Product:

Docker

(Docker)
Repositories https://github.com/opencontainers/runc
#Vulnerabilities 33
Date Id Summary Products Score Patch Annotated
2019-02-11 CVE-2019-5736 runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling,... Mesos, Ubuntu_linux, Docker, Fedora, Kubernetes_engine, Onesphere, Lxc, Runc, Dc\/os, Kubernetes_engine, Service_management_automation, Hci_management_node, Solidfire, Backports_sle, Leap, Container_development_kit, Enterprise_linux, Enterprise_linux_server, Openshift 8.6
2019-08-28 CVE-2019-15752 Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command. Docker 7.8
2018-07-06 CVE-2018-10892 The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness. Docker, Moby, Leap, Enterprise_linux, Enterprise_linux_server, Openstack N/A
2020-01-02 CVE-2014-0048 An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways. Docker N/A
2020-07-13 CVE-2020-14300 The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in that update was the fix for CVE-2016-9962, that was previously corrected in the docker packages in Red Hat Enterprise Linux 7 Extras via RHSA-2017:0116... Docker, Enterprise_linux_server N/A
2020-07-13 CVE-2020-14298 The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the container host and other containers running on the same host. This issue only affects docker version 1.13.1-108.git4ef4b30.el7, shipped in Red Hat Enterprise Linux 7 Extras. Both earlier and later... Docker, Enterprise_linux_server, Openshift_container_platform N/A
2020-02-07 CVE-2014-5278 A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs. Docker N/A
2019-12-17 CVE-2014-8178 Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands. Cs_engine, Docker, Opensuse N/A
2019-12-17 CVE-2014-8179 Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation. Cs_engine, Docker, Opensuse N/A
2019-12-02 CVE-2014-9356 Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile. Docker N/A