CVE-2025-32755

In jenkins/ssh-slave Docker images based on Debian, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SSH...

CVE-2025-32754

In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SS...

CVE-2025-32755

In jenkins/ssh-slave Docker images based on Debian, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SSH...

CVE-2025-32755

CVE-2025-32755 affects Jenkins’ ssh-slave Docker images built on Debian. In these images, SSH host keys are generated at image creation, causing all containers derived from the same image version to share identical host keys. This enables an attacker who can position themselves in the network pat...

CVE-2025-32754

In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SS...

CVE-2025-32754

In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SS...

CVE-2025-32754

In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SS...

CVE-2025-32754

CVE-2025-32754 affects the jenkins/ssh-agent Docker images (6.11.1 and earlier). The root cause is that SSH host keys are generated on image creation, causing all containers built from the same image version to share the same host keys. This enables an attacker who can position themselves in the ...

PT-2025-15974 · Unknown +1 · Jenkins/Ssh-Slave +1

Name of the Vulnerable Software and Affected Versions: Jenkins/ssh-slave Docker images based on Debian affected versions not specified Description: The issue arises from SSH host keys being generated on image creation for Jenkins/ssh-slave Docker images based on Debian. This results in all...

OPENSUSE-SU-2025:14980-1 docker-stable-24.0.9_ce-9.1 on GA media

These are all security issues fixed in the docker-stable-24.0.9ce-9.1 package on the GA media of openSUSE Tumbleweed...

Mageia: Security Advisory (MGASA-2025-0130)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Unauthorized File Access

awssamcli is vulnerable to Unauthorized File Access. The vulnerability is due to improper handling of symlinks during the Docker build process, allowing access to privileged host files via elevated permissions...

Appsmith RCE

An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. Module Options msf use exploit/linux/http/appsmithrcecve202455964 msf exploitappsmithrcecve202455964 show targets ...targets... msf...

CVE-2025-32111

The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks "persist-credentials: false" for actions/checkout...

Exploit for Deserialization of Untrusted Data in Apache Parquet_Java

CVE-2025-30065 PoC Usage Build the image sh docker b...

Have We Reached a Distroless Tipping Point?

There's a virtuous cycle in technology that pushes the boundaries of what's being built and how it's being used. A new technology development emerges and captures the world's attention. People start experimenting and discover novel applications, use cases, and approaches to maximize the...

CVE-2025-32111

The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks "persist-credentials: false" for actions/checkout...

CVE-2025-32111

The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks "persist-credentials: false" for actions/checkout...

CVE-2025-32111

The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks "persist-credentials: false" for actions/checkout...

CVE-2025-32111

The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks "persist-credentials: false" for actions/checkout...