Lucene search
+L

144 matches found

osv
osv
added 2025/08/12 12:15 p.m.4 views

CVE-2025-40766

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V3.0. The affected application runs docker containers without adequate resource and security limitations. This could allow an attacker to perform a denial-of-service DoS attack...

6.8CVSS5.7AI score0.00178EPSS
Exploits0References1
osv
osv
added 2025/08/12 12:15 p.m.5 views

CVE-2025-40767

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V3.0. The affected application runs docker containers without adequate security controls to enforce isolation. This could allow an attacker to gain elevated access, potentially accessing sensitive host...

7.8CVSS5.7AI score0.00129EPSS
Exploits0References1
cve
cve
added 2025/08/12 11:17 a.m.37 views

CVE-2025-40766

The CVE-2025-40766 vulnerability affects Siemens SINEC Traffic Analyzer versions prior to 3.0. The issue arises from docker containers running with insufficient resource and security limitations, enabling a local attacker to perform a denial-of-service (DoS) attack. Evidence across multiple sourc...

6.8CVSS7AI score0.00178EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2025/08/12 11:17 a.m.3 views

CVE-2025-40766

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V3.0. The affected application runs docker containers without adequate resource and security limitations. This could allow an attacker to perform a denial-of-service DoS attack...

6.8CVSS7AI score0.00178EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/08/12 12:0 a.m.6 views

PT-2025-32661

Name of the Vulnerable Software and Affected Versions: SINEC Traffic Analyzer versions prior to 3.0 Description: The application runs docker containers without adequate resource and security limitations, which could allow an attacker to perform a denial-of-service DoS attack. Recommendations:...

6.8CVSS6.4AI score0.00178EPSS
Exploits0References6
thn
thn
added 2025/07/31 1:47 p.m.7 views

N. Korean Hackers Used Job Lures, Cloud Account Access, and Malware to Steal Millions in Crypto

The North Korea-linked threat actor known as UNC4899 has been attributed to attacks targeting two different organizations by approaching their employees via LinkedIn and Telegram. "Under the guise of freelance opportunities for software development work, UNC4899 leveraged social engineering...

7.8AI score
Exploits0
nvd
nvd
added 2025/07/30 2:15 p.m.5 views

CVE-2025-54388

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. In versions 28.2.0 through 28.3.2, when the firewalld service is reloaded it removes all iptables rules including...

5.1CVSS0.00215EPSS
Exploits0References3
debiancve
debiancve
added 2025/07/30 1:24 p.m.12 views

CVE-2025-54388

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. In versions 28.2.0 through 28.3.2, when the firewalld service is reloaded it removes all iptables rules including...

5.1CVSS5.9AI score0.00215EPSS
Exploits0
osv
osv
added 2025/07/30 7:52 a.m.2 views

SUSE-SU-2025:02366-2 Security update for docker

This update for docker fixes the following issues: Update to Docker 28.2.2-ce bsc1243833, bsc1242114: - CVE-2025-22872: golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction bsc1241830. Other bugfixes: - Always clear SUSEConnect sus...

6.5CVSS7.7AI score0.00478EPSS
Exploits0References7
redhatcve
redhatcve
added 2025/07/25 2:29 p.m.6 views

CVE-2017-20198

The Marathon UI in DC/OS 1.9.0 allows unauthenticated users to deploy arbitrary Docker containers. Due to improper restriction of volume mount configurations, attackers can deploy a container that mounts the host's root filesystem / with read/write privileges. When using a malicious Docker image,...

9.3CVSS8AI score0.0076EPSS
Exploits0References1
nvd
nvd
added 2025/07/23 2:15 p.m.9 views

CVE-2017-20198

The Marathon UI in DC/OS 1.9.0 allows unauthenticated users to deploy arbitrary Docker containers. Due to improper restriction of volume mount configurations, attackers can deploy a container that mounts the host's root filesystem / with read/write privileges. When using a malicious Docker image,...

9.3CVSS0.0076EPSS
Exploits0References5
cve
cve
added 2025/07/23 1:50 p.m.18 views

CVE-2017-20198

CVE-2017-20198 affects DC/OS Marathon UI

9.3CVSS7.3AI score0.0076EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2025/07/23 12:0 a.m.6 views

PT-2025-30583 · Mesosphere +1 · Marathon +2

Name of the Vulnerable Software and Affected Versions: DC/OS versions prior to 1.9.0 Description: The Marathon UI in DC/OS allows unauthenticated users to deploy arbitrary Docker containers. Improper restriction of volume mount configurations allows attackers to deploy a container that mounts the...

9.3CVSS7.3AI score0.0076EPSS
Exploits0References7
redhatcve
redhatcve
added 2025/07/10 3:27 p.m.7 views

CVE-2025-53372

node-code-sandbox-mcp is a Node.js–based Model Context Protocol server that spins up disposable Docker containers to execute arbitrary JavaScript. Prior to 1.3.0, a command injection vulnerability exists in the node-code-sandbox-mcp MCP Server. The vulnerability is caused by the unsanitized use o...

7.5CVSS8.8AI score0.01053EPSS
Exploits0References1
nvd
nvd
added 2025/07/08 3:15 p.m.8 views

CVE-2025-53372

node-code-sandbox-mcp is a Node.js–based Model Context Protocol server that spins up disposable Docker containers to execute arbitrary JavaScript. Prior to 1.3.0, a command injection vulnerability exists in the node-code-sandbox-mcp MCP Server. The vulnerability is caused by the unsanitized use o...

7.5CVSS0.01053EPSS
Exploits0References2
osv
osv
added 2025/07/08 2:54 p.m.11 views

CVE-2025-53372 node-code-sandbox-mcp has a Sandbox Escape via Command Injection

node-code-sandbox-mcp is a Node.js–based Model Context Protocol server that spins up disposable Docker containers to execute arbitrary JavaScript. Prior to 1.3.0, a command injection vulnerability exists in the node-code-sandbox-mcp MCP Server. The vulnerability is caused by the unsanitized use o...

7.5CVSS8.8AI score0.01053EPSS
Exploits0References4
thn
thn
added 2025/05/27 4:23 p.m.20 views

New Self-Spreading Malware Infects Docker Containers to Mine Dero Cryptocurrency

Misconfigured Docker API instances have become the target of a new malware campaign that transforms them into a cryptocurrency mining botnet. The attacks, designed to mine for Dero currency, is notable for its worm-like capabilities to propagate the malware to other exposed Docker instances and...

8AI score
Exploits0
redhatcve
redhatcve
added 2025/05/23 4:53 a.m.10 views

CVE-2023-20235

A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docke...

8.8CVSS6.9AI score0.00509EPSS
Exploits0References1
nvd
nvd
added 2025/04/16 9:15 a.m.14 views

CVE-2024-22036

A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the chroot jail and gain root access to the Rancher container itself. In production environments, further privilege escalation is possible based on living off the land within the Rancher...

9.1CVSS0.0073EPSS
Exploits0References2
nvd
nvd
added 2025/04/10 12:15 p.m.50 views

CVE-2025-32755

In jenkins/ssh-slave Docker images based on Debian, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SSH...

9.1CVSS0.00466EPSS
Exploits0References1
Rows per page
Query Builder