cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2019-0204,https://securityvulnerability.io/vulnerability/CVE-2019-0204,,"A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1. A malicious actor can therefore gain root-level code execution on the host.",Apache,Apache Mesos,7.8,HIGH,0.00139999995008111,false,,false,false,false,,,false,false,,2019-03-25T21:43:04.000Z,0
CVE-2018-11793,https://securityvulnerability.io/vulnerability/CVE-2018-11793,,"When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.1, 1.6.0 to 1.6.1, and 1.7.0 might overflow the stack due to unbounded recursion. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.",Apache,Apache Mesos,7.5,HIGH,0.001129999989643693,false,,false,false,false,,,false,false,,2019-03-05T21:29:00.000Z,0
CVE-2018-1000421,https://securityvulnerability.io/vulnerability/CVE-2018-1000421,,"An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCloud.java that allows attackers with Overall/Read access to initiate a test connection to an attacker-specified Mesos server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",Apache,Mesos,6.5,MEDIUM,0.0007300000288523734,false,,false,false,false,,,false,false,,2019-01-09T23:00:00.000Z,0
CVE-2018-1000420,https://securityvulnerability.io/vulnerability/CVE-2018-1000420,,An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCloud.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins.,Apache,Mesos,6.5,MEDIUM,0.0007300000288523734,false,,false,false,false,,,false,false,,2019-01-09T23:00:00.000Z,0
CVE-2018-8023,https://securityvulnerability.io/vulnerability/CVE-2018-8023,,"Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token (JWT). In Apache Mesos versions pre-1.4.2, 1.5.0, 1.5.1, 1.6.0 the comparison of the generated HMAC value against the provided signature in the JWT implementation used is vulnerable to a timing attack because instead of a constant-time string comparison routine a standard `==` operator has been used. A malicious actor can therefore abuse the timing difference of when the JWT validation function returns to reveal the correct HMAC value.",Apache,Apache Mesos,5.9,MEDIUM,0.0007200000109151006,false,,false,false,false,,,false,false,,2018-09-21T00:00:00.000Z,0
CVE-2018-1330,https://securityvulnerability.io/vulnerability/CVE-2018-1330,,"When parsing a malformed JSON payload, libprocess in Apache Mesos versions 1.4.0 to 1.5.0 might crash due to an uncaught exception. Parsing chunked HTTP requests with trailers can lead to a libprocess crash too because of the mistakenly planted assertion. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.",Apache,Apache Mesos,7.5,HIGH,0.0007699999841861427,false,,false,false,false,,,false,false,,2018-09-13T00:00:00.000Z,0
CVE-2017-9790,https://securityvulnerability.io/vulnerability/CVE-2017-9790,,"When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev crashes if the request path is empty, because the parser assumes the request path always starts with '/'. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.",Apache,Apache Mesos,7.5,HIGH,0.0009399999980814755,false,,false,false,false,,,false,false,,2017-09-29T01:34:00.000Z,0
CVE-2017-7687,https://securityvulnerability.io/vulnerability/CVE-2017-7687,,"When handling a decoding failure for a malformed URL path of an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev might crash because the code accidentally calls inappropriate function. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.",Apache,Apache Mesos,7.5,HIGH,0.0009399999980814755,false,,false,false,false,,,false,false,,2017-09-29T01:34:00.000Z,0