Lucene search
K

85 matches found

NVD
NVD
added 2026/06/18 2:17 p.m.14 views

CVE-2026-12039

Docker Sandboxes sbx enforces an HTTP/S-only egress allowlist but does not apply it to DNS resolution: the per-network embedded DNS server forwards any queried name to the host resolver whenever the network is internet-connected, without consulting the policy. A workload inside a sandbox, which t...

5.7CVSS0.00103EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/18 1:51 p.m.10 views

EUVD-2026-37893

Docker Sandboxes sbx blocks ICMP egress with an authorizer applied only at network-creation time, and does not re-apply it to networks rebuilt from disk when the Docker daemon restarts, so a restart-surviving sandbox forwards ICMP to arbitrary hosts. A workload inside a sandbox, which the threat...

5.7CVSS5.5AI score0.00097EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 1:51 p.m.23 views

CVE-2026-12539

Docker Sandboxes (sbx) ICMP egress restriction can be bypassed after daemon restart. The issue arises because the authorizer is applied only at network creation and is not re-applied to networks rebuilt from disk on restart, allowing a restart-surviving sandbox to forward ICMP to arbitrary hosts....

5.7CVSS5.5AI score0.00097EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/18 1:51 p.m.15 views

CVE-2026-12539

Docker Sandboxes sbx blocks ICMP egress with an authorizer applied only at network-creation time, and does not re-apply it to networks rebuilt from disk when the Docker daemon restarts, so a restart-surviving sandbox forwards ICMP to arbitrary hosts. A workload inside a sandbox, which the threat...

5.7CVSS5.5AI score0.00097EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/18 1:48 p.m.3 views

CVE-2026-12039 Docker Sandboxes network egress allowlist bypass via unfiltered DNS resolution

Docker Sandboxes sbx enforces an HTTP/S-only egress allowlist but does not apply it to DNS resolution: the per-network embedded DNS server forwards any queried name to the host resolver whenever the network is internet-connected, without consulting the policy. A workload inside a sandbox, which t...

5.7CVSS6AI score0.00103EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/18 1:48 p.m.12 views

CVE-2026-12039 Docker Sandboxes network egress allowlist bypass via unfiltered DNS resolution

Docker Sandboxes sbx enforces an HTTP/S-only egress allowlist but does not apply it to DNS resolution: the per-network embedded DNS server forwards any queried name to the host resolver whenever the network is internet-connected, without consulting the policy. A workload inside a sandbox, which t...

5.7CVSS5.2AI score0.00103EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/18 1:48 p.m.10 views

EUVD-2026-37892

Docker Sandboxes sbx enforces an HTTP/S-only egress allowlist but does not apply it to DNS resolution: the per-network embedded DNS server forwards any queried name to the host resolver whenever the network is internet-connected, without consulting the policy. A workload inside a sandbox, which t...

5.7CVSS5.3AI score0.00103EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 1:48 p.m.20 views

CVE-2026-12039

Docker Sandboxes (sbx) expose a DNS resolution bypass: the per-network embedded DNS server forwards queries to the host resolver when the network is internet-connected, ignoring the HTTP/S egress allowlist. This enables a workload treated as untrusted to encode data in DNS labels for an attacker-...

5.7CVSS5.3AI score0.00103EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 1:48 p.m.22 views

CVE-2026-12039 Docker Sandboxes network egress allowlist bypass via unfiltered DNS resolution

Docker Sandboxes sbx enforces an HTTP/S-only egress allowlist but does not apply it to DNS resolution: the per-network embedded DNS server forwards any queried name to the host resolver whenever the network is internet-connected, without consulting the policy. A workload inside a sandbox, which t...

5.7CVSS0.00103EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.16 views

PT-2026-50674

Name of the Vulnerable Software and Affected Versions Docker Sandboxes sbx affected versions not specified Description Docker Sandboxes sbx implements an egress allowlist restricted to HTTP/S traffic but fails to apply this restriction to DNS resolution. The embedded DNS server for each network...

5.7CVSS5.8AI score0.00103EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.26 views

PT-2026-50676

Name of the Vulnerable Software and Affected Versions Docker Sandboxes affected versions not specified Description Docker Sandboxes sbx fail to re-apply the ICMP egress authorizer to networks rebuilt from disk after a Docker daemon restart. This allows a restart-surviving sandbox to forward ICMP...

5.7CVSS6AI score0.00097EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.11 views

CVE-2026-49204

Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation...

6.9CVSS5.4AI score0.00159EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 7:16 a.m.12 views

CVE-2026-49204

Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation...

6.9CVSS0.00159EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 6:35 a.m.9 views

CVE-2026-49204

Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation...

6.9CVSS5.8AI score0.00159EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/04 6:35 a.m.8 views

CVE-2026-49204 Hard-coded AWS Cognito Testing Accounts

Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation...

6.9CVSS5.8AI score0.00159EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 6:35 a.m.29 views

CVE-2026-49204

Technical details about CVE-2026-49204 are not publicly available in the provided documents; monitor for updates.

6.9CVSS5.8AI score0.00159EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/04 6:35 a.m.11 views

EUVD-2026-34216

Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation...

6.9CVSS5.8AI score0.00159EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 6:35 a.m.46 views

CVE-2026-49204 Hard-coded AWS Cognito Testing Accounts

Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation...

6.9CVSS0.00159EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.25 views

PT-2026-46155

Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation...

6.9CVSS5.8AI score0.00159EPSS
Exploits0References2
CVE
CVE
added 2026/04/06 3:9 p.m.23 views

CVE-2026-34208

CVE-2026-34208 (SandboxJS) affects SandboxJS versions prior to 0.8.36. The vulnerability arises because an exposed constructor path (this.constructor.call(target, attackerObject)) can bypass the global-write protection and cause host global objects to be mutated by attacker-controlled payloads. T...

10CVSS6.1AI score0.00561EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder