CVE-2020-8564

In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects v1.19.3, v1.18.10, v1.17.13...

CVE-2020-8564 Docker config secrets leaked when file is malformed and loglevel >= 4

In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects v1.19.3, v1.18.10, v1.17.13...

CVE-2020-8564

CVE-2020-8564 (Kubernetes Docker config leak) In Kubernetes clusters, when the logging level is at least 4, processing a malformed docker config file can cause the contents of that file to be leaked, potentially exposing registry credentials such as pull secrets. Affected versions are those older...

CVE-2020-8564

In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects v1.19.3, v1.18.10, v1.17.13...

Exploit for Incorrect Resource Transfer Between Spheres in Linuxfoundation Containerd

ABSTRACT SHIMMER CVE-2020-15257 This repo contains proof-of...

Inclusion of Sensitive Information in Log Files

In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials...

docker-cli docker-engine security update

docker-cli 19.03.11-7 - Fix for CVE-2020-15257 19.03.11-6 - Fix for CVE-2020-15157 19.03.11-5 - Bugfix for 'docker images name' not working on docker 19.03.11-ol - Address CVE-2020-16845 19.03.11-4 - added patch for registry list 19.03.11-3 - update to 19.03.11 for CVE-2020-13401 19.03.1-1.0.0 -...

Exploit for Improper Initialization in Docker

sectoolset -- Github安全相关工具集合 主要内容： 0x00 漏洞利用实战练习&CTF安全竞赛 0x01 安全扫描器 0x02 安全防守 0x03 渗透测试 0x04 漏洞库及利用工具（POC，EXP 0x05 二进制及代码分析工具 0x06 威胁情报&蜜罐 0x07 安全文档资料 0x11 所有内容 乌云镜像 乌云镜像 乌云镜像,河蟹 近期安全热点 Nmap 7.9发布，更新Npcap，大量指纹更新 Windows Server域控 Netlogon特权提升漏洞 CVE-2020-1472 暗网中网络安全行业暴露状况研究 五眼联盟国家网络安全技术指导书...

Enum4Linux-Ng - A Next Generation Version Of Enum4Linux (A Windows/Samba Enumeration Tool) With Additional Features Like JSON/YAML Export

enum4linux-ng.py is a rewrite of Mark Lowe's former Portcullis Labs now Cisco CX Security Labs enum4linux.pl, a tool for enumerating information from Windows and Samba systems, aimed for security professionals and CTF players. The tool is mainly a wrapper around the Samba tools nmblookup, net,...

Oracle Linux 7 : docker-cli / docker-engine (ELSA-2020-5966)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5966 advisory. - Fix for CVE-2020-15257 - Fix for CVE-2020-15157 - Address CVE-2020-16845 - update to 19.03.11 for CVE-2020-13401 - apply...

JSFScan.sh - Automation For Javascript Recon In Bug Bounty

Blog can be found at https://medium.com/@patelkathan22/beginners-guide-on-how-you-can-use-javascript-in-bugbounty-492f6eb1f9ea?sk=21500dc4288281c7e6ed2315943269e7 Script made for all your javascript recon automation in bugbounty. Just pass subdomain list to it and options according to your...

CVE-2020-29389

The official Crux Linux Docker images 3.0 through 3.4 contain a blank password for a root user. System using the Crux Linux Docker container deployed by affected versions of the Docker image may allow an attacker to achieve root access with a blank password...

CVE-2020-29389

The official Crux Linux Docker images 3.0 through 3.4 contain a blank password for a root user. System using the Crux Linux Docker container deployed by affected versions of the Docker image may allow an attacker to achieve root access with a blank password...

Default credentials

The official Crux Linux Docker images 3.0 through 3.4 contain a blank password for a root user. System using the Crux Linux Docker container deployed by affected versions of the Docker image may allow an attacker to achieve root access with a blank password...

CVE-2020-29389

The official Crux Linux Docker images 3.0 through 3.4 contain a blank password for a root user. System using the Crux Linux Docker container deployed by affected versions of the Docker image may allow an attacker to achieve root access with a blank password...

CVE-2020-29389

CVE-2020-29389 affects Crux Linux Docker images 3.0–3.4, where the root account uses a blank password inside the container, enabling potential root access without authentication when running affected images. The NVD entry reports a CVSS v3.1 base score of 9.8 (CRITICAL) with Network attack vector...

Crux Linux Docker images Access Control Error Vulnerability

Docker is an open source application container engine from the American company Docker. The product supports creating a container lightweight virtual machine and deploying and running applications on Linux systems, as well as automating the installation, deployment, and upgrading of applications...

Misconfigured Docker Servers Under Attack By Xanthe Malware

Researchers have discovered a Monero cryptomining botnet they call Xanthe, which has been exploiting incorrectly configured Docker API installations in order to infect Linux systems. Xanthe was first discovered in a campaign that employed a multi-modular botnet, as well as a payload that is a...

Terrascan - Detect Compliance And Security Violations Across Infrastructure As Code To Mitigate Risk Before Provisioning Cloud Native Infrastructure

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure. GitHub Repo: https://github.com/accurics/terrascan Documentation: https://docs.accurics.com Discuss: https://community.accurics.com Features 500+ Policies for...

vulhub1

It is an offensive tool for web application exploitation. The primary vulnerability targeted by this repository is not explicitly stated, but it appears to be a collection of pre-built vulnerable environments based on Docker-Compose. The repository contains various Docker-Compose files for...