219 matches found
CVE-2026-36180
A lack of runtime integrity in GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass file system read-only protections and modify system files and binaries for the duration of a boot session via a bind-mount attack...
CVE-2026-36180
The CVE describes a lack of runtime integrity in GNCC GP5 v7.1.76 that lets physically proximate attackers bypass read-only protections and modify system files and binaries for the duration of a boot session via a bind-mount attack. Affected product: GNCC GP5 (version 7.1.76). Root cause: runtime...
CVE-2026-36180
A lack of runtime integrity in GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass file system read-only protections and modify system files and binaries for the duration of a boot session via a bind-mount attack...
CVE-2026-36180
A lack of runtime integrity in GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass file system read-only protections and modify system files and binaries for the duration of a boot session via a bind-mount attack...
EUVD-2026-34281
A lack of runtime integrity in GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass file system read-only protections and modify system files and binaries for the duration of a boot session via a bind-mount attack...
PT-2026-46247
A lack of runtime integrity in GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass file system read-only protections and modify system files and binaries for the duration of a boot session via a bind-mount attack...
EUVD-2026-34033
Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event. This issue has been fixed in Docker Desktop 4.76.0...
CVE-2026-8936
Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event. This issue has been fixed in Docker Desktop 4.76.0...
CVE-2026-8936 Unbounded recursion in grpcfuse kernel module allows container to crash Docker Desktop VM
Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event. This issue has been fixed in Docker Desktop 4.76.0...
CVE-2026-8936 Unbounded recursion in grpcfuse kernel module allows container to crash Docker Desktop VM
Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event. This issue has been fixed in Docker Desktop 4.76.0...
CVE-2026-44850
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer offers an environment-level Disable bind mounts for...
Astra Linux - уязвимость в runc-app
Runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, an attacker can trick runc into binding /dev/pts/$n to /dev/console. Normally, these paths are made read-onl...
Astra Linux - уязвимость в flatpak
Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak application that used persistent directories could access and write files outside of its usual access rights, which constituted an attack on integrity and...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: Landlock: Fixed the handling of disconnected directories. Disconnected files or directories may appear when they are visible and opened from a bind mount, but have been renamed or moved from the source of the bind mount in a w...
CVE-2026-47107 Windmill < 1.703.2 Incorrect Default Permissions in nsjail Configuration
Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox configuration files where /etc is bind-mounted without read-write restrictions, allowing authenticated users to write arbitrary entries to /etc/hosts, /etc/resolv.conf, and...
PT-2026-41986
Name of the Vulnerable Software and Affected Versions Windmill versions prior to 1.703.2 Description Incorrect default permissions in nsjail sandbox configuration files allow the /etc directory to be bind-mounted without read-write restrictions. This enables authenticated users to write arbitrary...
GHSA-RG2X-37C3-W2RH Docker: Race condition in docker cp allows bind mount redirection to host path
Summary A race condition during docker cp mount setup allows a malicious container to redirect a bind mount target to an arbitrary host path, potentially overwriting host files or causing denial of service. Details When copying files into a container, the daemon sets up a temporary filesystem vie...
Docker: Race condition in docker cp allows bind mount redirection to host path
Summary A race condition during docker cp mount setup allows a malicious container to redirect a bind mount target to an arbitrary host path, potentially overwriting host files or causing denial of service. Details When copying files into a container, the daemon sets up a temporary filesystem vie...
PT-2026-41767
Name of the Vulnerable Software and Affected Versions Docker affected versions not specified Description A race condition occurs during the mount setup of the docker cp command. When copying files into a container, the daemon creates a temporary filesystem view by bind-mounting volumes. A process...
RHCOS 4 : OpenShift Container Platform 4.16.49 (RHSA-2025:16724)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:16724 advisory. - podman: Build Context Bind Mount CVE-2025-4953 Note that Nessus has not tested for this issue but has instead relied only on the...