Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Docker
(Docker)| Repositories | https://github.com/opencontainers/runc |
| #Vulnerabilities | 37 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-07-13 | CVE-2020-14298 | The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the container host and other containers running on the same host. This issue only affects docker version 1.13.1-108.git4ef4b30.el7, shipped in Red Hat Enterprise Linux 7 Extras. Both earlier and later... | Docker, Enterprise_linux_server, Openshift_container_platform | 8.8 | ||
| 2020-07-13 | CVE-2020-14300 | The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in that update was the fix for CVE-2016-9962, that was previously corrected in the docker packages in Red Hat Enterprise Linux 7 Extras via RHSA-2017:0116... | Docker, Enterprise_linux_server | 8.8 | ||
| 2021-02-02 | CVE-2021-21285 | In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing. | Debian_linux, Docker, E\-Series_santricity_os_controller | 6.5 | ||
| 2021-01-15 | CVE-2021-3162 | Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation. | Docker | 7.8 | ||
| 2022-02-19 | CVE-2022-25365 | Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774. | Docker | 7.8 | ||
| 2021-02-02 | CVE-2021-21284 | In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/<remapping>" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user. | Debian_linux, Docker, E\-Series_santricity_os_controller | 6.8 | ||
| 2019-07-29 | CVE-2019-14271 | In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container. | Debian_linux, Docker, Leap | 9.8 | ||
| 2016-06-01 | CVE-2016-3697 | libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container. | Docker, Runc, Opensuse | 7.8 | ||
| 2020-12-30 | CVE-2020-27534 | util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call. | Docker | 5.3 | ||
| 2019-12-02 | CVE-2014-9356 | Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile. | Docker | N/A |