MGASA-2020-0406 Updated docker packages fix a security vulnerability

It was discovered that Docker could be made to expose sensitive information when processing URLs in container image manifests. A remote attacker could use this to trick the user and obtain the user's registry credentials CVE-2020-15157...

Updated docker packages fix a security vulnerability

It was discovered that Docker could be made to expose sensitive information when processing URLs in container image manifests. A remote attacker could use this to trick the user and obtain the user's registry credentials CVE-2020-15157...

Windows 10, iOS, Chrome, Firefox and Others Hacked at Tianfu Cup Competition

Multiple software products from Adobe, Apple, Google, Microsoft, Mozilla, and Samsung were successfully pwned with previously unseen exploits in Tianfu Cup 2020, the third edition of the international cybersecurity contest held in the city of Chengdu, China. "Many mature and hard targets have bee...

Hetty - An HTTP Toolkit For Security Research

Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community. Features Man-in-the-middle MITM HTTP/1.1 proxy with logs Project based...

Threagile - Agile Threat Modeling Toolkit

Threagile see https://threagile.io for more details is an open-source toolkit for agile threat modeling: It allows to model an architecture with its assets in an agile fashion as a YAML file directly inside the IDE. Upon execution of the Threagile toolkit all standard risk rules as well as...

This One Time on a Pen Test: How I Hacked a Self-Driving Car

Each year, Rapid7 penetration testers complete hundreds of internally and externally based penetration testing service engagements. This post is part of an ongoing series featuring testimonials of what goes on beneath the hoodie. For more insights, check out our 2020 Under the Hoodie report. An...

CVE-2020-26213

In teler before version 0.0.1, if you run teler inside a Docker container and encounter errors.Exit function, it will cause denial-of-service SIGSEGV because it doesn't get process ID and process group ID of teler properly to kills. The issue is patched in teler 0.0.1 and 0.0.1-dev5.1...

CVE-2020-26213

In teler before version 0.0.1, if you run teler inside a Docker container and encounter errors.Exit function, it will cause denial-of-service SIGSEGV because it doesn't get process ID and process group ID of teler properly to kills. The issue is patched in teler 0.0.1 and 0.0.1-dev5.1...

Code injection

In teler before version 0.0.1, if you run teler inside a Docker container and encounter errors.Exit function, it will cause denial-of-service SIGSEGV because it doesn't get process ID and process group ID of teler properly to kills. The issue is patched in teler 0.0.1 and 0.0.1-dev5.1...

CVE-2020-26213

CVE-2020-26213 affects the teler project prior to version 0.0.1 when run inside a Docker container. The root cause is that teler does not correctly obtain the process ID and process group ID when encountering errors.Exit, leading to a denial-of-service via SIGSEGV. A fix is available in teler 0.0...

PT-2020-16343 · Teler · Teler

Name of the Vulnerable Software and Affected Versions: teler versions prior to 0.0.1 Description: The issue causes a denial-of-service SIGSEGV when teler is run inside a Docker container and encounters the errors.Exit function. This is because it doesn't get the process ID and process group ID of...

vulhub2

It is an offensive tool for web application security training. The primary target product/service or framework is not explicitly stated, but the repository contains various vulnerable environments based on Docker-Compose, including Flask, Apache, Nginx, and others. The vulnerability class/vector ...

vulhub

It is an offensive tool for Docker environments. The repository contains a collection of pre-built vulnerable Docker environments, allowing users to easily set up and test various vulnerabilities without requiring prior knowledge of Docker. The environments are designed to be simple to use, with...

vulhub

It is an offensive tool for web application security training. The primary target is not explicitly stated, but based on the provided code and metadata, it appears to be a collection of vulnerable environments based on Docker-Compose. The tool includes various vulnerable environments, such as Fla...

vulhub

It is an offensive tool for web application security training. The primary target product/service or framework is not explicitly stated, but the repository contains various vulnerable environments based on Docker-Compose, including Flask, Apache, Nginx, and others. The vulnerability class/vector ...

Oracle Linux 7 : containerd (ELSA-2020-5906)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2020-5906 advisory. - Addresses CVE-2020-15157 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not test...

The vulnerability of the AppArmor component of the runc container runtime tool, related to authentication mechanisms that are flawed, allows a malicious actor to mount a malicious Docker image in the /proc directory.

The vulnerability of the AppArmor component in the runc container isolation tool is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows a remote attacker to mount a malicious Docker image as a file in the /proc directory...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to be vulnerable to various attacks. The target product/service or framework varies depending on the specific environment...

vulhub

This is an open-source collection of pre-built vulnerable docker environments. It is a collection of docker-compose files that can be used to create vulnerable environments for testing and training purposes. The environments are designed to be easy to use and require no pre-existing knowledge of...

Exploit for Improper Input Validation in Redhat Openshift

This is a pre-built vulnerable Docker environment collection called Vulhub. It is an open-source project that provides a collection of vulnerable Docker environments for testing and learning purposes. The project is maintained by phith0n and is available on GitHub. The repository contains a varie...