GHSA-3HFW-X7GX-437C Path traversal in Matrix Synapse

Impact Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory, potentially outside the media store directory. The last two directories and file name of the path are chosen randomly by Synapse and cannot be...

CVE-2021-41281

Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the affected endpoint. T...

Authentication flaw

Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the affected endpoint. T...

CVE-2021-41281

Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the affected endpoint. T...

SpoolSploit - A Collection Of Windows Print Spooler Exploits Containerized With Other Utilities For Practical Exploitation

A collection of Windows print spooler exploits containerized with other utilities for practical exploitation. Summary SpoolSploit is a collection of Windows print spooler exploits containerized with other utilities for practical exploitation. A couple of highly effective methods would be relaying...

Important: Red Hat Security Advisory: Red Hat support for Spring Boot 2.3.10 security update

An update is now available for Red Hat support for Spring Boot. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more...

ARTIF - An Advanced Real Time Threat Intelligence Framework To Identify Threats And Malicious Web Traffic On The Basis Of IP Reputation And Historical Data.

ARTIF is a new advanced real time threat intelligence framework built that adds another abstraction layer on the top of MISP to identify threats and malicious web traffic on the basis of IP reputation and historical data. It also performs automatic enrichment and threat scoring by collecting,...

NIST Guidelines for Containerized Application Security

Learn how to secure containers and protect against breaches...

Kubesploit - A Cross-Platform Post-Exploitation HTTP/2 Command And Control Server And Agent Written In Golang

Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent dedicated for containerized environments written in Golang and built on top of Merlin project by Russel Van Tuyl @Ne0nd0g. Our Motivation While researching Docker and Kubernetes, we noticed that most of the...

Secure containerized environments with updated threat matrix for Kubernetes

Last April, we released the first version of the threat matrix for Kubernetes. It was the first attempt to systematically map the threat landscape of Kubernetes. As we described in the previous post, we chose to adapt the structure of MITRE ATT&CK® framework which, became almost an industry...

CVE-2020-24639

There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system...

CVE-2020-24640

There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system...

Input validation

There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system...

CVE-2020-24640

There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system...

CVE-2020-24640

Aruba Airwave Glass prior to version 1.3.3 contains an input validation error that enables arbitrary command execution inside the containerized environment. This weakness can allow an attacker to fully compromise the underlying host OS, with exploitation primarily possible through management GUI/...

CVE-2020-24639

There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system...

Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.4.4 on OpenJDK for OpenShift image security update

A new image is available for Red Hat Single Sign-On 7.4.4 on OpenJDK, running on OpenShift Container Platform of versions 3.10, 3.11, up to the 4.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which...

CVE-2020-11854

Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge containerized vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge containerized and Application Performance Management. The vulneravili...

CVE-2020-11858 Code execution with escalated privilegesn vlnerability in Operation bridge Manager and Operations Bridge (containerized) products.

Code execution with escalated privileges vulnerability in Micro Focus products Operation Bridge Manager and Operation Bridge containerized. The vulneravility affects: 1. Operation Bridge Manager versions: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10...

CVE-2020-11854 Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) products.

Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge containerized vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge containerized and Application Performance Management. The vulneravili...