Astra Linux – Vulnerability in docker.io-app

Docker Compose relies on the path information embedded in remote OCI Compose artifacts. When a layer includes the annotations com.dockercompose.extends or com.dockercompose.envfile, Compose incorporates the value provided by the attacker from com.dockercompose.file/com.dockercompose.envfile into...

Astra Linux – Vulnerability in docker.io

Moby is an open-source project created by Docker to enable software containerization. A bug was discovered in Moby Docker Engine where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates the supplementary group permissions, they may be abl...

Astra Linux – Vulnerability in docker.io

Moby is an open-source project created by Docker to enable software containerization. A bug was discovered in Moby Docker Engine where attempting to copy files using docker cp into a specially crafted container can result in changes to Unix file permissions for existing files in the host’s...

Astra Linux – Vulnerability in docker.io

Docker CLI is the command-line interface for the Docker container runtime. A bug was discovered in Docker CLI where running docker login my-private-registry.example.com with a misconfigured configuration file typically /.docker/config.json, which lists a credsStore or credhelpers that cannot be...

Astra Linux – Vulnerability in docker.io-app

Moby version 25.0.3 has a race condition vulnerability in the StreamFormatter package. This vulnerability can be exploited to trigger multiple concurrent write operations, leading to data corruption or application crashes...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CopyFail Guard text...

ethical-hacking-portfolio

Ethical Hacking Portfolio - CS4069 | Spring 2026 Course:...

OESA-2026-2138 moby security update

Docker is a product for you to build, ship and run any application as a lightweight container. Security Fixes: Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plug...

Fedora 45 : docker-distribution (2026-d7d99f08ff)

The remote Fedora 45 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d7d99f08ff advisory. Automatic update for docker-distribution-3.1.1-1.fc45. Changelog Fri May 1 2026 Bradley G Smith - 3.1.1-1 - Update to release v3.1.1 - Resolves:...

Exploit for CVE-2026-31431

Porting CVE-2026-31431 "Copy Fail" to a Constrained Java Run...

GHSA-5VH4-RGV7-P9G4 Gotenberg Vulnerable to Unauthenticated SSRF via Unfiltered Webhook URL

CVE Report — Unauthenticated SSRF via Unfiltered Webhook URL in Gotenberg Severity | Field | Value | |-----------|----------------------------------------| | CVSS v3.1 | 8.6 High | | Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N | | CWE | CWE-918 — Server-Side Request Forgery | | Auth | None |...

Exploit for Embedded Malicious Code in Tukaani Xz

Security Review: CVE-2024-3094 XZ Utils Backdoor Автор:...

[SECURITY] Fedora 42 Update: podman-5.8.2-1.fc42

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

[SECURITY] Fedora 42 Update: skopeo-1.22.2-1.fc42

Command line utility to inspect images and repositories directly on Docker registries without the need to pull them...

CLEANSTART-2026-CZ07385 Docker CLI for Windows searches for plugin binaries in C:\\\\\\\\ProgramData\\\\\\\\Docker\\\\\\\\cli-plugins, a directory that does not exist by default

Multiple security vulnerabilities affect the tekton-pipelines-fips package. Docker CLI for Windows searches for plugin binaries in C:\\\\ProgramData\\\\Docker\\\\cli-plugins, a directory that does not exist by default. See references for individual vulnerability details...

CLEANSTART-2026-FU04414 Docker CLI for Windows searches for plugin binaries in C:\\\\\\\\ProgramData\\\\\\\\Docker\\\\\\\\cli-plugins, a directory that does not exist by default

Multiple security vulnerabilities affect the tekton-pipelines-fips package. Docker CLI for Windows searches for plugin binaries in C:\\\\ProgramData\\\\Docker\\\\cli-plugins, a directory that does not exist by default. See references for individual vulnerability details...

Amazon Linux 2 : docker, --advisory ALAS2DOCKER-2026-111 (ALASDOCKER-2026-111)

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-111 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler...

Amazon Linux 2 : docker, --advisory ALAS2NITRO-ENCLAVES-2026-097 (ALASNITRO-ENCLAVES-2026-097)

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-097 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go...

Docker Desktop < 4.59.0 ECI Privilege Escalation (CVE-2026-6406)

The version of Docker Desktop installed on the remote host is prior to 4.59.0. It is, therefore, affected by a local privilege escalation vulnerability: - A flaw exists in the Enhanced Container Isolation ECI feature related to processing of Docker CLI arguments. The issue results from an exposed...

xsslab

Dalfox XSS Lab Stored XSS / second-order XSS laboratory for i...