CVE-2025-40766

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V3.0. The affected application runs docker containers without adequate resource and security limitations. This could allow an attacker to perform a denial-of-service DoS attack...

CVE-2025-40766

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V3.0. The affected application runs docker containers without adequate resource and security limitations. This could allow an attacker to perform a denial-of-service DoS attack...

CVE-2025-40766

The CVE-2025-40766 vulnerability affects Siemens SINEC Traffic Analyzer versions prior to 3.0. The issue arises from docker containers running with insufficient resource and security limitations, enabling a local attacker to perform a denial-of-service (DoS) attack. Evidence across multiple sourc...

Network Isolation Bypass

github.com/moby/moby is vulnerable to network isolation bypass. The vulnerability is due to Docker failing to re-create iptables rules isolating bridge networks after firewalld reload, which allows an attacker to access all ports of containers across different bridge networks on the same host,...

Siemens SINEC Traffic Analyzer 安全漏洞

Siemens SINEC Traffic Analyzer is a network traffic analysis tool from Siemens Germany. A security vulnerability exists in Siemens SINEC Traffic Analyzer versions prior to V3.0, which stems from insufficient docker container isolation controls and could lead to elevated privileges...

Siemens SINEC Traffic Analyzer 资源管理错误漏洞

Siemens SINEC Traffic Analyzer is a network traffic analysis tool from Siemens Germany. A resource management error vulnerability exists in Siemens SINEC Traffic Analyzer versions prior to V3.0, which stems from insufficient resource limitations in docker containers and could lead to a denial of...

PT-2025-32661

Name of the Vulnerable Software and Affected Versions: SINEC Traffic Analyzer versions prior to 3.0 Description: The application runs docker containers without adequate resource and security limitations, which could allow an attacker to perform a denial-of-service DoS attack. Recommendations:...

Linux Distros Unpatched Vulnerability : CVE-2024-41110

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine,...

Jenkins ssh-agent Docker Image < 6.11.2 SSH Host Key Reuse

According to their self-reported version numbers, the jenkins/ssh-agent docker containers running on the remote web server are affected by an SSH host key reuse vulnerability. In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on...

Jenkins ssh-slave Docker Image SSH Host Key Reuse

According to their self-reported version numbers, the jenkins/ssh-slave docker containers running on the remote web server are affected by an SSH host key reuse vulnerability. In jenkins/ssh-slave Docker images, SSH host keys are generated on image creation for images based on Debian, causing all...

GO-2025-3829 Moby firewalld reload removes bridge network isolation in github.com/docker/docker

Moby firewalld reload removes bridge network isolation in github.com/docker/docker...

GO-2025-3830 Moby firewalld reload makes published container ports accessible from remote hosts in github.com/docker/docker

Moby firewalld reload makes published container ports accessible from remote hosts in github.com/docker/docker...

GHSA-J5PM-7495-QMR3 vulnerabilities

Vulnerabilities for packages: prometheus-postgres-exporter, beats-fips, helm-set-status, jaeger-operator-fips, kubo, openfga, velero-fips, aws-flb-kinesis-fips, kyverno-policy-reporter, ip-masq-agent, cert-manager-csi-driver-fips, apache-exporter, kubecolor, aws-otel-collector-fips, mods,...

[SECURITY] Fedora 41 Update: moby-engine-28.3.3-1.fc41

Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between =E2=80=94 and...

[SECURITY] Fedora 42 Update: moby-engine-28.3.3-1.fc42

Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between =E2=80=94 and...

SUSE CVE-2025-6624

Versions of the package snyk before 1.1297.3 are vulnerable to Insertion of Sensitive Information into Log File through local Snyk CLI debug logs. Container Registry credentials provided via environment variables or command line arguments can be exposed when executing Snyk CLI in DEBUG or...

Docker Engine 28.2 < 28.3.3 Local Docker Ports Exposed to Network

The version of the Docker Engine Moby installed on the remote host is between 28.2.0 to 28.3.2 It is therefore affected by an vulnerability that exposes local ports to the network. When the firewalld service is reloaded it removes all iptables rules including those created by Docker. While Docker...

Docker Engine < 25.0.13 / 26.0 < 28.0.0 Network Isolation Failure

The version of the Docker Engine Moby installed on the remote host is prior to 23.0.15 or 28.0.0. When firewalld reloads, Docker fails to re-create iptables rules that isolate bridge networks, allowing any container to access all ports on any other container across different bridge networks on th...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Imagemagick

CVE-2022-44268 🧙‍♂️ CVE-2022-44268 ImageMagick Arbitrary File...

N. Korean Hackers Used Job Lures, Cloud Account Access, and Malware to Steal Millions in Crypto

The North Korea-linked threat actor known as UNC4899 has been attributed to attacks targeting two different organizations by approaching their employees via LinkedIn and Telegram. "Under the guise of freelance opportunities for software development work, UNC4899 leveraged social engineering...