CVE-2018-12608

Docker Moby before 17.06.0 is affected by a TLS authentication flaw: the engine validates client certificates against both the configured CA and system roots (on non‑Windows). This lets a client presenting a certificate signed by any system‑trusted root CA authenticate, instead of only certificat...

CVE-2018-12608

An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root...

PT-2018-11289 · Docker · Docker Moby +1

Name of the Vulnerable Software and Affected Versions: Docker Moby versions prior to 17.06.0 Description: An issue was discovered where the Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allow...

htrace.sh - Simple Shell Script To Debugging HTTP/HTTPS Traffic Tracing, Response Headers And Mixed-Content

htrace.sh is a shell script that allows you to validate your domain configuration and catch any errors e.g. redirect loops. It also displays basic information about the ssl configuration if available, response headers, checks for mixed content and performs security scans using Nmap scripts and...

Docker for Windows Installed

Binary data dockerforwindowsinstalled.nbin...

Docker for Windows stable < 18.06.0-ce-win70 / edge < 18.06.0-ce-rc3-win68 Remote Privilege Escalation Vulnerability

The version of Docker for Windows installed on the remote Windows host is stable channel 18.06.0-ce-win70 or edge channel 18.06.0-ce-rc3-win68. It is, therefore, affected by a remote privilege escalation vulnerability. C Tenable Network Security, Inc. include'compat.inc'; if description...

Amazon Linux AMI : docker (ALAS-2018-1071)

The default OCI Linux spec in oci/defaultslinux.go in Docker/Moby, from 1.11 to current, does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling Bluetooth or turning up/down keyboard brightness.CVE-2018-10892 C Tenable Network Security,...

Docker for Windows Detection (Windows SMB Login)

SMB login-based detection of Docker for Windows. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Docker for Windows Privilege Escalation Vulnerability (Aug 2018)

Docker for Windows is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CLI for Ephemeral Penetration Testing: hideNsneak

This application assists in managing attack infrastructure for penetration testers by providing an interface to rapidly deploy, manage, and take down various cloud services. These include VMs, domain fronting, Cobalt Strike servers, API gateways, and firewalls. hideNsneak provides a simple...

Vulners Scanner - Vulnerability Scanner Based On Vulners.Com Audit API

PoC of a host-based vulnerability scanner, which uses vulners.com API. Detects operating system, collects installed packages and checks vulnerabilities in it. Supported OS Currently support collecting packages for these operating systems: Debian-based debian, kali, ubuntu Rhel-based redhat, cento...

Medium: docker

Issue Overview: The default OCI Linux spec in oci/defaultslinux.go in Docker/Moby, from 1.11 to current, does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling Bluetooth or turning up/down keyboard brightness.CVE-2018-10892 Affected...

Policy Bypass

github.com/twistlock/authz is vulnerable to policy bypass attacks. The vulnerability exists due to the usage of weak regular expressions to control the access of docker commands through URL, allowing policy bypass attacks...

Design/Logic Flaw

HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 edge and before 18.06.0-ce-win72 stable deserialized requests over the \.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the "docker-users"...

CVE-2018-15514

HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 edge and before 18.06.0-ce-win72 stable deserialized requests over the \.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the "docker-users"...

CVE-2018-15514

HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 edge and before 18.06.0-ce-win72 stable deserialized requests over the \.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the "docker-users"...

CVE-2018-15514

HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 edge and before 18.06.0-ce-win72 stable deserialized requests over the \.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the "docker-users"...

CVE-2018-15514

Docker for Windows is affected by CVE-2018-15514 due to HandleRequestAsync deserialization of untrusted data over the dockerBackend NamedPipe, allowing local privilege escalation to SYSTEM for users in the docker-users group. Affected builds are stable &lt; 18.06.0-ce-win70 and edge

Securing Container Deployments with Qualys

With container adoption booming, security teams must protect the applications that DevOps teams create and deploy using this method of OS virtualization. The security must be comprehensive across the entire container lifecycle, and built into the DevOps pipeline in a way that is seamless and...

Exploit for CVE-2018-11776

S2-057-CVE-2018-11776 A simple exploit for Apache Struts RCE S...