Elastic: Synthetics Recorder: Code injection when recording website with malicious content

A vulnerability was discovered in the Synthetics Recorder tool, which allows attackers to inject arbitrary code into a recording session. The waitForNavigation event calls quote within the context of a multi-line comment, which can be escaped with a specially crafted URL. This can lead to code...

Dive - A Tool For Exploring Each Layer In A Docker Image

A tool for exploring a docker image, layer contents, and discovering ways to shrink the size of your Docker/OCI image. To analyze a Docker image simply run dive with an image tag/id/digest: dive or if you want to build your image then jump straight into analyzing it: dive build -t . Building on...

ClusterFuzzLite - Simple Continuous Fuzzing That Runs In CI

ClusterFuzzLite is a continuous fuzzing solution that runs as part of Continuous Integration CI workflows to find vulnerabilities faster than ever before. With just a few lines of code, GitHub users can integrate ClusterFuzzLite into their workflow and fuzz pull requests to catch bugs before they...

Trivy - A Simple And Comprehensive Vulnerability Scanner For Containers, Suitable For CI

A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI. Abstract Trivy tri pronounced like tri gger, vy pronounced like envy is a simple and comprehensive vulnerability scanner for containers. A software vulnerability is a glitch, flaw, or weakness present in the softwar...

Fedora 20 : csync2-1.34-15.fc20 / duplicity-0.6.25-3.fc20 / librsync-1.0.0-1.fc20 / etc (2015-3366)

Changes in librsync 1.0.0 2015-01-23 ====================================== - SECURITY: CVE-2014-8242: librsync previously used a truncated MD4 'strong' check sum to match blocks. However, MD4 is not cryptographically strong. It's possible that an attacker who can control the contents of one part...