Vasion Print Virtual Appliance Host 安全漏洞

Vasion Print Virtual Appliance Host is a print management software from Vasion USA. A security vulnerability exists in Vasion Print Virtual Appliance Host versions prior to 22.0.862, which stems from the inclusion of private keys and hard-coded passwords in the Docker image, which could allow an...

PT-2025-39879

Name of the Vulnerable Software and Affected Versions Vasion Print versions prior to 22.0.862 Vasion Print Application versions prior to 20.0.2014 Description The Vasion Print Virtual Appliance Host and Application contain Docker images with a private GPG key and its passphrase stored in cleartex...

Important: amazon-ssm-agent

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

CVE-2025-10657

In a hardened Docker environment, with Enhanced Container Isolation ECI https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/ enabled, an administrator can utilize the command restrictions feature...

ICS-SimLab: A Containerized Approach for Simulating Industrial Control Systems for Cyber Security Research

Industrial Control Systems ICSs are complex interconnected systems used to manage process control within industrial environments, such as chemical processing plants and water treatment facilities. As the modern industrial environment moves towards Internet-facing services, ICSs face an increased...

CVE-2025-10657

In a hardened Docker environment, with Enhanced Container Isolation ECI https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/ enabled, an administrator can utilize the command restrictions feature...

CVE-2025-10657

Docker Desktop 4.46.0 with Enhanced Container Isolation (ECI) enabled is affected by a bug where the command restrictions configuration passed to ECI is ignored, allowing any command to execute on the Docker socket. This creates a container-escape risk for containers explicitly permitted to mount...

CVE-2025-10657 Docker Desktop with ECI Fails to Enforce Socket Command Restrictions

In a hardened Docker environment, with Enhanced Container Isolation ECI https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/ enabled, an administrator can utilize the command restrictions feature...

CVE-2025-10657 Docker Desktop with ECI Fails to Enforce Socket Command Restrictions

In a hardened Docker environment, with Enhanced Container Isolation ECI https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/ enabled, an administrator can utilize the command restrictions feature...

Malicious code in autobahn-testsuite-docker (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-47844 Malicious code in autobahn-testsuite-docker (npm)

The package communicates with a domain associated with malicious activity...

PT-2025-39690

Name of the Vulnerable Software and Affected Versions Docker Desktop version 4.46.0 Description A software bug in Docker Desktop allowed the configuration for restricting commands to be ignored when passed to Enhanced Container Isolation ECI. This granted excessive privileges by permitting...

Docker Desktop 安全漏洞

Docker Desktop is a desktop software for lightweight deployment of applications based on container technology from Docker Inc. in the United States. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...

Exploit for Command Injection in Snowflake Snowflake_Connector

Snowflake Connector CVE-2025-24793 PoC This repository contai...

ShadowV2 Botnet Uses Misconfigured AWS Docker for DDoS-For-Hire Service

Darktrace researchers have uncovered ShadowV2, a new botnet that operates as a DDoS-for-hire service by infecting misconfigured Docker containers on AWS cloud servers...

SUSE-SU-2025:03271-1 Security update for busybox, busybox-links

This update for busybox, busybox-links fixes the following issues: Updated to version 1.37.0 jscPED-13039: - CVE-2023-42363: Fixed use-after-free vulnerability in xasprintf function in xfuncsprintf.c bsc1217580 - CVE-2023-42364: Fixed use-after-free in the awk.c evaluate function bsc1217584 -...

ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service

Cybersecurity researchers have disclosed details of a new botnet that customers can rent access to conduct distributed denial-of-service DDoS attacks against targets of interest. The ShadowV2 botnet, according to Darktrace, predominantly targets misconfigured Docker containers on Amazon Web...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Php

sudo docker run -it --rm -p 8080:80 php:8.0.29-apache bash...

Exploit for Deserialization of Untrusted Data in Bentoml

Day 09 — CVE-2025-27520 BentoML-style insecure deserializatio...

CVE-2025-34201

Vasion Print formerly PrinterLogic Virtual Appliance Host and Application VA and SaaS deployments run many Docker containers on shared internal networks without firewalling or segmentation between instances. A compromise of any single container allows direct access to internal services HTTP, Redi...