MGASA-2016-0209 Updated docker package fixes CVE-2016-3697

Updated docker packages fix security vulnerability: It was found that Docker would launch containers under the specified UID instead of a username. An attacker able to launch a container could use this flaw to escalate their privileges to root within the launched container CVE-2016-3697...

Updated docker package fixes CVE-2016-3697

Updated docker packages fix security vulnerability: It was found that Docker would launch containers under the specified UID instead of a username. An attacker able to launch a container could use this flaw to escalate their privileges to root within the launched container CVE-2016-3697...

Modern Reverse Proxy: Traefik

Modern Reverse Proxy Træfɪk is a modern HTTP reverse proxy and load balancer made to deploy microservices with ease. It supports several backends Docker , Swarm , Mesos/Marathon , Kubernetes , Consul , Etcd , Zookeeper , BoltDB , Rest API, file… to manage its configuration automatically and...

[SECURITY] Fedora 24 Update: pulp-docker-2.0.1-1.fc24

Provides a collection of Pulp server plugins and admin client extensions to support Docker content...

Oracle Linux 6 / 7 : docker-engine (ELSA-2016-3568)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2016-3568 advisory. 1.10.3-1.0.3 - CVE-2016-3697: docker: Potential privilege escalation via confusion of usernames and UIDs orabug 23279003 Tenable has extracted the preceding...

Clair - Vulnerability Static Analysis for Containers

Clair is an open source project for the static analysis of vulnerabilities in appc and docker containers. Vulnerability data is continuously imported from a known set of sources and correlated with the indexed contents of container images in order to produce lists of vulnerabilities that threaten...

Docker UI Cross-Site Request Forgery Vulnerability

Docker is an open source application container engine. A cross-site request forgery vulnerability exists in Docker UI, which can be exploited by an attacker to trick a logged-in user into clicking on a specially crafted malicious url, resulting in a cross-site request forgery attack...

Red Hat OpenShift Enterprise STI build process elevation of privilege vulnerability

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform that builds, tests, deploys, and runs applications.OpenShift Enterprise is an open source version of the private cloud. The STI build process in Red Hat OpenShift Enterprise fails to properly restrict access to the STI...

Docker is not authorized to access the statistics report-vulnerability warning-the black bar safety net

! 2 0 1 6 5 1 7,, a platform broke Docker Swarm cluster port opening is exposed to the outside,resulting in remote unauthorized access vulnerability,then the executable Docker node specific command. To exploit the vulnerability directly obtain root privileges. What is Docker? Docker is an...

docker-engine security update

1.10.3-1.0.3 - CVE-2016-3697: docker: Potential privilege escalation via confusion of usernames and UIDs orabug 23279003...

transfer.sh - Easy and Fast File Sharing from the Command-line

Easy and fast file sharing from the command-line. This code contains the server with everything you need to create your own instance. Transfer.sh support currently the s3 Amazon S3 provider and local file system local. Usage Upload: $ curl --upload-file ./hello.txt https://transfer.sh/hello.txt...

origin: pod update allows docker socket access via build-pod

A vulnerability was found in the STI build process in OpenShift Enterprise. Access to STI builds was not properly restricted, allowing an attacker to use STI builds to access the Docker socket and escalate their privileges...

Important: Red Hat Security Advisory: Red Hat OpenShift Enterprise 3.2 security update

An update for atomic-openshift and nodejs-node-uuid is now available for Red Hat OpenShift Enterprise 3.2. In addition, all images have been rebuilt on the new RHEL 7.2.4 base image. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

CVE-2016-3738

A vulnerability was found in the STI build process in OpenShift Enterprise. Access to STI builds was not properly restricted, allowing an attacker to use STI builds to access the Docker socket and escalate their privileges...

Vulnerability warning: Docker Swarm Manager remote management port access-vulnerability warning-the black bar safety net

! Docker is a domestic and international Cloud Platform common application the lightweight container, AWS, Baidu, etc. are used. Typically used for lightweight deployment of applications. In Docker Swarm of deployment documentation, since the default there is some insecurity in the sample...

Docker Privilege Acquisition Vulnerability

Docker is an open source application container engine. Docker starts containers based on a specified UID instead of a username, allowing a local attacker to exploit this vulnerability to gain root privileges to the corresponding container with container startup privileges...

RHEL 7 : docker (RHSA-2016:1034)

An update for docker is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Moderate: Red Hat Security Advisory: docker security, bug fix, and enhancement update

An update for docker is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

docker: privilege escalation via confusion of usernames and UIDs

It was found that Docker would launch containers under the specified UID instead of a username. An attacker able to launch a container could use this flaw to escalate their privileges to root within the launched container...

Wireless Network Security Auditing Bash Script: airgeddon

airgeddon is a living project growing day by day. This is the list of features so far: Interface mode switcher Monitor-Managed keeping selection even on interface name changing DoS over wireless networks using different methods. “DoS Pursuit mode” available to avoid AP channel hopping available...