144 matches found
CVE-2025-0113
A problem with the network isolation mechanism of the Palo Alto Networks Cortex XDR Broker VM allows attackers unauthorized access to Docker containers from the host network used by Broker VM. This may allow access to read files sent for analysis and logs transmitted by the Cortex XDR Agent to th...
CVE-2025-0113
A problem with the network isolation mechanism of the Palo Alto Networks Cortex XDR Broker VM allows attackers unauthorized access to Docker containers from the host network used by Broker VM. This may allow access to read files sent for analysis and logs transmitted by the Cortex XDR Agent to th...
CVE-2025-0113 Cortex XDR Broker VM: Unauthorized Access to Broker VM Docker Containers
A problem with the network isolation mechanism of the Palo Alto Networks Cortex XDR Broker VM allows attackers unauthorized access to Docker containers from the host network used by Broker VM. This may allow access to read files sent for analysis and logs transmitted by the Cortex XDR Agent to th...
CVE-2025-0113
Summary: CVE-2025-0113 concerns the Palo Alto Networks Cortex XDR Broker VM where a flaw in the network isolation mechanism can let an attacker access Docker containers from the Broker VM’s host network, potentially reading analysis data and Cortex XDR logs. Affected component: Cortex XDR Broker ...
CVE-2025-0113 Cortex XDR Broker VM: Unauthorized Access to Broker VM Docker Containers
A problem with the network isolation mechanism of the Palo Alto Networks Cortex XDR Broker VM allows attackers unauthorized access to Docker containers from the host network used by Broker VM. This may allow access to read files sent for analysis and logs transmitted by the Cortex XDR Agent to th...
Cortex XDR Broker VM: Unauthorized Access to Broker VM Docker Containers
A problem with the network isolation mechanism of the Palo Alto Networks Cortex XDR Broker VM allows attackers unauthorized access to Docker containers from the host network used by Broker VM. This may allow access to read files sent for analysis and logs transmitted by the Cortex XDR Agent to th...
CVE-2024-24760
mailcow is a dockerized email package, with multiple containers linked in one bridged network. A security vulnerability has been identified in mailcow affecting versions 2024-01c. This vulnerability potentially allows attackers on the same subnet to connect to exposed ports of a Docker container,...
Privilege Escalation
github.com/rancher/rancher is vulnerable to Privilege Escalation. The vulnerability is due to the use of untrusted cluster or node drivers that run at a privileged level, allowing them to escape the chroot jail and gain unauthorized access to the Rancher container or, in the case of privileged...
CVE-2024-47182
Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches to bcrypt, a more appropriate hash for passwords, in version 8.5.3...
popup-builder < 4.2.6 - Admin+ SSRF & File Read
Description The plugin does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations. PoC 1. Create a multi-site wordpress setup, i.e. using docker-containers, and setup a second "site"...
CVE-2023-48311 Any image allowed by default
dockerspawner is a tool to spawn JupyterHub single user servers in Docker containers. Users of JupyterHub deployments running DockerSpawner starting with 0.11.0 without specifying DockerSpawner.allowedimages configuration allow users to launch any pullable docker image, instead of restricting to...
CVE-2023-48311
CVE-2023-48311 affects dockerspawner for JupyterHub deployments. Versions 0.11.0 through 12 (and up to 13 in some advisories) permit users to launch any pullable Docker image when DockerSpawner.allowed_images is not explicitly restricted, instead of only the configured image. Root cause: misconfi...
CVE-2023-48311 Any image allowed by default
dockerspawner is a tool to spawn JupyterHub single user servers in Docker containers. Users of JupyterHub deployments running DockerSpawner starting with 0.11.0 without specifying DockerSpawner.allowedimages configuration allow users to launch any pullable docker image, instead of restricting to...
ownCloud Phpinfo Reader Exploit
Docker containers of ownCloud compiled after February 2023, which have version 0.2.0 before 0.2.1 or 0.3.0 before 0.3.1 of the app graph installed contain a test file which prints phpinfo to an unauthenticated user. A post file name must be appended to the URL to bypass the login filter. Docker m...
so-widgets-bundle < 1.51.0 - Admin+ Local File Inclusion
Description The plugin does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite WordPress sites. 1. Create a multi-site wordpress setup, i.e. using docker-containers,...
Design/Logic Flaw
An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information...
CVE-2023-49103
An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information...
CVE-2023-20235
A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docke...
Design/Logic Flaw
A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docke...
CVE-2023-20235
A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docke...