSE: Security Advisory for docker-runc (openSUSE-SU-2020:0219-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : docker-runc (openSUSE-2020-219)

This update for docker-runc fixes the following issues : - CVE-2019-19921: Fixed a volume mount race condition with shared mounts bsc1160452. This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The descriptive text and package checks in this plugi...

OPENSUSE-SU-2020:0219-1 Security update for docker-runc

This update for docker-runc fixes the following issues: - CVE-2019-19921: Fixed a volume mount race condition with shared mounts bsc1160452. This update was imported from the SUSE:SLE-15:Update update project...

Use After Free (UAF)

github.com/proglottis/gpgme is vulnerable to use-after-free. The attack is possible because it allows malicious use for container image pulls by Docker or CRI-O, leading to an application crash or arbitrary code execution during GPG signature verification...

CVE-2020-5239

In Mailu before version 1.7, an authenticated user can exploit a vulnerability in Mailu fetchmail script and gain full access to a Mailu instance. Mailu servers that have open registration or untrusted users are most impacted. The master and 1.7 branches are patched on our git repository. All...

CVE-2020-5239

In Mailu before version 1.7, an authenticated user can exploit a vulnerability in Mailu fetchmail script and gain full access to a Mailu instance. Mailu servers that have open registration or untrusted users are most impacted. The master and 1.7 branches are patched on our git repository. All...

Open redirect

In Mailu before version 1.7, an authenticated user can exploit a vulnerability in Mailu fetchmail script and gain full access to a Mailu instance. Mailu servers that have open registration or untrusted users are most impacted. The master and 1.7 branches are patched on our git repository. All...

CVE-2020-5239

CVE-2020-5239 affects Mailu before version 1.7. An authenticated user can exploit a vulnerability in the Mailu fetchmail script to gain full access to a Mailu instance; Mailu servers with open registration or untrusted users are most impacted. The master and 1.7 branches are patched in the Mailu ...