27 matches found
[SECURITY] Fedora 44 Update: docker-buildx-0.35.0-1.fc44
Docker CLI plugin for extended build capabilities with BuildKit...
[SECURITY] Fedora 43 Update: docker-buildx-0.35.0-1.fc43
Docker CLI plugin for extended build capabilities with BuildKit...
CVE-2026-45663
Dokploy (PaaS) contains a command injection vulnerability in the Docker file upload flow prior to 0.29.1. The destinationPath parameter is not sanitized and is interpolated into a shell command, allowing an authenticated user who uploads a file to a container to inject shell metacharacters (e.g.,...
CVE-2026-6406
The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation ECI restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the --use-api-socket flag adds the Docker...
[SECURITY] Fedora 44 Update: podman-5.8.2-1.fc44
podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...
Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege Escalation on Windows
This issue affects Docker CLI through 29.1.5 Impact Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries docker-compose.exe,...
EUVD-2025-208275
Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege Escalation on Windows...
GHSA-P436-GJF2-799P Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege Escalation on Windows
This issue affects Docker CLI through 29.1.5 Impact Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries docker-compose.exe,...
[SECURITY] Fedora 43 Update: docker-buildx-0.29.1-1.fc43
Docker CLI plugin for extended build capabilities with BuildKit...
EUVD-2021-7951
Malicious code in bioql PyPI...
EUVD-2022-4041
Malicious code in bioql PyPI...
EUVD-2022-6988
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-41092
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running docker login...
CVE-2022-39321
GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands wa...
GHSA-2C6M-6GQH-6QG3 Docker Command Escaping in the GitHub Actions Runner
Impact The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands was discovered that allows an input to escape the environment variable and modify th...
Command injection
GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands wa...
CVE-2022-39321 GitHub Actions Runner vulnerable to Docker Command Escaping
GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands wa...
GitHub Actions Runner 操作系统命令注入漏洞
GitHub Actions Runner is an application that runs jobs from a GitHub Actions workflow. A security vulnerability exists in GitHub Actions Runner that stems from the presence of a logic error that allows input to escape an environment variable and directly modify that docker command call, Jobs that...
CVE-2022-39321 GitHub Actions Runner vulnerable to Docker Command Escaping
GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands wa...
Dell EMC PowerProtect 安全漏洞
Dell EMC PowerProtect is a software application from Dell, Inc. It is used by the company to protect, manage and recover its most critical application data. A security vulnerability exists in Dell EMC PowerProtect Cyber Recovery versions prior to 19.11, which originates from an authenticated,...