166 matches found
OESA-2026-2138 moby security update
Docker is a product for you to build, ship and run any application as a lightweight container. Security Fixes: Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plug...
Microsoft Partner Center Access Control Vulnerability
Microsoft Partner Center is a Microsoft partner management platform for partners to manage customers, subscriptions and billing. An access control vulnerability exists in Microsoft Partner Center. The vulnerability stems from a failure to properly validate user privileges, resulting in improper...
Oracle VM VirtualBox Core Component Elevation of Privilege Vulnerability (CNVD-2026-18425)
Oracle VM VirtualBox is a desktop virtualization software developed by Oracle to run multiple operating systems on a single host. An elevation of privilege vulnerability exists in Oracle VM VirtualBox. The vulnerability stems from a failure of the Core component to properly handle privilege...
Medium: docker
Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...
SUSE CVE-2026-33997
Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a...
GO-2026-4883 Moby has an Off-by-one error in its plugin privilege validation in github.com/docker/docker
Moby has an Off-by-one error in its plugin privilege validation in github.com/docker/docker...
PT-2026-29933
Moby has an Off-by-one error in its plugin privilege validation in github.com/docker/docker...
CVE-2026-33997
A flaw was found in Moby, an open-source container framework. This vulnerability allows for a privilege validation bypass during docker plugin install. Due to an error in the daemon's privilege comparison logic, the system may incorrectly accept a plugin's requested privileges that differ from...
CVE-2026-33997
Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a...
UBUNTU-CVE-2026-33997
Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a...
CVE-2026-33997
Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a...
CVE-2026-33997
Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a...
Off-by-one Error
Overview Affected versions of this package are vulnerable to Off-by-one Error in the plugins privilege validation. An attacker can gain unauthorized access to sensitive plugin privileges by installing a malicious plugin that exploits the privilege comparison logic. - Remediation Upgrade...
Moby has an Off-by-one error in its plugin privilege validation
Summary A security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a privilege set that differs from the one approved by the user...
PT-2026-28590
Name of the Vulnerable Software and Affected Versions Docker affected versions not specified Description A flaw exists in the Docker daemon’s privilege validation process during docker plugin install. The daemon does not fully enforce plugin privilege checks, potentially allowing unintended...
CVE-2022-0633
The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site such as subscriber to download the most recent site & database...
CVE-2023-25074
Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies. This issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 MR1, vEL8.80 prior to vEL8.80.1192 MR2, vEL8.70 prior to vEL8.70.2185 MR4, vEL8.60 prior to...
Checkmk 安全漏洞
Checkmk is an IT monitoring platform from Checkmk, Inc. A security vulnerability exists in Checkmk versions prior to 2.4.0p17 and prior to 2.3.0p42, which stems from insufficient privilege validation and could lead to information disclosure...
Checkmk 安全漏洞
Checkmk is an IT monitoring platform from Checkmk, Inc. A security vulnerability exists in Checkmk versions 2.2.0, 2.3.0, and 2.4.0 up to and including 2.4.0p16, which stems from insufficient validation of REST API endpoint privileges and could lead to unauthorized actions or information disclosu...
Checkmk 安全漏洞
Checkmk is an IT monitoring platform from Checkmk, Inc. A security vulnerability exists in Checkmk version 2.4.0 up to and including 2.4.0p16, which stems from insufficient privilege validation and could lead to unauthorized operation or information disclosure...