Lucene search
K

1082 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/31 1:36 a.m.4 views

CVE-2026-33997

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a...

8.4CVSS5.7AI score0.00387EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/31 1:36 a.m.3 views

CVE-2026-33997 Moby: Off-by-one error in plugin privilege validation

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a...

6.8CVSS5.7AI score0.00387EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/03/31 1:36 a.m.4 views

CVE-2026-33997 Moby: Off-by-one error in plugin privilege validation

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a...

6.8CVSS5.7AI score0.00387EPSS
Exploits0References2
CVE
CVE
added 2026/03/31 1:36 a.m.40 views

CVE-2026-33997

CVE-2026-33997 affects Moby (docker) prior to 29.3.1. A daemon privilege-validation check is flawed, potentially allowing a privilege set that differs from the user-approved one to be accepted during docker plugin installation. Plugins requesting exactly one privilege are also affected because th...

8.4CVSS5.7AI score0.00387EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVE
added 2026/03/31 1:36 a.m.3 views

CVE-2026-33997

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a...

8.4CVSS5.2AI score0.00387EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/03/31 1:36 a.m.2 views

CVE-2026-33997

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a...

8.4CVSS5.7AI score0.00387EPSS
Exploits0
Cvelist
Cvelist
added 2026/03/31 1:36 a.m.30 views

CVE-2026-34040 Moby: AuthZ plugin bypass with oversized request body

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins AuthZ. This issue has been patched in version 29.3.1...

8.8CVSS0.08123EPSS
Exploits1References2
OSV
OSV
added 2026/03/31 1:36 a.m.4 views

CVE-2026-34040 Moby: AuthZ plugin bypass with oversized request body

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins AuthZ. This issue has been patched in version 29.3.1...

8.8CVSS5.8AI score0.08123EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/31 1:36 a.m.2 views

CVE-2026-34040 Moby: AuthZ plugin bypass with oversized request body

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins AuthZ. This issue has been patched in version 29.3.1...

8.8CVSS5.8AI score0.08123EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/31 1:36 a.m.5 views

CVE-2026-34040

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins AuthZ. This issue has been patched in version 29.3.1...

8.8CVSS5.8AI score0.08123EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/03/31 1:36 a.m.61 views

CVE-2026-34040

CVE-2026-34040 affects Moby, the open source container framework. Prior to version 29.3.1, an issue allows bypassing authorization plugins (AuthZ). The vulnerability has been fixed in 29.3.1. Connected sources consistently describe the problem as an AuthZ bypass in the daemon/plugin authorization...

8.8CVSS5.8AI score0.08123EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2026/03/31 1:36 a.m.3 views

CVE-2026-34040

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins AuthZ. This issue has been patched in version 29.3.1...

8.8CVSS7.6AI score0.08123EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2026/03/31 1:36 a.m.2 views

CVE-2026-34040

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins AuthZ. This issue has been patched in version 29.3.1...

8.8CVSS5.8AI score0.08123EPSS
Exploits1
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.8 views

Moby 安全漏洞

Moby is an open-source project developed by Moby. It aims to promote the containerization of software and help the ecosystem make container technology mainstream. Versions of Moby prior to 29.3.1 contained security vulnerabilities, which were due to allowing attackers to bypass authorized plugins...

8.8CVSS7.3AI score0.08123EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.10 views

Moby 安全漏洞

Moby is an open-source project developed by Moby. It aims to promote the containerization of software and help the ecosystem make container technology mainstream. Versions of Moby prior to 29.3.1 contained a security vulnerability. This vulnerability stemmed from an error in the plugin permission...

8.1CVSS5.8AI score0.00387EPSS
Exploits0References3
OSV
OSV
added 2026/03/27 5:43 p.m.4 views

GHSA-X744-4WPC-V9H2 Moby has AuthZ plugin bypass when provided oversized request bodies

Summary A security vulnerability has been detected that allows attackers to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being exploited is low. This is an incomplete fix for CVE-2024-41110. Impact If you don't use AuthZ plugins, you are not affecte...

8.8CVSS5.8AI score0.08123EPSS
Exploits1References7
Snyk
Snyk
added 2026/03/27 5:43 p.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the request handling flow inside the Docker daemon. An attacker can bypass authorization checks by sending specially-crafted requests that cause the authorization plugin to receive the request without its body...

8.8CVSS5.9AI score0.08123EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/27 5:38 p.m.3 views

Off-by-one Error

Overview Affected versions of this package are vulnerable to Off-by-one Error in the plugins privilege validation. An attacker can gain unauthorized access to sensitive plugin privileges by installing a malicious plugin that exploits the privilege comparison logic. - Remediation Upgrade...

8.4CVSS5.9AI score0.00387EPSS
Exploits0References2
OSV
OSV
added 2026/03/27 5:38 p.m.5 views

GHSA-PXQ6-2PRW-CHJ9 Moby has an Off-by-one error in its plugin privilege validation

Summary A security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a privilege set that differs from the one approved by the user...

6.8CVSS5.7AI score0.00387EPSS
Exploits0References6
Snyk
Snyk
added 2026/03/26 6:27 p.m.6 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack when processing Git URL fragment subdir components. An attacker can access files outside the intended Git repository root by specifying a crafted subdir value in the URL fragment. Note: This is only exploitable if builds...

8.2CVSS5.9AI score0.00463EPSS
Exploits0References3
Rows per page
Query Builder