Request a Demo

You can still request to
join our Private Beta. * E-mail is mandatory.

Aqua Blog

"Jack-in-the-Box" Vulnerability When Unpacking Images (CVE-2018-8115)

jack-in-the-box-cve.png

Last week, Michael Hanselmann published details of a remote code execution vulnerability (CVE-2018-8115) that impacts Docker for Windows. As he described it: “Docker for Windows uses the Windows[…]

eBPF Vulnerability (CVE-2017-16995): When the Doorman Becomes the Backdoor

ebpf vulnerability backdoor

Co-written by Nahman Khayet and Michael Cherny

eBPF Verifier Bypass Vulnerability

Around the last week of December a tweet by Bruce Leidl caught our eyes, since it said “Straight up unlimited R/W[…]

Do Containers Provide Better Protection Against Meltdown and Spectre?

meltdown_bg.png

About Meltdown and Spectre

Following the trend of ‘branding’ vulnerabilities, Meltdown and Spectre vulnerabilities (CVE-2017-5754, CVE-2017-5753, and CVE-2017-5715) are ‘brand’ names given to[…]

Survey Reveals: Detecting Vulnerabilities in Images and Managing Secrets Are Top Focus

Container Security in The Enterprise Survey- Detecting Vulnerabilities in Images and Secrets Management Are Top Focus Areas – For Now (2).png

Last month at DockerCon Europe we learned that container adoption is rising to a whole new level with 24 billion container downloads and 77K% growth in Docker job listings. This is when Docker[…]

Bugs Gone Wild: Container (Stack) Clash and CVE-2017-1000253

stackclash bugs.png

A “Stack Clash” is a vulnerability in the memory management of several operating systems, including Linux. It can be exploited by attackers to corrupt memory of a privileged process in order to […]

BlackHat 2017: Multi-Stage Attack Targeting Container Developers, Presented by Aqua

Blackhat 2017

In just about a week we will be live on stage at BlackHat 2017 with this tersely titled talk: Well that Escalated Quickly! How Abusing Docker API Led to Remote Code Execution Same Origin Bypass and[…]

CVE-2016-9962: Run Container Run

BLog runc CVE
RunC Like the Wind

Recently, an interesting vulnerability was discovered (CVE-2016-9962) that enables container escape to the host. The vulnerability stems from a bug found in opencontainers' runc[…]

Cisco CloudCenter Orchestrator Docker Privilege Escalation Vulnerability Explained

blog-cisco-banner.png

Cisco announced a few days ago that it discovered and fixed a critical vulnerability in its CloudCenter Orchestrator, whereby a misconfiguration caused the Docker Engine management port to be[…]

The Year That Was (Almost) - 10 Milestones in The Container Ecosystem

10 Milestones in The Container Ecosystem

2016 was a big year for the virtual container space, and 2017 looks even more promising. The industry saw tremendous growth and continues to evolve at a rapid pace. Containers, being still[…]

Dirty COW Vulnerability: Impact on Containers

Dirty COW Vulnerability

There has been plenty of buzz lately regarding an old-new privilege escalation vulnerability, adorably named “Dirty COW” after the Copy-On-Write memory protection in the Linux kernel. The whole[…]

Subscribe to Email Updates

Filter by Topic

Show more...