SUSE-SU-2025:02913-1 Security update for docker

This update for docker fixes the following issues: - Update to Docker 28.3.3-ce. - CVE-2025-54388: Fixed a bug where firewalld when reloaded can make published container ports accessible from remote hosts. bsc1247367...

Linux Distros Unpatched Vulnerability : CVE-2025-54388

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstre...

Linux Distros Unpatched Vulnerability : CVE-2025-54410

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstre...

OPENSUSE-SU-2025:15463-1 docker-machine-driver-kvm2-1.36.0-2.1 on GA media

These are all security issues fixed in the docker-machine-driver-kvm2-1.36.0-2.1 package on the GA media of openSUSE Tumbleweed...

GHSA-MGH9-4MWP-FG55 OpenFGA Authorization Bypass

Overview OpenFGA v1.9.3 to v1.9.4 openfga-0.2.40 = Helm chart = openfga-0.2.41, v1.9.3 = docker = v.1.9.4 are vulnerable to improper policy enforcement when certain Check and ListObject calls are executed. Am I Affected? You are affected by this vulnerability if you are using OpenFGA v1.9.3 to...

Linux Distros Unpatched Vulnerability : CVE-2021-41092

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running docker login...

CVE-2025-54410 vulnerabilities

Vulnerabilities for packages: openbao, rancher-agent, lazydocker, falcoctl, crossplane, kpt, newrelic-infrastructure-agent, promxy, kubeflow-katib, helm-set-status, docker-credential-gcr, helm-mapkubeapis, bom, harbor-scanner-trivy, cluster-api-helm-controller, portieris, rancher,...

GHSA-4VQ8-7JFC-9CVP vulnerabilities

Vulnerabilities for packages: beats-fips, prometheus, gatekeeper, openbao-fips, falcoctl, harbor-scanner-trivy-fips, k3d, kube-arangodb-fips, neuvector-scanner-fips, cluster-api-helm-controller-fips, newrelic-infrastructure-agent, openbao, promxy-fips, helm-set-status, rancher-agent, cluster-api,...

Malicious code in setup-docker (npm)

The package setup-docker was found to contain malicious code...

Malicious code in @marcos_feitoza/docker-image (npm)

The package @marcosfeitoza/docker-image was found to contain malicious code...

MAL-2025-9092 Malicious code in @marcos_feitoza/docker-image (npm)

The package @marcosfeitoza/docker-image was found to contain malicious code...

MAL-2025-33024 Malicious code in setup-docker (npm)

The package setup-docker was found to contain malicious code...

CVE-2025-40766

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V3.0. The affected application runs docker containers without adequate resource and security limitations. This could allow an attacker to perform a denial-of-service DoS attack...

Researchers Spot XZ Utils Backdoor in Dozens of Docker Hub Images, Fueling Supply Chain Risks

New research has uncovered Docker images on Docker Hub that contain the infamous XZ Utils backdoor, more than a year after the discovery of the incident. More troubling is the fact that other images have been built on top of these infected base images, effectively propagating the infection furthe...

CVE-2025-40767

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V3.0. The affected application runs docker containers without adequate security controls to enforce isolation. This could allow an attacker to gain elevated access, potentially accessing sensitive host...

CVE-2025-40766

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V3.0. The affected application runs docker containers without adequate resource and security limitations. This could allow an attacker to perform a denial-of-service DoS attack...

CVE-2025-40767

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V3.0. The affected application runs docker containers without adequate security controls to enforce isolation. This could allow an attacker to gain elevated access, potentially accessing sensitive host...

CVE-2025-40766

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V3.0. The affected application runs docker containers without adequate resource and security limitations. This could allow an attacker to perform a denial-of-service DoS attack...

CVE-2025-40767

CVE-2025-40767 affects Siemens SINEC Traffic Analyzer (versions prior to 3.0). All connected sources consistently describe a weakness where the application runs docker containers without adequate isolation, enabling an attacker with local access to potentially gain elevated privileges and access ...

CVE-2025-40767

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V3.0. The affected application runs docker containers without adequate security controls to enforce isolation. This could allow an attacker to gain elevated access, potentially accessing sensitive host...