Skip to main content

Mesos

5 CVEs product

Monthly

CVE-2019-0204 Maven HIGH PATCH This Week

A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Docker Apache Mesos Fuse
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2018-8023 Maven MEDIUM PATCH This Month

Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token (JWT). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Information Disclosure Mesos
NVD
CVSS 3.0
5.9
EPSS
3.1%
CVE-2018-1330 Maven HIGH PATCH This Week

When parsing a malformed JSON payload, libprocess in Apache Mesos versions 1.4.0 to 1.5.0 might crash due to an uncaught exception. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Mesos
NVD
CVSS 3.0
7.5
EPSS
3.7%
CVE-2017-9790 Maven HIGH PATCH This Week

When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev crashes if the request path is empty,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Apache Memory Corruption Denial Of Service Use After Free Mesos
NVD
CVSS 3.0
7.5
EPSS
2.1%
CVE-2017-7687 Maven HIGH PATCH This Week

When handling a decoding failure for a malformed URL path of an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev might crash because the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Apache Mesos
NVD
CVSS 3.0
7.5
EPSS
3.2%
EPSS 3% CVSS 7.8
HIGH PATCH This Week

A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Docker Apache +2
NVD
EPSS 3% CVSS 5.9
MEDIUM PATCH This Month

Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token (JWT). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Information Disclosure Mesos
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

When parsing a malformed JSON payload, libprocess in Apache Mesos versions 1.4.0 to 1.5.0 might crash due to an uncaught exception. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Mesos
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev crashes if the request path is empty,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Apache Memory Corruption Denial Of Service +2
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

When handling a decoding failure for a malformed URL path of an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev might crash because the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Apache Mesos
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy