Product:

Docker

(Docker)
Repositories https://github.com/opencontainers/runc
#Vulnerabilities 37
Date Id Summary Products Score Patch Annotated
2018-07-06 CVE-2018-10892 The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness. Docker, Moby, Leap, Enterprise_linux, Enterprise_linux_server, Openstack 5.3
2019-12-17 CVE-2014-8178 Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands. Cs_engine, Docker, Opensuse 5.5
2019-12-17 CVE-2014-8179 Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation. Cs_engine, Docker, Opensuse 7.5
2020-07-13 CVE-2020-14298 The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the container host and other containers running on the same host. This issue only affects docker version 1.13.1-108.git4ef4b30.el7, shipped in Red Hat Enterprise Linux 7 Extras. Both earlier and later... Docker, Enterprise_linux_server, Openshift_container_platform 8.8
2020-07-13 CVE-2020-14300 The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in that update was the fix for CVE-2016-9962, that was previously corrected in the docker packages in Red Hat Enterprise Linux 7 Extras via RHSA-2017:0116... Docker, Enterprise_linux_server 8.8
2021-02-02 CVE-2021-21285 In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing. Debian_linux, Docker, E\-Series_santricity_os_controller 6.5
2021-01-15 CVE-2021-3162 Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation. Docker 7.8
2022-02-19 CVE-2022-25365 Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774. Docker 7.8
2021-02-02 CVE-2021-21284 In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/<remapping>" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user. Debian_linux, Docker, E\-Series_santricity_os_controller 6.8
2019-07-29 CVE-2019-14271 In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container. Debian_linux, Docker, Leap 9.8