Lucene search
K

22 matches found

NVD
NVD
added last week7 views

CVE-2026-14373

HashiCorp Nomad and Nomad Enterprise did not enforce the allowprivileged restriction for the Docker task driver's host namespace mode options. This may allow an authenticated job submitter to run a container in a host namespace and access information belonging to the host or to other workloads on...

7.7CVSS0.00248EPSS
Exploits0References1
EUVD
EUVD
added last week6 views

EUVD-2026-42349

HashiCorp Nomad and Nomad Enterprise did not enforce the allowprivileged restriction for the Docker task driver's host namespace mode options. This may allow an authenticated job submitter to run a container in a host namespace and access information belonging to the host or to other workloads on...

7.7CVSS6AI score0.00248EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.12 views

Docker Model Runner 安全漏洞

Docker Model Runner is an open-source Docker model runner developed by Docker. Docker Model Runner vllm-metal contains a security vulnerability. This vulnerability arises from setting trustremotecode=True without any sandbox protection. It may allow arbitrary Python files to be executed during...

8.8CVSS6.3AI score0.00224EPSS
Exploits1References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 7:23 a.m.15 views

Malicious code in arc-diag-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95f08d97107d726a6ae90afbf8e354b84a7e13d4a236bc8766180a362cc8344c On npm install, the package's postinstall hook runs id to capture the installer's uid/gid/group identity and opens a raw TCP socket to...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/20 7:23 a.m.10 views

MAL-2026-4481 Malicious code in arc-diag-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95f08d97107d726a6ae90afbf8e354b84a7e13d4a236bc8766180a362cc8344c On npm install, the package's postinstall hook runs id to capture the installer's uid/gid/group identity and opens a raw TCP socket to...

5.8AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:50 a.m.7 views

CVE-2020-24263

Portainer 1.24.1 and earlier is affected by an insecure permissions vulnerability that may lead to remote arbitrary code execution. A non-admin user is allowed to spawn new containers with critical capabilities such as SYSMODULE, which can be used to take over the Docker host...

8.8CVSS7.7AI score0.01601EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-16999

Malware in sbrugna...

10CVSS9.2AI score0.04116EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-16998

Malware in sbrugna...

8.8CVSS8.8AI score0.01601EPSS
Exploits0References2
OSV
OSV
added 2024/11/12 9:28 p.m.11 views

GHSA-7HPF-G48V-HW3J Zoraxy has an authenticated command injection in the Web SSH feature

Summary A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Details Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH servers from their browsers. In...

8.6CVSS9.8AI score0.01442EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/11/12 9:28 p.m.43 views

Zoraxy has an authenticated command injection in the Web SSH feature

Summary A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Details Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH servers from their browsers. In...

8.6CVSS8.8AI score0.01442EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2023/03/13 12:0 a.m.5 views

Docker Desktop 安全漏洞

Docker Desktop is a container technology-based desktop software for lightweight deployment of applications from the U.S. company Docker. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...

7.1CVSS7AI score0.00218EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/13 12:0 a.m.9 views

PT-2023-1878 · Docker · Docker Desktop

Name of the Vulnerable Software and Affected Versions: Docker Desktop versions 4.13.0 through 4.16.x Description: The issue allows an unprivileged user to bypass Enhanced Container Isolation ECI restrictions by setting the Docker host to docker.raw.sock or npipe:////.pipe/docker engine linux on...

7.1CVSS6.9AI score0.00218EPSS
Exploits0References4
Veracode
Veracode
added 2021/03/17 8:12 a.m.132 views

Privilege Escalation

github.com/portainer/portainer is vulnerable to privilege escalation. The vulnerability exists due to an insecure permissions in the isValidStackFile function allowing non-admin user to spawn new containers critical capabilities such as SYSMODULE, which can be used to take over the Docker host...

8.8CVSS4.1AI score0.01601EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2021/03/16 3:15 p.m.18 views

CVE-2020-24264

Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and not the server-side, which can lead to spawning a container with bind mount. Once such a container ...

9.8CVSS7.7AI score
Exploits0References1
NVD
NVD
added 2021/03/16 3:15 p.m.22 views

CVE-2020-24264

Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and not the server-side, which can lead to spawning a container with bind mount. Once such a container ...

10CVSS0.04116EPSS
Exploits0References1
NVD
NVD
added 2021/03/16 3:15 p.m.25 views

CVE-2020-24263

Portainer 1.24.1 and earlier is affected by an insecure permissions vulnerability that may lead to remote arbitrary code execution. A non-admin user is allowed to spawn new containers with critical capabilities such as SYSMODULE, which can be used to take over the Docker host...

8.8CVSS0.01601EPSS
Exploits0References1
OSV
OSV
added 2021/03/16 3:15 p.m.16 views

CVE-2020-24263

Portainer 1.24.1 and earlier is affected by an insecure permissions vulnerability that may lead to remote arbitrary code execution. A non-admin user is allowed to spawn new containers with critical capabilities such as SYSMODULE, which can be used to take over the Docker host...

8.8CVSS7.7AI score
Exploits0References1
Prion
Prion
added 2021/03/16 3:15 p.m.16 views

Code injection

Portainer 1.24.1 and earlier is affected by an insecure permissions vulnerability that may lead to remote arbitrary code execution. A non-admin user is allowed to spawn new containers with critical capabilities such as SYSMODULE, which can be used to take over the Docker host...

6.5CVSS8.9AI score0.01601EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/03/16 3:15 p.m.21 views

Design/Logic Flaw

Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and not the server-side, which can lead to spawning a container with bind mount. Once such a container ...

10CVSS9.7AI score0.04116EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/03/16 2:42 p.m.62 views

CVE-2020-24263

CVE-2020-24263 affects Portainer ≤ 1.24.1. The issue is an insecure permissions vulnerability that allows a non-admin user to spawn new containers with critical capabilities (e.g., SYS_MODULE), enabling potential remote code execution and host takeovers. The available connected documents confirm ...

8.8CVSS8.9AI score0.01601EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder