83 matches found
GHSA-PXQ6-2PRW-CHJ9 Moby has an Off-by-one error in its plugin privilege validation
Summary A security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a privilege set that differs from the one approved by the user...
Linux Distros Unpatched Vulnerability : CVE-2026-23924
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of...
EUVD-2026-14958
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...
CVE-2026-23924
A flaw was found in the Zabbix Agent 2 Docker plugin. An attacker with the ability to invoke Agent 2 can exploit improper sanitization of 'docker.containerinfo' parameters. This allows the attacker to inject malicious input via the Docker archive API, leading to the disclosure of arbitrary files...
CVE-2026-23924
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...
DEBIAN-CVE-2026-23924
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...
UBUNTU-CVE-2026-23924
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...
CVE-2026-23924
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...
CVE-2026-23924 Agent 2 Docker plugin arbitrary file read via Docker API injection
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...
CVE-2026-23924
CVE-2026-23924 affects the Zabbix Agent 2 Docker plugin. The issue is improper sanitization of the docker.container_info parameters when forwarding to the Docker daemon, enabling an attacker capable of invoking Agent 2 to read arbitrary files from running Docker containers by injecting them via t...
CVE-2026-23924
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...
CVE-2026-23924 Agent 2 Docker plugin arbitrary file read via Docker API injection
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...
CVE-2026-23924
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...
PT-2026-27477
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.container info' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...
Zabbix 安全漏洞
Zabbix is a set of open-source monitoring systems developed by Zabbix Inc. This system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. Zabbix has security vulnerabilities; one of these vulnerabilities stems from the Docker plugin not properly cleaning...
@snyk/snyk-cocoapods-plugin (=2.6.0), snyk-docker-plugin (>=8.0.0 <=8.4.0) potentially affected by CVE-2026-32094 via shescape (=2.1.0)
shescape NPM version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on shescape and may be impacted: - @snyk/snyk-cocoapods-plugin =2.6.0 - snyk-docker-plugin =8.0.0, =8.4.0 Source cves: CVE-2026-32094 Source advisory: SNYK:JS-SHESCAPE-15467452...
CVE-2025-15558
Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries docker-compose.exe, docker-buildx.exe, etc. that are executed when a...
CVE-2025-12970
The extractname function in Fluent Bit indocker input plugin copies container names into a fixed size stack buffer without validating length. An attacker who can create containers or control container names, can supply a long name that overflows the buffer, leading to process crash or arbitrary...
CVE-2025-12970
The CVE-2025-12970 detail describes a vulnerability in Fluent Bit: the extract_name function in the in_docker input plugin copies container names into a fixed-size stack buffer without validating length, allowing an attacker who can create or name containers to supply a long name that overflows t...
EUVD-2025-6497
Malicious code in bioql PyPI...