Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Docker
(Docker)Repositories | https://github.com/opencontainers/runc |
#Vulnerabilities | 37 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2019-07-18 | CVE-2019-13509 | In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret. | Docker | 7.5 | ||
2019-09-25 | CVE-2019-16884 | runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. | Ubuntu_linux, Docker, Fedora, Runc, Leap, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Openshift_container_platform | 7.5 | ||
2020-02-07 | CVE-2014-5278 | A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs. | Docker | 5.3 | ||
2020-01-02 | CVE-2014-0048 | An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways. | Geode, Docker | 9.8 | ||
2014-07-11 | CVE-2014-3499 | Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors. | Docker, Fedora | N/A | ||
2018-07-06 | CVE-2018-10892 | The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness. | Docker, Moby, Leap, Enterprise_linux, Enterprise_linux_server, Openstack | 5.3 | ||
2019-12-17 | CVE-2014-8178 | Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands. | Cs_engine, Docker, Opensuse | 5.5 | ||
2019-12-17 | CVE-2014-8179 | Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation. | Cs_engine, Docker, Opensuse | 7.5 | ||
2019-07-29 | CVE-2019-14271 | In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container. | Debian_linux, Docker, Leap | 9.8 | ||
2016-06-01 | CVE-2016-3697 | libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container. | Docker, Runc, Opensuse | 7.8 |