CryptonDie - A Ransomware Developed For Study Purposes

CryptonDie is a ransomware developed for study purposes. Options --key key used to encrypt and decrypt files, default is random stringrecommended --dir Home directory for the attack, default is / --encrypt Encrypt all files --decrypt Decrypt all files --verbose Active verbose mode, default is Fal...

Kube-Alien - Tool To Launches Attack on K8s Cluster from Within

This tool launches attack on k8s cluster from within. That means you already need to have an access with permission to deploy pods in a cluster to run it. After running the kube-alien pod it tries to takeover cluster's nodes by adding your public key to node's /root/.ssh/authorizedkeys file by...

Arbitrary File Read

github.com/opencontainers/runc is vulnerable to arbitrary file read. The vulnerability exists as the AppAmor restrictions can be bypassed due to incorrect mount targets check, allowing a malicious Docker image to be mounted over a /proc directory...

DEBIAN-CVE-2019-16884

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory...

CVE-2019-16884

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory...

CVE-2019-16884

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory...

UBUNTU-CVE-2019-16884

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory...

CVE-2019-16884

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory...

Design/Logic Flaw

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory...

CVE-2019-16884

Summary of CVE-2019-16884 (runc) : The vulnerability affects runc (as used in Docker and similar), where a flaw in libcontainer/rootfs_linux.go allows an AppArmor/SELinux restriction bypass by a malicious image that can mount over a container’s /proc directory. This arises from an incorrect check...

CVE-2019-16884

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory...

CVE-2019-16884

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory...

CVE-2019-16884

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory...

Exploit for Out-of-bounds Write in Php

PHuiP-FPizdaM What's this This is an exploit for a bug in...

openshift-ansible: dockergc service account incorrectly associated with namespace during upgrade

A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the upgrade. This flaw can allow an unprivileged user to escalate their privileges to those allowed by...

CVE-2019-16097 Harbor privilege elevation vulnerability analysis-vulnerability warning-the black bar safety net

The Harbor is one for the storage and distribution Docker image of the enterprise Registry server, by adding some of the business functions necessary characteristics, such as security, identification, and management, the expansion of the open-source Docker Distribution. As an enterprise-level...

ArmourBird CSF - Container Security Framework

ArmourBird CSF - Container Security Framework is an extensible, modular, API-first framework build for regular security monitoring of docker installations and containers against CIS and other custom security checks. ArmourBird CSF has a client-server architecture and is thus divided into two...

SUSE-SU-2019:2365-2 Security update for python-Werkzeug

This update for python-Werkzeug fixes the following issues: Security issue fixed: - CVE-2019-14806: Fixed the development server in Docker, the debugger security pin is now unique per container bsc1145383...

Information Leakage

docker-modem is vulnerable to information leakage. The optionf variable in the function Modem.prototype.dial is not properly handled and used in the buildRequest function, causing a leakage of header information which may contain confidential information...

Security Bulletin: IBM Cloud Automation Manager is affected by an issue with Docker 19.03.x before 19.03.1.

Summary IBM Cloud Automation Manager Advanced Content Runtime is affected by an issue in docker 19.03.x before 19.03.1 described in CVE-2019-14271. If you have docker 19.03.x before 19.03.1 installed on your advanced content runtime system, then upgrade to 19.03.1 or higher. Vulnerability Details...