UBUNTU-CVE-2026-23528

Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting XSS bug in the Dask...

Security Bulletin: Firewalld Reload Bypasses Localhost Port Restrictions in Moby (Docker Engine) Prior to 28.3.3, affects watsonx.data

Summary Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. In versions 28.2.0 through 28.3.2, when the firewalld service is reloaded it removes all iptables rules...

TencentOS Server 4: moby (TSSA-2025:0667)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0667 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Improper Access Control

github.com/moby/moby is vulnerable to improper access control. The vulnerability is due to failure to recreate firewall rules blocking external access to containers after a firewalld reload, which allows an attacker to remotely access containers with ports published to localhost...

UBUNTU-CVE-2021-39927

Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.4, between 14.5.0 and 14.5.2, and between 14.6.0 and 14.6.1 would fail to protect against attacks sending requests to localhost on port 80 or 443 if GitLab was configured to run on a port other than 80 or 443...

kubernetes: node localhost services reachable via martian packets

A flaw was found in Kubernetes that allows attackers on adjacent networks to reach services exposed on localhost ports, previously thought to be unreachable. This flaw allows an attacker to gain privileges or access confidential information for any services listening on localhost ports that are n...

Zoom Client Information Disclosure Vulnerability

Zoom Client is a video conferencing endpoint from Zoom USA that supports multiple platforms. An information disclosure vulnerability exists in Zoom Client. A remote attacker could force a user to join a video call with the camera active. It is because any website can interact with a zoom web serv...

WebWasher Classic - HTTP CONNECT weakness

WebWasher Classic - HTTP CONNECT weakness ========================================= WebWasher Classic ================= WebWasher Classic is a well known HTTP-URL/Popup/Script filtering proxy which is free for non commercial use. WebWasher Classic supports two modes, a client mode, where it only...