Every CVE whose affected-product data names Apache Mesos, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2019-5736 — CVSS 8.6 (high): runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and…
CVE-2019-0204 — CVSS 7.8 (high): A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the…
CVE-2017-7687 — CVSS 7.5 (high): When handling a decoding failure for a malformed URL path of an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2…
CVE-2018-1330 — CVSS 7.5 (high): When parsing a malformed JSON payload, libprocess in Apache Mesos versions 1.4.0 to 1.5.0 might crash due to an uncaught exception. Parsing…
CVE-2018-11793 — CVSS 7.5 (high): When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to…
CVE-2017-9790 — CVSS 7.5 (high): When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before…
CVE-2018-1000421 — CVSS 6.5 (medium): An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCloud.java that allows attackers with…
CVE-2018-1000420 — CVSS 6.5 (medium): An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCloud.java that allows attackers with…
CVE-2018-8023 — CVSS 5.9 (medium): Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token (JWT). In Apache Mesos versions…