Lucene search
K

236 matches found

Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.21 views

PT-2026-46247

Name of the Vulnerable Software and Affected Versions GNCC GP5 version 7.1.76 Description A lack of runtime integrity allows physically-proximate attackers to bypass file system read-only protections. This enables the modification of system files and binaries for the duration of a boot session...

4.6CVSS5.4AI score0.00135EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/04 12:0 a.m.42 views

CVE-2026-36180

A lack of runtime integrity in GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass file system read-only protections and modify system files and binaries for the duration of a boot session via a bind-mount attack...

0.00135EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 12:0 a.m.20 views

CVE-2026-36180

CVE-2026-36180 affects GNCC GP5 v7.1.76. The issue is a lack of runtime integrity that lets physically-proximate attackers bypass read-only protections via a bind-mount attack, enabling modification of system files and binaries for the duration of a boot session. Documents consistently describe t...

4.6CVSS5.8AI score0.00135EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 12:30 a.m.11 views

EUVD-2026-34033

Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event. This issue has been fixed in Docker Desktop 4.76.0...

8.2CVSS5.7AI score0.00115EPSS
Exploits0References2
NVD
NVD
added 2026/06/02 10:16 p.m.16 views

CVE-2026-8936

Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event. This issue has been fixed in Docker Desktop 4.76.0...

8.2CVSS0.00115EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/02 9:9 p.m.11 views

CVE-2026-8936 Unbounded recursion in grpcfuse kernel module allows container to crash Docker Desktop VM

Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event. This issue has been fixed in Docker Desktop 4.76.0...

8.2CVSS5.7AI score0.00115EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 9:9 p.m.36 views

CVE-2026-8936 Unbounded recursion in grpcfuse kernel module allows container to crash Docker Desktop VM

Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event. This issue has been fixed in Docker Desktop 4.76.0...

8.2CVSS0.00115EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:3 p.m.14 views

CVE-2026-44850

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer offers an environment-level Disable bind mounts for...

5.8AI score0.00206EPSS
Exploits1References2Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Landlock: Fixed the handling of disconnected directories. Disconnected files or directories may appear when they are visible and opened from a bind mount, but have been renamed or moved from the source of the bind mount in a w...

5.8AI score0.00171EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/19 4:42 p.m.13 views

CVE-2026-47107 Windmill < 1.703.2 Incorrect Default Permissions in nsjail Configuration

Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox configuration files where /etc is bind-mounted without read-write restrictions, allowing authenticated users to write arbitrary entries to /etc/hosts, /etc/resolv.conf, and...

8.6CVSS6AI score0.0024EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.29 views

PT-2026-41986

Name of the Vulnerable Software and Affected Versions Windmill versions prior to 1.703.2 Description Incorrect default permissions in nsjail sandbox configuration files allow the /etc directory to be bind-mounted without read-write restrictions. This enables authenticated users to write arbitrary...

9.6CVSS5.9AI score0.0024EPSS
Exploits0References9
OSV
OSV
added 2026/05/18 5:53 p.m.32 views

GHSA-RG2X-37C3-W2RH Docker: Race condition in docker cp allows bind mount redirection to host path

Summary A race condition during docker cp mount setup allows a malicious container to redirect a bind mount target to an arbitrary host path, potentially overwriting host files or causing denial of service. Details When copying files into a container, the daemon sets up a temporary filesystem vie...

7.2CVSS6AI score0.00104EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/18 5:53 p.m.20 views

Docker: Race condition in docker cp allows bind mount redirection to host path

Summary A race condition during docker cp mount setup allows a malicious container to redirect a bind mount target to an arbitrary host path, potentially overwriting host files or causing denial of service. Details When copying files into a container, the daemon sets up a temporary filesystem vie...

7.2CVSS6AI score0.00104EPSS
Exploits0References3Affected Software3
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.25 views

PT-2026-41767

Name of the Vulnerable Software and Affected Versions Docker affected versions not specified Description A race condition occurs during the mount setup of the docker cp command. When copying files into a container, the daemon creates a temporary filesystem view by bind-mounting volumes. A process...

7.2CVSS5.9AI score0.00104EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.8 views

RHCOS 4 : OpenShift Container Platform 4.16.49 (RHSA-2025:16724)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:16724 advisory. - podman: Build Context Bind Mount CVE-2025-4953 Note that Nessus has not tested for this issue but has instead relied only on the...

7.4CVSS7.2AI score0.00596EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/04/27 2:17 a.m.8 views

runc: container escape with malicious config due to /dev/console mount and related races

A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console bind-mounts. When creating the /dev/console bind-mount to /dev/pts/$n, if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount...

8.4CVSS6.4AI score0.00523EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/04/15 3:24 p.m.10 views

runc: container escape via 'masked path' abuse due to mount race conditions

A flaw was found in runc. This flaw exploits an issue with how masked paths are implementedin runc. When masking files, runc will bind-mount the container's /dev/null inode on top of the file. However, if an attacker can replace /dev/null with a symlink to some other procfs file, runc will instea...

7.8CVSS5.8AI score0.0067EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2026/04/15 3:24 p.m.4 views

runc: container escape with malicious config due to /dev/console mount and related races

A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console bind-mounts. When creating the /dev/console bind-mount to /dev/pts/$n, if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount...

8.4CVSS5.7AI score0.00523EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/03/17 6:49 a.m.10 views

runc: container escape with malicious config due to /dev/console mount and related races

A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console bind-mounts. When creating the /dev/console bind-mount to /dev/pts/$n, if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount...

8.4CVSS5.7AI score0.00523EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.9 views

EulerOS 2.0 SP10 : docker-runc (EulerOS-SA-2026-1306)

According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through...

8.4CVSS7AI score0.0067EPSS
Exploits4References4
Rows per page
Query Builder