Fedora: Security Advisory (FEDORA-2025-464c59df2a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2025-6ddb790d26)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 41 : docker-buildx (2025-464c59df2a)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-464c59df2a advisory. - Update package to release v0.24.0 - Resolve: rhbz2366388, rhbz2360632 - Upstream fixes and changes Tenable has extracted the preceding description block...

GHSA-WXR5-93PH-8WR9 vulnerabilities

Vulnerabilities for packages: apache-nifi, cassandra-reaper, wildfly, celeborn, opensearch, jenkins-plugin-manager, apicurio-registry, spdx-tools-java, strimzi-kafka-operator, trino, apache-activemq-artemis, tez, akhq, jenkins, sonarqube, confluent-common-docker, kafka...

CVE-2025-48734 vulnerabilities

Vulnerabilities for packages: confluent-kafka-jre-bcfips, akhq, apicurio-registry, ghidra, tez, apache-nifi, confluent-common-docker, trino, jenkins, strimzi-kafka-operator, celeborn, jenkins-plugin-manager, prometheus-jmx-exporter, neo4j, opensearch, kafka, camunda-zeebe, cassandra-reaper,...

Medium: docker

Issue Overview: containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container...

Medium: docker

Issue Overview: containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container...

Important: runfinch-finch

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

Amazon Linux 2 : docker (ALASDOCKER-2025-066)

The version of docker installed on the remote host is prior to 25.0.8-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2025-066 advisory. containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 wher...

Amazon Linux 2 : docker (ALASNITRO-ENCLAVES-2025-062)

The version of docker installed on the remote host is prior to 25.0.8-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2025-062 advisory. containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and...

CVE-2025-0495 affecting package docker-buildx for versions less than 0.14.0-5

CVE-2025-0495 affecting package docker-buildx for versions less than 0.14.0-5. A patched version of the package is available...

New Self-Spreading Malware Infects Docker Containers to Mine Dero Cryptocurrency

Misconfigured Docker API instances have become the target of a new malware campaign that transforms them into a cryptocurrency mining botnet. The attacks, designed to mine for Dero currency, is notable for its worm-like capabilities to propagate the malware to other exposed Docker instances and...

SUSE-SU-2025:20360-1 Security update for docker

This update for docker fixes the following issues: Update to docker-buildx v0.22.0: - CVE-2025-0495: buildx: credential leakage to telemetry endpoints when credentials allowed to be set as attribute values in cache-to/cache-from configuration bsc1239765. - CVE-2025-22868: golang.org/x/oauth2/jws:...

Security update for docker

This update for docker fixes the following issues: Update to docker-buildx v0.22.0: CVE-2025-0495: buildx: credential leakage to telemetry endpoints when credentials allowed to be set as attribute values in cache-to/cache-from configuration bsc1239765. CVE-2025-22868: golang.org/x/oauth2/jws:...

CVE-2025-5151

Defog.ai Introspect up to version 0.1.4 contains a code injection vulnerability in introspect/backend/tools/analysis_tools.py: execute_analysis_code_safely, caused by unsafe handling of the code argument. An attacker on the local host could exploit this without user interaction. A patch identifie...

PT-2025-22863 · Unknown · Defog-Ai Introspect

Name of the Vulnerable Software and Affected Versions: defog-ai introspect versions up to 0.1.4 Description: A critical vulnerability has been found in defog-ai introspect. This issue affects the execute analysis code safely function of the file introspect/backend/tools/analysis tools.py. The...

CVE-2025-47290 vulnerabilities

Vulnerabilities for packages: neuvector-scanner, docker-compose...

GHSA-CM76-QM8V-3J95 vulnerabilities

Vulnerabilities for packages: neuvector-scanner, docker-compose...

CVE-2025-47290 vulnerabilities

Vulnerabilities for packages: neuvector, docker-compose-fips, neuvector-scanner, docker-compose, neuvector-fips...

GHSA-CM76-QM8V-3J95 vulnerabilities

Vulnerabilities for packages: neuvector, docker-compose-fips, neuvector-scanner, docker-compose, neuvector-fips...