Lucene search
+L

9 matches found

osv
osv
added 2026/06/12 7:16 p.m.10 views

UBUNTU-CVE-2026-42306

Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to redirect a bind mount target to an arbitrary...

7.2CVSS5.3AI score0.00104EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/12 6:9 p.m.11 views

CVE-2026-42306 Moby: Race condition in docker cp allows bind mount redirection to host path

Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to redirect a bind mount target to an arbitrary...

7.2CVSS5.2AI score0.00104EPSS
Exploits0References1
debiancve
debiancve
added 2026/06/12 6:9 p.m.18 views

CVE-2026-42306

Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to redirect a bind mount target to an arbitrary...

7.2CVSS5.3AI score0.00104EPSS
Exploits0
vulnrichment
vulnrichment
added 2026/06/12 6:8 p.m.15 views

CVE-2026-41568 Moby: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap

Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to create empty files or directories at arbitra...

6.1CVSS5.3AI score0.00108EPSS
Exploits0References1
cve
cve
added 2026/06/12 6:8 p.m.103 views

CVE-2026-41568

CVE-2026-41568 describes a race condition in Moby/Docker Engine during docker cp mount setup. A malicious container could create empty files or directories at arbitrary absolute paths on the host filesystem. Affected versions include Docker Engine prior to 29.5.1, Docker Daemon prior to 28.5.2, a...

6.1CVSS5.3AI score0.00108EPSS
Exploits0References1Affected Software3
vulnrichment
vulnrichment
added 2026/06/05 12:35 a.m.14 views

CVE-2026-41567 Docker: `PUT /containers/{id}/archive` executes container binary on the host

Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via PUT /containers/id/archive or piped through docker cp -, the daemon resolves decompression binaries such as xz or unpigz fr...

7.2CVSS6.2AI score0.00153EPSS
Exploits0References1
snyk
snyk
added 2026/05/18 5:47 p.m.8 views

Uncontrolled Search Path Element

Overview Affected versions of this package are vulnerable to Uncontrolled Search Path Element during the archive decompression for PUT /containers/id/archive API requests. An attacker can execute arbitrary code on the host with daemon privileges by uploading a compressed archive containing a...

7.5CVSS6.2AI score0.00153EPSS
Exploits0References2
osv
osv
added 2025/07/08 10:15 p.m.2 views

CVE-2025-49526

Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.3AI score0.002EPSS
Exploits0References1
osv
osv
added 2025/07/08 10:15 p.m.2 views

CVE-2025-49525

Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

5.5CVSS5.8AI score0.00208EPSS
Exploits0References1
Rows per page
Query Builder