PT-2025-33323 · Cisco · Cisco Asa +3

A vulnerability in the Internet Key Exchange Version 2 IKEv2 feature of Cisco IOS Software, IOS XE Software, Secure Firewall Adaptive Security Appliance ASA Software, and Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to trigger a memory leak, resultin...

Network Isolation Bypass

github.com/moby/moby is vulnerable to network isolation bypass. The vulnerability is due to Docker failing to re-create iptables rules isolating bridge networks after firewalld reload, which allows an attacker to access all ports of containers across different bridge networks on the same host,...

GO-2025-3830 Moby firewalld reload makes published container ports accessible from remote hosts in github.com/docker/docker

Moby firewalld reload makes published container ports accessible from remote hosts in github.com/docker/docker...

Linux Distros Unpatched Vulnerability : CVE-2025-38056

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fix UAF when reloading module hdagenericmachineselect appends -idisp ...

Improper Access Control

github.com/moby/moby is vulnerable to improper access control. The vulnerability is due to failure to recreate firewall rules blocking external access to containers after a firewalld reload, which allows an attacker to remotely access containers with ports published to localhost...

Linux Distros Unpatched Vulnerability : CVE-2024-26963

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: usb: dwc3-am62: fix module unload/reload behavior As runtime PM is enabled, the module can b...

Docker Engine < 25.0.13 / 26.0 < 28.0.0 Network Isolation Failure

The version of the Docker Engine Moby installed on the remote host is prior to 23.0.15 or 28.0.0. When firewalld reloads, Docker fails to re-create iptables rules that isolate bridge networks, allowing any container to access all ports on any other container across different bridge networks on th...

SUSE CVE-2025-54388

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. In versions 28.2.0 through 28.3.2, when the firewalld service is reloaded it removes all iptables rules including...

SUSE CVE-2025-54410

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby releases before 28.0.0. When firewalld reloads, Docker fails to re-create...

UBUNTU-CVE-2025-54410

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby releases before 28.0.0. When firewalld reloads, Docker fails to re-create...

CVE-2025-54388 Moby's Firewalld reload makes published container ports accessible from remote hosts

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. In versions 28.2.0 through 28.3.2, when the firewalld service is reloaded it removes all iptables rules including...

Moby 安全漏洞

Moby is an open source project of Moby Open Source. It aims to drive containerization of software and help the ecosystem mainstream container technology. A security vulnerability exists in Moby versions prior to 28.0.0 that stems from the failure to recreate iptables rules when firewalld is...

Moby 安全漏洞

Moby is an open source project of Moby Open Source. It aims to drive containerization of software and help the ecosystem mainstream container technology. A security vulnerability exists in Moby versions 28.2.0 through 28.3.2, which stems from the failure to recreate iptables rules when the...

GHSA-4VQ8-7JFC-9CVP Moby firewalld reload removes bridge network isolation

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component dockerd, which is developed as moby/moby is commonly referred to as Docker, or Docker...

SUSE CVE-2025-38298

In the Linux kernel, the following vulnerability has been resolved: EDAC/skxcommon: Fix general protection fault After loading i10nmedac which automatically loads skxedaccommon, if unload only i10nmedac, then reload it and perform error injection testing, a general protection fault may occur: mce...

DEBIAN-CVE-2025-38298

In the Linux kernel, the following vulnerability has been resolved: EDAC/skxcommon: Fix general protection fault After loading i10nmedac which automatically loads skxedaccommon, if unload only i10nmedac, then reload it and perform error injection testing, a general protection fault may occur: mce...

SUSE CVE-2025-38056

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fix UAF when reloading module hdagenericmachineselect appends -idisp to the tplg filename by allocating a new string with devmkasprintf, then stores the string right back into the global variable...

DEBIAN-CVE-2025-38056

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fix UAF when reloading module hdagenericmachineselect appends -idisp to the tplg filename by allocating a new string with devmkasprintf, then stores the string right back into the global variable...

DEBIAN-CVE-2025-38019

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumrouter: Fix use-after-free when deleting GRE net devices The driver only offloads neighbors that are constructed on top of net devices registered by it or their uppers which are all Ethernet. The device supports GR...

UBUNTU-CVE-2025-38066

In the Linux kernel, the following vulnerability has been resolved: dm cache: prevent BUGON by blocking retries on failed device resumes A cache device failing to resume due to mapping errors should not be retried, as the failure leaves a partially initialized policy object. Repeating the resume...