Amazon Linux 2 : docker (ALASDOCKER-2025-066)

The version of docker installed on the remote host is prior to 25.0.8-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2025-066 advisory. containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 wher...

Medium: docker

Issue Overview: containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container...

Medium: docker

Issue Overview: containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container...

Amazon Linux 2 : docker (ALASNITRO-ENCLAVES-2025-062)

The version of docker installed on the remote host is prior to 25.0.8-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2025-062 advisory. containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and...

CVE-2025-0495 affecting package docker-buildx for versions less than 0.14.0-5

CVE-2025-0495 affecting package docker-buildx for versions less than 0.14.0-5. A patched version of the package is available...

New Self-Spreading Malware Infects Docker Containers to Mine Dero Cryptocurrency

Misconfigured Docker API instances have become the target of a new malware campaign that transforms them into a cryptocurrency mining botnet. The attacks, designed to mine for Dero currency, is notable for its worm-like capabilities to propagate the malware to other exposed Docker instances and...

SUSE-SU-2025:20360-1 Security update for docker

This update for docker fixes the following issues: Update to docker-buildx v0.22.0: - CVE-2025-0495: buildx: credential leakage to telemetry endpoints when credentials allowed to be set as attribute values in cache-to/cache-from configuration bsc1239765. - CVE-2025-22868: golang.org/x/oauth2/jws:...

Security update for docker

This update for docker fixes the following issues: Update to docker-buildx v0.22.0: CVE-2025-0495: buildx: credential leakage to telemetry endpoints when credentials allowed to be set as attribute values in cache-to/cache-from configuration bsc1239765. CVE-2025-22868: golang.org/x/oauth2/jws:...

CVE-2025-5151

Defog.ai Introspect up to version 0.1.4 contains a code injection vulnerability in introspect/backend/tools/analysis_tools.py: execute_analysis_code_safely, caused by unsafe handling of the code argument. An attacker on the local host could exploit this without user interaction. A patch identifie...

PT-2025-22863 · Unknown · Defog-Ai Introspect

Name of the Vulnerable Software and Affected Versions: defog-ai introspect versions up to 0.1.4 Description: A critical vulnerability has been found in defog-ai introspect. This issue affects the execute analysis code safely function of the file introspect/backend/tools/analysis tools.py. The...

CVE-2025-47290 vulnerabilities

Vulnerabilities for packages: neuvector-scanner, docker-compose...

GHSA-CM76-QM8V-3J95 vulnerabilities

Vulnerabilities for packages: neuvector-scanner, docker-compose...

CVE-2025-47290 vulnerabilities

Vulnerabilities for packages: docker-compose-fips, neuvector-fips, docker-compose, neuvector-scanner, neuvector...

GHSA-CM76-QM8V-3J95 vulnerabilities

Vulnerabilities for packages: docker-compose-fips, neuvector-fips, docker-compose, neuvector-scanner, neuvector...

CVE-2024-4159

Brocade SANnav before v2.3.0a lacks protection mechanisms on port 2377/TCP and 7946/TCP, which could allow an unauthenticated attacker to sniff the SANnav Docker information...

CVE-2024-29963

Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker. Note: Brocade SANnav doesn't have access to remote Docker registries...

CVE-2024-23756

The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 5221, allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them...

CVE-2024-23054

An issue in Plone Docker Official Image 5.2.13 5221 open-source software that could allow for remote code execution due to a package listed in ++plone++static/components not existing in the public package index npm...

CVE-2024-23055

An issue in Plone Docker Official Image 5.2.13 5221 open-source software allows for remote code execution via improper validation of input by the HOST headers...

CVE-2024-29967

In Brocade SANnav before Brocade SANnav v2.31 and v2.3.0a, it was observed that Docker instances inside the appliance have insecure mount points, allowing reading and writing access to sensitive files. The vulnerability could allow a sudo privileged user on the host OS to read and write access to...