Joyent Smart Data Center 'Docker API' Local Elevation of Privilege Vulnerability

Joyent Smart Data Center SDC is an open source cloud management platform from Joyent, Inc. A local elevation of privilege vulnerability exists in the Joyent Smart Data Center 'Docker API'. A local attacker could exploit this vulnerability to execute arbitrary code with elevated privileges...

Fedora Update for pulp-docker FEDORA-2016-4373f7d32a

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 24 : pulp / pulp-docker / pulp-ostree / pulp-puppet / pulp-python / etc (2016-4373f7d32a)

2.8.6 is a security and bugfix release. Included in the list of fixed issues in 2.8.5 are two CVEs : - CVE-2016-3696: Leakage of CA key in pulp-qpid-ssl-cfg - CVE-2016-3704: Unsafe use of bash $RANDOM for NSS DB password and seed Several issues with database migrations are also addressed in this...

[SECURITY] Fedora 24 Update: pulp-docker-2.0.2-1.fc24

Provides a collection of Pulp server plugins and admin client extensions to support Docker content...

Joyent Smart Data Center Docker API Zone Escape Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Joyent Smart Data Center. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within a Docker...

Continuous Security Integration Framework: CSI

Continuous Security Integration Framework It’s easy to agree that while corporate automation is a collection of proprietary source code, the core modules used to produce automated solutions should be open for all eyes to continuously promote trust and innovation…broad collaboration is key to any...

CVE-2016-6595

DISPUTED The SwarmKit toolkit 1.12.0 for Docker allows remote authenticated users to cause a denial of service prevention of cluster joins via a long sequence of join and quit actions. NOTE: the vendor disputes this issue, stating that this sequence is not "removing the state that is left by old...

SUSE-SU-2016:1941-1 Security update for SUSE Linux Enterprise Server Docker images

This update for the SUSE Linux Enterprise Server 12 and 12 SP1 Docker images provides the latest security patches for openldap2, glibc and openssl bsc982831...

Docker Local Denial of Service Vulnerability

Docker is an open source application container engine from Docker Inc. in the United States, which supports the creation of a container lightweight virtual machine and deployment and running applications on Linux systems, as well as automated installation, deployment and upgrading of applications...

Twitter the presence of high-risk vulnerabilities hackers can get Vine all the source code-bug warning-the black bar safety net

Twitterthe presence of high-risk vulnerabilities, the attacker can be downloaded from the serverVine（ Vineis Microsoft developing a location-basedSNSsystem all the source code, thenTwitterflowers5minutes time to fix the vulnerability. Security researcher Avicoder found this vulnerability, and in ...

Hackers can use Docker vulnerability download Twitter Vine the full source code-bug warning-the black bar safety net

! Guess what? That someone turned out to be the Twitter Vine's complete source code download down. Vine is a short video share service,users can use Vine to share a six-second video clips,and seamlessly embedded into Twitter messages. With other video sharing service is different,Vine support...

Hacker Downloaded Vine's Entire Source Code. Here’s How...

Guess What? Someone just downloaded Twitter’s Vine complete source code. Vine is a short-form video sharing service where people can share 6-second-long looping video clips. Twitter acquired the service in October 2012. Indian Bug bounty hunter Avinash discovered a loophole in Vine that allowed h...

Fedora 23 : 2:docker (2016-6a0d540088)

built docker @projectatomic/fedora-1.10.3 commit f476348 ---- built docker @projectatomic/fedora-1.10.3 commit f476348 ---- built docker @projectatomic/fedora-1.10.3 commit 4158ccc ---- Resolves: 1335649 - enable Red Hat subscription use in Docker containers on Fedora ---- built docker...

Fedora 24 : pulp / pulp-docker / pulp-ostree / pulp-puppet / pulp-python / etc (2016-f9db2293a8)

Update to Pulp 2.8.3, a security and bugfix update. ---- - CVE-2016-3111: Protect the RSA keys during and after install 1325693. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically...

Fedora 24 : 2:docker (2016-6ef52e1fc3)

Resolves: 1340519 - add TasksMax=infinity ---- built docker @projectatomic/fedora-1.10.3 commit f476348 ---- built docker @projectatomic/fedora-1.10.3 commit f476348 ---- built docker @projectatomic/fedora-1.10.3 commit 4158ccc ---- Resolves: 1335649 - enable Red Hat subscription use in Docker...

Docker Engine Detection (HTTP REST API)

HTTP REST API based detection of Docker Engine. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Docker security of those things-vulnerability warning-the black bar safety net

In the past year, the container being at an amazing speed of development, the country also has a large number of Internet companies in the production environment using Docker, which are also million units of the scale. The other day the clouds exposed Swarm configuration problem caused by the...

Paragon Initiative Enterprises: Stored Cross-Site-Scripting in CMS Airship's authors profiles

I'm just checking out CMS Airship and some of the security features look pretty nice. Awesome job on that! After clicking around a bit I stumbled however upon a stored XSS vulnerability in the Bridge. As per /bridge/help I use 1.1.0 version installed via Docker, as I couldn't find any reference...

Docker Daemon Privilege Escalation

This module obtains root privileges from any host account with access to the Docker daemon. Usually this includes accounts in the docker group. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...

Fedora Update for docker FEDORA-2016-6ef52e1fc3

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...