18 matches found
Command Injection
Overview mcp-docker is a Model Context Protocol server for Docker management with AI assistants Affected versions of this package are vulnerable to Command Injection due to insufficient validation of list-format commands in the dockerexeccommand tool. The dockerexeccommand tool accepts a...
CVE-2025-6392
Brocade SANnav before Brocade SANnav 2.4.0a could log database passwords in clear text in audit logs when the daily data dump collector invokes docker exec commands. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server...
CVE-2025-6392
Brocade SANnav prior to version 2.4.0a exposes database passwords in cleartext in audit logs generated by the daily data dump collector when docker exec commands run. Logs reside on the host VM local audit logs and are not controlled by SANnav, only visible to the host admin. Affected release is ...
CVE-2025-6392 Daily Data Dump Collector logs database password in cleartext when running docker exec commands (CVE-2025-6392)
Brocade SANnav before Brocade SANnav 2.4.0a could log database passwords in clear text in audit logs when the daily data dump collector invokes docker exec commands. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server...
CVE-2025-6392 Daily Data Dump Collector logs database password in cleartext when running docker exec commands (CVE-2025-6392)
Brocade SANnav before Brocade SANnav 2.4.0a could log database passwords in clear text in audit logs when the daily data dump collector invokes docker exec commands. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server...
Broadcom Brocade SANnav 日志信息泄露漏洞
Broadcom Brocade SANnav is a storage area network management and automation software platform from Broadcom, Inc. A security vulnerability exists in Broadcom Brocade SANnav versions prior to 2.4.0a, which stems from a daily data dump collector that may record database passwords in plaintext to...
Brocade SANnav Vulnerability Disclosures
Brocade Security Advisories posted on March 3, 2026 CVEs addressed in SANnav 3.0.0 CVE-2025-53905, CVE-2025-53906 Path traversal issues in Vims tar.vim and zip.vim plugins PSIRT Risk: Low https://support.broadcom.com/external/content/SecurityAdvisories/0/37152 CVE-2025-26465 OpenSSH security upda...
SUSE CVE-2019-5736
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary and consequently obtain host root access by leveraging the ability to execute a command as root within one of these types of containers: 1 a new container with an...
Exploit for OS Command Injection in Docker
CVE-2019-5736 is a container escape vulnerability in Docker. The PoC Proof of Concept exploit for this vulnerability is available in the repository sekla/CVE-2019-5736-PoC. The exploit works by overwriting and executing the host system's runc binary from within the container. The exploit has two...
Container Privilege Escalation Vulnerability Affecting Cisco Products: February 2019
A vulnerability in the Open Container Initiative runc CLI tool used by multiple products could allow an unauthenticated, remote attacker to escalate privileges on a targeted system. The vulnerability exists because the affected software improperly handles file descriptors related to /proc/self/ex...
VMware product updates resolve mishandled file descriptor vulnerability in runc container runtime.
VMware product updates resolve mishandled file descriptor vulnerability in runc container runtime. Successful exploitation of this issue may allow a malicious container to overwrite the contents of a host's runc binary and execute arbitrary code. Exploitation of this vulnerability requires the...
CVE-2018-9862
util.c in runV 1.0.0 for Docker mishandles a numeric username, which allows attackers to obtain root access by leveraging the presence of an initial numeric value on an /etc/passwd line, and then issuing a "docker exec" command with that value in the -u argument, a similar issue to CVE-2016-3697...
CVE-2018-9862
util.c in runV 1.0.0 for Docker mishandles a numeric username, which allows attackers to obtain root access by leveraging the presence of an initial numeric value on an /etc/passwd line, and then issuing a "docker exec" command with that value in the -u argument, a similar issue to CVE-2016-3697...
Code injection
util.c in runV 1.0.0 for Docker mishandles a numeric username, which allows attackers to obtain root access by leveraging the presence of an initial numeric value on an /etc/passwd line, and then issuing a "docker exec" command with that value in the -u argument, a similar issue to CVE-2016-3697...
docker: insecure opening of file-descriptor allows privilege escalation
The runc component used by docker exec feature of docker allowed additional container processes to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain low-level access to these new processes during initialization. An attacker can,...
docker: insecure opening of file-descriptor allows privilege escalation
The runc component used by docker exec feature of docker allowed additional container processes to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain low-level access to these new processes during initialization. An attacker can,...
docker: insecure opening of file-descriptor allows privilege escalation
The runc component used by docker exec feature of docker allowed additional container processes to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain low-level access to these new processes during initialization. An attacker can,...
CVE-2016-9962
The runc component used by docker exec feature of docker allowed additional container processes to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain low-level access to these new processes during initialization. An attacker can,...