9275 matches found
Docker Desktop < 4.6.0 Improper Link Resolution
The version of Docker Desktop for Windows is prior to 4.6.0. It is therefore affected by a vulnerability that allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Note that Nessus has not tested for this issue...
Docker Desktop < 4.6.0 DirtyPipe
The version of Docker Desktop for Mac is prior to 4.6.0. It is therefore affected by CVE-2022-0847, AKA 'DirtyPipe', an issue that could enable attackers to modify files in container images on the host, from inside a container. A flaw was found in the way the 'flags' member of the new pipe buffer...
Docker Desktop < 2.3.0.2 Privilege Escalation
The version of Docker Desktop for Windows is prior to 2.3.0.2. It is therefore affected by a privilege escalation vulnerability whereby if a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a connection attempt from Docker Servic...
Docker Desktop < 4.5.0 Incorrect File Permissions
The version of Docker Desktop for Windows is prior to 4.5.0. It is therefore affected by a vulnerability that allows attackers to move arbitrary files. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900...
Docker Desktop for Windows < 4.6.0 DirtyPipe
The version of Docker Desktop for Windows is prior to 4.6.0. It is therefore affected by CVE-2022-0847, AKA 'DirtyPipe', an issue that could enable attackers to modify files in container images on the host, from inside a container. A flaw was found in the way the 'flags' member of the new pipe...
Improper input validation leads to arbitrary file deletion
Description The /process endpoint of the python API in collector/api.py exposes an endpoint waiting for a POST request with a parameter named filename : py @api.route"/process", methods="POST" def processfile: content = request.json targetfilename = content.get"filename" printf"Processing...
Kibana Timelion Prototype Pollution Remote Code Execution Exploit
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This leads to an arbitrary command execution with permissions of the...
Prometheus Node Exporter And Windows Exporter Information Gather
This modules connects to a Prometheus Node Exporter or Windows Exporter service and gathers information about the host. Tested against Docker image 1.6.1, Linux 1.6.1, and Windows 0.23.1 Module Options msf use auxiliary/gather/prometheusnodeexportergather msf auxiliaryprometheusnodeexportergather...
Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes
Impact The proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in Preventing proxying to and recording from specific target addresses. These restrictions can be configured using the domain names, and in such a case the configuration is vulnerable to t...
DorXNG - Next Generation DorX. Built By Dorks, For Dorks
DorXNG is a modern solution for harvesting OSINT data using advanced search engine operators through multiple upstream search providers. On the backend it leverages a purpose built containerized image of SearXNG, a self-hosted, hackable, privacy focused, meta-search engine. Our SearXNG...
Oracle Linux 7 : docker-engine (ELSA-2019-4597)
The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2019-4597 advisory. 18.03.1.ol-0.0.14 - rebuild 18.03.1.ol-0.0.13 - update for CVE-2018-20699 Tenable has extracted the preceding description block directly from the Oracle Linux...
Oracle Linux 7 : docker-engine / docker-cli (ELSA-2020-5728)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5728 advisory. - update to 19.03.11 for CVE-2020-13401 - apply e4931e664feac6fa8846f3f04268a0cc98822549, fixes CVE-2019-5736 - update to 19.03.11 for CVE-2020-13401 - apply...
Oracle Linux 8 : container-tools:ol8 (ELSA-2020-1650)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1650 advisory. - A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux...
Oracle Linux 7 : docker-engine (ELSA-2019-4551)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-4551 advisory. - update runc for CVE-2019-5736 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessu...
Oracle Linux 7 : docker-cli / docker-engine (ELSA-2020-5823)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5823 advisory. - Address CVE-2020-16845 - update to 19.03.11 for CVE-2020-13401 - apply e4931e664feac6fa8846f3f04268a0cc98822549, fixes CVE-2019-5736 - Address CVE-2020-16845 ...
Oracle Linux 7 : runc (ELSA-2019-4540)
The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2019-4540 advisory. - Apply patch for CVE-2019-5736 Wiekus Beukes - Resolves: 1412238 - CVE-2016-9962 - set init processes as non-dumpable, runc patch from Michael Crosby Tenable h...
Oracle Linux 7 : docker-engine (ELSA-2019-4550)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-4550 advisory. - apply fix for runc CVE-2019-5736 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...
Oracle Linux 7 : docker-engine / docker-cli (ELSA-2019-4827)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4827 advisory. docker-engine 19.03.1-1.0.0 - update to 19.03.1 19.03-0.0.1 - update to 19.03 Tenable has extracted the preceding description block directly from the...
Docker Desktop Installed (macOS)
Binary data dockerformacinstalled.nbin...
Oracle Linux 7 : docker-engine (ELSA-2019-4813)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-4813 advisory. 18.09.8-1.0.4 - Modified version to include ol suffix 18.09.8-1.0.3 - ol7 image related changes 18.09.8-1.0.2 - Merge upstream for CVE fixes. Tenable h...