Prometheus Node Exporter And Windows Exporter Information Gather

This modules connects to a Prometheus Node Exporter or Windows Exporter service and gathers information about the host. Tested against Docker image 1.6.1, Linux 1.6.1, and Windows 0.23.1 Module Options msf use auxiliary/gather/prometheusnodeexportergather msf auxiliaryprometheusnodeexportergather...

Oracle Linux 8 : container-tools:ol8 (ELSA-2020-1650)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1650 advisory. - A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux...

Oracle Linux 7 : docker-engine / docker-cli (ELSA-2019-4827)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4827 advisory. docker-engine 19.03.1-1.0.0 - update to 19.03.1 19.03-0.0.1 - update to 19.03 Tenable has extracted the preceding description block directly from the...

Oracle Linux 7 : docker-engine (ELSA-2019-4550)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-4550 advisory. - apply fix for runc CVE-2019-5736 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

Oracle Linux 7 : runc (ELSA-2019-4540)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2019-4540 advisory. - Apply patch for CVE-2019-5736 Wiekus Beukes - Resolves: 1412238 - CVE-2016-9962 - set init processes as non-dumpable, runc patch from Michael Crosby Tenable h...

Oracle Linux 7 : docker-engine (ELSA-2019-4551)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-4551 advisory. - update runc for CVE-2019-5736 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessu...

CVE-2023-41329

WireMock is a tool for mocking HTTP services. The proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in Preventing proxying to and recording from specific target addresses. These restrictions can be configured using the domain names, and in such a ca...

SUSE SLES15 / openSUSE 15 Security Update : docker (SUSE-SU-2023:3536-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3536-1 advisory. - Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Contain...

SUSE: Security Advisory (SUSE-SU-2023:3536-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 37 Update: moby-engine-24.0.5-1.fc37

Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between - and they don'...

Fedora: Security Advisory for moby-engine (FEDORA-2023-cf3551046d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2023-2637)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Associated-Threat-Analyzer - Detects Malicious IPv4 Addresses And Domain Names Associated With Your Web Application Using Local Malicious Domain And IPv4 Lists

Associated-Threat-Analyzer detects malicious IPv4 addresses and domain names associated with your web application using local malicious domain and IPv4 lists. Installation From Git git clone https://github.com/OsmanKandemir/associated-threat-analyzer.git cd associated-threat-analyzer && pip3...

PurpleOps - An Open-Source Self-Hosted Purple Team Management Web Application

An open-source self-hosted purple team management web application. Key Features Template engagements and testcases Framework friendly Role-based Access Control & MFA Inbuilt DOCX reporting + custom template support How PurpleOps is different: No attribution needed Hackable, no "no-reversing"...

CVE-2023-41044 Partial path traversal vulnerability in Support Bundle feature of Graylog

Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's Support Bundle feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle feature allows an attacker with valid Admin role...

Noir - An Attack Surface Detector Form Source Code

Noir is an attack surface detector form source code. Key Features Automatically identify language and framework from source code. Find API endpoints and web pages through code analysis. Load results quickly through interactions with proxy tools such as ZAP, Burpsuite, Caido and More Proxy tools...

[SECURITY] Fedora 38 Update: moby-engine-24.0.5-1.fc38

Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between - and they don'...

Fedora: Security Advisory for moby-engine (FEDORA-2023-9f5f1ef40a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MAL-2023-7951 Malicious code in docker-slim-action (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5c43f388e17851e78ffe6cea282489130b04ea50c71f40d951e492b3128f019d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Netmaker Vulnerable to Privilege Escalation From Non Admin To Admin User

Impact A Mass assignment vulnerability was found allowing a non-admin user to escalate privileges to admin user. Patches Issue is patched in 0.17.1, and fixed in 0.18.6+. If Users are using 0.17.1, they should run "docker pull gravitl/netmaker:v0.17.1" and "docker-compose up -d". This will switch...