pkg:Go/github.com/moby/moby

All known vulnerabilities

• CRITICAL9.9CVE-2024-41110docker.io - security update
  >= 20.10.0+incompatible, < 25.0.6+incompatible, >= 26.0.0+incompatible, < 26.1.5+incompatible, >= 27.0.0+incompatible, < 27.1.1+incompatible
• CRITICAL9.8CVE-2019-14271Moby Docker cp broken with debian containers in github.com/docker/docker
  from 0, < 20.10.0-beta1+incompatible
• HIGH8.8Moby has AuthZ plugin bypass when provided oversized request bodies in github.com/docker/docker
  from 0
• HIGH8.8Moby has AuthZ plugin bypass when provided oversized request bodies in github.com/docker/docker
  from 0, < 29.3.1
• HIGH8.1Moby Race Condition vulnerability in github.com/moby/moby
  from 0, < 26.0.0+incompatible
• HIGH8.1Moby Race Condition vulnerability in github.com/moby/moby
  from 0, < 25.0.4
• HIGH7.2Docker: Race condition in docker cp allows bind mount redirection to host path
  from 0, <= 28.5.2
• HIGH7.2Docker: `PUT /containers/{id}/archive` executes container binary on the host
  from 0, <= 28.5.2
• MEDIUM6.9Classic builder cache poisoning in github.com/docker/docker
  from 0, < 24.0.9+incompatible, >= 25.0.0+incompatible, < 25.0.2+incompatible
• MEDIUM6.9Classic builder cache poisoning in github.com/docker/docker
  from 0, < 24.0.9
• MEDIUM6.8Moby has an Off-by-one error in its plugin privilege validation in github.com/docker/docker
  from 0
• MEDIUM6.8Moby has an Off-by-one error in its plugin privilege validation in github.com/docker/docker
  from 0
• MEDIUM6.8moby Access to remapped root allows privilege escalation to real root
  from 0, < 19.3.15
• MEDIUM6.5NULL Pointer Dereference on moby image history in github.com/moby/moby
  >= 25.0.0, < 26.1.0
• MEDIUM6.5Moby Race Condition vulnerability in github.com/moby/moby
  from 0, < 26.0.0
• MEDIUM6.5NULL Pointer Dereference on moby image history in github.com/moby/moby
  >= 25.0.0+incompatible, < 26.1.0+incompatible
• MEDIUM6.5Moby Race Condition vulnerability in github.com/moby/moby
  from 0, < 26.0.0+incompatible
• MEDIUM6.5moby docker daemon crash during image pull of malicious image
  from 0, < 19.3.15
• MEDIUM6.1Docker: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap
  from 0, <= 28.5.2
• MEDIUM5.9containerd - security update
  from 0, < 20.10.14+incompatible
• MEDIUM5.9containerd - security update
  from 0, < 20.10.14
• MEDIUM5.9Moby (Docker Engine) Insufficiently restricted permissions on data directory in github.com/docker/docker
  from 0, < 20.10.9+incompatible
• MEDIUM5.9Moby (Docker Engine) Insufficiently restricted permissions on data directory in github.com/docker/docker
  from 0, < 20.10.9
• MEDIUM5.9Docker Moby /proc/scsi Path Exposure Allows Host Data Loss (SCSI MICDROP)
  from 0, < 17.12.0-ce
• MEDIUM5.3Path Traversal in Moby builder
  from 0, < 19.03.9
• LOW3.0Moby (Docker Engine) is vulnerable to Ambiguous OCI manifest parsing in github.com/docker/docker
  from 0, < 20.10.11+incompatible
• LOW2.8Unexpected chmod of host files via 'docker cp' in Moby Docker Engine in github.com/docker/docker
  from 0, < 20.10.9+incompatible