CVE-2025-9074

CVE-2025-9074 : Docker Desktop exposes the Docker Engine API on the internal subnet (example: 192.168.65.7:2375) without authentication, enabling a container to create a privileged container that mounts host filesystem access. Public writeups and exploits in the connected literature demonstrate a...

CVE-2025-9074 Docker Desktop allows unauthenticated access to Docker Engine API from containers

A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation ECI enabled, and with or without th...

PT-2025-34057

Name of the Vulnerable Software and Affected Versions Docker Desktop versions prior to 4.44.3 Description A flaw in the container isolation mechanism of Docker Desktop for Windows and macOS allows local Linux containers to gain unauthenticated access to the Docker Engine API via the configured...

Palo Alto GlobalProtect App Windows 6.x < 6.2.8-h3 / 6.3.x < 6.3.3-h2 Improper Certificate Validation (CVE-2025-2183)

The version of Palo Alto GlobalProtect App installed on the remote Windows host is 6.x prior to 6.2.8-h3 or 6.3.x prior to 6.3.3-h2. It is, therefore, affected by an improper certificate validation vulnerability: - An insufficient certificate validation issue in the Palo Alto Networks GlobalProte...

CVE-2025-9019

A vulnerability has been found in tcpreplay 4.5.1. This vulnerability affects the function maskcidr6 of the file cidr.c of the component tcpprep. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitatio...

Linux Distros Unpatched Vulnerability : CVE-2025-21993

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iscsiibft: Fix UBSAN shift-out-of-bounds warning in ibftattrshownic When performing an iSCSI boot using IPv6, iscsistart still reads the...

CVE-2025-2183

An insufficient certificate validation issue in the Palo Alto Networks GlobalProtect™ app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root...

unbound: Unbound Cache poisoning

A cache poisoning flaw was found in Unbound. Resolvers supporting EDNS Client Subnet ECS must segregate outgoing queries to accommodate different outgoing ECS information. This issue reopens resolvers to a birthday paradox attack, known as the Rebirthday Attack, which attempts to match the DNS...

unbound: Unbound Cache poisoning

A cache poisoning flaw was found in Unbound. Resolvers supporting EDNS Client Subnet ECS must segregate outgoing queries to accommodate different outgoing ECS information. This issue reopens resolvers to a birthday paradox attack, known as the Rebirthday Attack, which attempts to match the DNS...

unbound: Unbound Cache poisoning

A cache poisoning flaw was found in Unbound. Resolvers supporting EDNS Client Subnet ECS must segregate outgoing queries to accommodate different outgoing ECS information. This issue reopens resolvers to a birthday paradox attack, known as the Rebirthday Attack, which attempts to match the DNS...

OESA-2025-1974 unbound security update

Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards. To help increase online privacy, Unbound supports DNS-over-TLS which allows clients to encrypt their communication. Unbound is available for most...

Important: unbound

Issue Overview: A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet ECS. Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information along wit...

Linux Distros Unpatched Vulnerability : CVE-2025-5994

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet ECS. Unbound is...

unbound: Unbound Cache poisoning

A cache poisoning flaw was found in Unbound. Resolvers supporting EDNS Client Subnet ECS must segregate outgoing queries to accommodate different outgoing ECS information. This issue reopens resolvers to a birthday paradox attack, known as the Rebirthday Attack, which attempts to match the DNS...

unbound: Unbound Cache poisoning

A cache poisoning flaw was found in Unbound. Resolvers supporting EDNS Client Subnet ECS must segregate outgoing queries to accommodate different outgoing ECS information. This issue reopens resolvers to a birthday paradox attack, known as the Rebirthday Attack, which attempts to match the DNS...

unbound: Unbound Cache poisoning

A cache poisoning flaw was found in Unbound. Resolvers supporting EDNS Client Subnet ECS must segregate outgoing queries to accommodate different outgoing ECS information. This issue reopens resolvers to a birthday paradox attack, known as the Rebirthday Attack, which attempts to match the DNS...

Important: unbound

Issue Overview: A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet ECS. Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information along wit...

Important: unbound

Issue Overview: A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet ECS. Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information along wit...

Amazon Linux 2 : unbound (ALASUNBOUND-1.17-2025-005)

The version of unbound installed on the remote host is prior to 1.17.0-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2UNBOUND-1.17-2025-005 advisory. A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that...

Amazon Linux 2 : unbound (ALAS-2025-2951)

The version of unbound installed on the remote host is prior to 1.7.3-15. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2951 advisory. A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS...