CVE-2021-33574

CVE-2021-33574 The mq_notify function in the GNU C Library (aka glibc) versions 232 and 233 has a use-after-free It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact authentication complexity vector

CVE-2021-33574 Proof-of-Concept (PoC) script to exploit CVE-2021-33574 Usage Achieves exploitation of CVE-2021-33574 chmod +x CVE-2021-33574sh sudo /CVE-2021-33574sh -c <TargetIP> sudo /CVE-2021-33574sh -l <ListoFIPs>

CKS Notes Handy notes can be also find here: githubcom/dragon7-fc/misc/tree/1385c4a2e4719b9aa914c3b274c2877f7305d11e Test k8s cluster using Vagrant Prepare the test environment - Kubernetes cluster with 1 master node and one worker node using Vagrant + VirtualBox: git clone git@githubcom:kodekloudhub/certified-kubernetes-administrator-coursegit cd certified-kubernet

CVE-2021-38604 In librt in the GNU C Library (aka glibc) through 234, sysdeps/unix/sysv/linux/mq_notifyc mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix authentication complexity vector NONE LOW NETWORK confidentiality integrity availability NONE

OPA policies to fail if severity is Critical or CVSS 3x score is 90 for some quick test Generate grype json output for an arbitrary image grype -o json gcrio/distroless/java:11 > grype-distroless-java-11-vulnsjson Generate JSON file schema (used extendsclasscom/json-schema-validatorhtml) This allows to catch typos when writing rego and trying keys that

ochacafe-s5-3 Ochacafe5 #3 Kubernetes Security デモ環境の構築方法、資材置き場です。 Kubernetes Cluster 構築 事前に以下のスペックで仮想マシンを作成して、SSHログイン可能な状態にしておきます。 VCNのセキュリティリストで「10000/16」TCP 全てのプロトコルを許可しておきます。 以下手順は全�

Publish Security Scans Deprecation Notice This project is no longer actively maintained, and has had some deficiencies for sometime now If anyone is interested to implement the action logic on their own or fork the repo then feel free to do so This action may be archived in the future, but it will still be consumable in the workflows Just that it won't be maintained in

audit-exporter Installation Prebuild multiarch binaries are availabe for Linux only: curl -L githubcom/thegeeklab/audit-exporter/releases/download/v010/audit-exporter-010-linux-amd64 > /usr/local/bin/audit-exporter chmod +x /usr/local/bin/audit-exporter audit-exporter --help Build Build the binary from source with

log4jnotes solr grype solr | grep -i 2021 ✔ Vulnerability DB [no update available] ✔ Pulled image ✔ Loaded image ✔ Parsed image ✔ Cataloged packages [503 packages] ✔ Scanned image [186 vulnerabilities] commons-io 25 CVE-2021-29425 Medium curl 7740-13+b1 (won

Exercises from the most feared crypto exchange on the seven seas ex1 I found the uphold/docker-litecoin-core docker image on Docker Hub I had to build it, as the debian images have Critical vulnerabilities - and I wanted to play with it a bit I used ubuntu 2004 (LTS) image instead which has newer versions of the packages which fail the scan for the debian one - anchore/gryp

spring-boot-app-with-log4j-vuln git clone git@gitlabengvmwarecom:vulnerability-scanning-enablement/spring-boot-app-with-log4j-vulngit cd spring-boot-app-with-log4j-vuln/ Run Source Scan /mvnw install grype dir: Sample Source Scan Results spring-boot-app-with-log4j-vuln $ grype dir: ✔ Vulnera

spring-boot-app-using-gradle Run Source Scan /gradlew build grype dir: Sample Source Scan Results $ grype dir: ✔ Vulnerability DB [no update available] ✔ Indexed ✔ Cataloged packages [20 packages] ✔ Scanned image [2 vulnerabilities] NAME INSTALLED FIXED-IN VULNERABILITY SEVERITY log4j-