Lucene search
K

84 matches found

Tenable Nessus
Tenable Nessus
added 4 days ago5 views

Docker Engine < 29.5.1 Arbitrary Code Execution

The version of the Docker Engine Moby installed on the remote host is prior to 29.5.1. It is, therefore, affected by an arbitrary code execution vulnerability: - When a compressed archive is uploaded to a container via PUT /containers/id/archive or piped through docker cp -, the daemon resolves...

7.5CVSS6.6AI score0.00153EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 8:53 a.m.5 views

SUSE-SU-2026:2692-1 Security update for docker

This update for docker fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265782. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation bypass...

9.6CVSS7.8AI score0.00781EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/26 3:9 p.m.7 views

CVE-2026-41567

A flaw was found in Moby, the open-source container framework, and Docker Engine. A malicious container image can exploit this vulnerability to achieve arbitrary code execution with full daemon privileges, including host root access. This occurs when a user uploads a compressed archive to the...

7.5CVSS6.4AI score0.00153EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/25 3:26 p.m.34 views

CVE-2026-48945 Joomla Extension - getk2.org - Privileged RCE vulnerability in K2 extension for Joomla < 2.26

The K2 article gallery upload path accepts a zip/tar archive, extracts it under /media/k2/galleries//, and only renames image files gif/jpg/jpeg/png/webp to safe names — non-image files including .php are extracted as-is and remain executable via direct HTTP access...

0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 3:26 p.m.7 views

CVE-2026-48945 Joomla Extension - getk2.org - Privileged RCE vulnerability in K2 extension for Joomla < 2.26

The K2 article gallery upload path accepts a zip/tar archive, extracts it under /media/k2/galleries//, and only renames image files gif/jpg/jpeg/png/webp to safe names — non-image files including .php are extracted as-is and remain executable via direct HTTP access...

5.8AI score0.00197EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 3:26 p.m.13 views

CVE-2026-48945

The CVE describes a vulnerability in the K2 Joomla extension (getk2.com) where the article gallery upload path accepts a zip/tar archive and extracts it to /media/k2/galleries//. The extractor renames image files (gif/jpg/jpeg/png/webp) to safe names, but non-image files (including .php) are extr...

5.3CVSS5.9AI score0.00197EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/10 6:17 p.m.27 views

CVE-2026-46612

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, the Fission storagesvc component registers archive CRUD handlers /v1/archive GET / POST / DELETE and /v1/archives list directly on...

8.8CVSS0.00344EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/06 2:48 a.m.9 views

SUSE CVE-2026-41567

Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via PUT /containers/id/archive or piped through docker cp -, the daemon resolves decompression binaries such as xz or unpigz fr...

7.2CVSS6.2AI score0.00153EPSS
Exploits0References7
NVD
NVD
added 2026/06/05 2:17 a.m.37 views

CVE-2026-41567

Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via PUT /containers/id/archive or piped through docker cp -, the daemon resolves decompression binaries such as xz or unpigz fr...

7.5CVSS0.00153EPSS
Exploits0References4
OSV
OSV
added 2026/06/05 2:17 a.m.9 views

DEBIAN-CVE-2026-41567

Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via PUT /containers/id/archive or piped through docker cp -, the daemon resolves decompression binaries such as xz or unpigz fr...

7.2CVSS6AI score0.00153EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 2:17 a.m.6 views

UBUNTU-CVE-2026-41567

Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via PUT /containers/id/archive or piped through docker cp -, the daemon resolves decompression binaries such as xz or unpigz fr...

7.5CVSS6AI score0.00153EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/05 12:35 a.m.51 views

CVE-2026-41567 Docker: `PUT /containers/{id}/archive` executes container binary on the host

Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via PUT /containers/id/archive or piped through docker cp -, the daemon resolves decompression binaries such as xz or unpigz fr...

7.2CVSS0.00153EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 12:35 a.m.6 views

CVE-2026-41567

Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via PUT /containers/id/archive or piped through docker cp -, the daemon resolves decompression binaries such as xz or unpigz fr...

7.2CVSS6.2AI score0.00153EPSS
Exploits0References2Affected Software3
Vulnrichment
Vulnrichment
added 2026/06/05 12:35 a.m.10 views

CVE-2026-41567 Docker: `PUT /containers/{id}/archive` executes container binary on the host

Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via PUT /containers/id/archive or piped through docker cp -, the daemon resolves decompression binaries such as xz or unpigz fr...

7.2CVSS6.2AI score0.00153EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/05 12:35 a.m.10 views

EUVD-2026-34779

Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via PUT /containers/id/archive or piped through docker cp -, the daemon resolves decompression binaries such as xz or unpigz fr...

7.2CVSS6.3AI score0.00153EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/05 12:35 a.m.14 views

CVE-2026-41567

Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via PUT /containers/id/archive or piped through docker cp -, the daemon resolves decompression binaries such as xz or unpigz fr...

7.5CVSS6.3AI score0.00153EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/05 12:35 a.m.7 views

CVE-2026-41567

Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via PUT /containers/id/archive or piped through docker cp -, the daemon resolves decompression binaries such as xz or unpigz fr...

7.5CVSS6AI score0.00153EPSS
Exploits0
Snyk
Snyk
added 2026/05/18 5:47 p.m.8 views

Uncontrolled Search Path Element

Overview Affected versions of this package are vulnerable to Uncontrolled Search Path Element during the archive decompression for PUT /containers/id/archive API requests. An attacker can execute arbitrary code on the host with daemon privileges by uploading a compressed archive containing a...

7.5CVSS6.2AI score0.00153EPSS
Exploits0References2
OSV
OSV
added 2026/05/18 5:47 p.m.9 views

GHSA-X86F-5XW2-FM2R Docker: `PUT /containers/{id}/archive` executes container binary on the host

Summary When a user uploads a compressed archive into a container, a malicious image can execute arbitrary code with daemon host root privileges. Details When handling PUT /containers/id/archive requests with compressed archives, the daemon decompresses them using external system binaries. Due to...

7.2CVSS6.4AI score0.00153EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.14 views

PT-2026-41765

Name of the Vulnerable Software and Affected Versions Docker affected versions not specified Description When handling 'PUT /containers/id/archive' requests with compressed archives, the daemon decompresses them using external system binaries. Due to incorrect operation ordering, these binaries a...

7.5CVSS6.3AI score0.00153EPSS
Exploits0References47
Rows per page
Query Builder