Product:

Docker

(Docker)
Repositories https://github.com/opencontainers/runc
#Vulnerabilities 37
Date Id Summary Products Score Patch Annotated
2019-07-18 CVE-2019-13509 In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret. Docker 7.5
2019-09-25 CVE-2019-16884 runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. Ubuntu_linux, Docker, Fedora, Runc, Leap, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Openshift_container_platform 7.5
2020-02-07 CVE-2014-5278 A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs. Docker 5.3
2020-01-02 CVE-2014-0048 An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways. Geode, Docker 9.8
2014-07-11 CVE-2014-3499 Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors. Docker, Fedora N/A
2018-07-06 CVE-2018-10892 The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness. Docker, Moby, Leap, Enterprise_linux, Enterprise_linux_server, Openstack 5.3
2019-12-17 CVE-2014-8178 Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands. Cs_engine, Docker, Opensuse 5.5
2019-12-17 CVE-2014-8179 Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation. Cs_engine, Docker, Opensuse 7.5
2019-07-29 CVE-2019-14271 In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container. Debian_linux, Docker, Leap 9.8
2016-06-01 CVE-2016-3697 libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container. Docker, Runc, Opensuse 7.8