9244 matches found
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab
It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID is not explicitly mentioned, but the repository contains various vulnerable environments based on Docker-Compose, including ones for CVE-2016-9086, CVE-2017-1000353, and CVE-2018-1000006. The target...
vulhub
This repository is an open-source collection of pre-built vulnerable docker environments. It is an offensive tool for web application security testing. The primary vulnerability class/vector targeted by this repository is Server-Side Template Injection SSTI, specifically in Flask applications. Th...
Moderate: Red Hat Security Advisory: docker security and bug fix update
An update for docker is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
RHEL 7 : podman (RHSA-2020:1227)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1227 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use contain...
RHEL 7 : docker (RHSA-2020:1234)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1234 advisory. Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that...
Awspx - A Graph-Based Tool For Visualizing Effective Access And Resource Relationships In AWS Environments
auspex ˈau̯s.pɛks noun : An augur of ancient Rome, especially one who interpreted omens derived from the observation of birds. awspx is a graph-based tool for visualizing effective access and resource relationships within AWS. It resolves policy information to determine what actions affect which...
Pulsar - Network Footprint Scanner Platform - Discover Domains And Run Your Custom Checks Periodically
Pulsar is an automated network footprint scanner for Red Teams, Pentesters and Bounty Hunters. Its focused on discovery of organization public facing assets with minimal knowledge about its infrastructure. Along with network data visualization, it attempts to give a basic vulnerability score to...
GitLab EE/CE Access Control Error Vulnerability
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab Community and...
openSUSE: Security Advisory for cni, (openSUSE-SU-2020:0398-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2020-10952
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images...
CVE-2020-10952
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images...
Code injection
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images...
CVE-2020-10952
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images...
CVE-2020-10952
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images...
CVE-2020-10952
CVE-2020-10952 affects GitLab Community and Enterprise Editions (GitLab CE/EE) 8.11–12.9.1. An access control error allows blocked users to pull and push docker images, enabling unintended image access/manipulation. According to the linked advisories, GitLab released security updates fixing this ...
CVE-2020-10952
Removed by vendor...
vulhub
It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to be vulnerable to various types of attacks. The probable entry points are not specified, but the environments are likel...
PT-2020-12444 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE/CE versions 8.11 through 12.9.1 Description: The issue allows blocked users to pull and push Docker images. This is a significant concern as it bypasses the intended access restrictions for blocked users. Recommendations: For GitLab...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Arbitrary File Read when Moving an Issue Path Traversal in NPM Package Registry SSRF on Project Import External Users Can Create Personal Snippet Triggers Decription Can be Updated by Other Maintainers in Project Information Disclosure on Confidential Issues Moved to Private...
The vulnerability of the docker-compose-remote-api package from the package manager NPM allows a attacker to execute arbitrary commands.
The vulnerability of the docker-compose-remote-api package from the package manager NPM is related to insufficient validation of arguments passed in commands. Exploiting this vulnerability allows an attacker to execute arbitrary commands on the target system remotely...