CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9167 matches found

Tenable Nessus•added 2020/06/24 12:0 a.m.•116 views

RHEL 7 : docker (RHSA-2020:2653)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2653 advisory. Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that...

9.3CVSS7.2AI score0.9589EPSS

Exploits33References9

Oracle linux•added 2020/06/24 12:0 a.m.•82 views

docker-cli docker-engine security update

docker-cli 19.03.11-4 - added patch for registry list 19.03.11-3 - update to 19.03.11 for CVE-2020-13401 19.03.1-1.0.0 - update to 19.03.1 19.03-0.0.1 - update to 19.03 18.09.1-1.0.6 - disable kmem accounting for UEKR4 18.09.1-1.0.5 - apply e4931e664feac6fa8846f3f04268a0cc98822549, fixes...

9.3CVSS0.3AI score0.9589EPSS

Exploits33

RedHat Linux•added 2020/06/23 7:44 p.m.•2 views

docker: Security regression of CVE-2016-9962 due to inclusion of vulnerable runc

The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2016-9962, which was previously fixed via RHSA-2017:0116. This issue could allow a malicious or compromised container to compromise the...

8.8CVSS6.9AI score0.00385EPSS

Exploits0References5

RedHat Linux•added 2020/06/23 7:44 p.m.•2 views

docker: Ambient capability usage in containers

The runc version as used in docker 1.12.2 was incorrectly setting ambient capabilities for all processes executed inside containers. This caused processes of non-root users to run with unexpected privileges, allowing them to escalate their privileges to root...

7.5CVSS7.1AI score0.02754EPSS

Exploits0References5

RedHat Linux•added 2020/06/23 7:44 p.m.•2 views

docker: Security regression of CVE-2019-5736 due to inclusion of vulnerable runc

The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the...

9.3CVSS6.9AI score0.9589EPSS

Exploits33References5

RedHat Linux•added 2020/06/23 7:44 p.m.•100 views

Important: Red Hat Security Advisory: docker security update

An update for docker is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

9.3CVSS7AI score0.9589EPSS

Exploits33References5

RedhatCVE•added 2020/06/23 7:26 p.m.•41 views

CVE-2020-14300

4.6CVSS3.7AI score0.00385EPSS

Exploits0References3

RedhatCVE•added 2020/06/23 7:26 p.m.•75 views

CVE-2020-14298

9.3CVSS3.7AI score0.9589EPSS

Exploits33References3

OpenVAS•added 2020/06/23 12:0 a.m.•20 views

Fedora: Security Advisory for moby-engine (FEDORA-2020-5ba8c2d9d5)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6CVSS6.4AI score0.02839EPSS

Exploits0References2

OpenVAS•added 2020/06/23 12:0 a.m.•28 views

Fedora: Security Advisory for moby-engine (FEDORA-2020-6d7deafd81)

6CVSS6.4AI score0.02839EPSS

Exploits0References2

OSV•added 2020/06/22 6:17 p.m.•7 views

OPENSUSE-SU-2020:0846-1 Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork

This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues: Docker was updated to 19.03.11-ce runc was updated to version 1.0.0-rc10 containerd was updated to version 1.2.13 - CVE-2020-13401: Fixed an issue where an attacker with CAPNETRAW...

6CVSS6.2AI score0.02839EPSS

Exploits0References3

NVD•added 2020/06/22 2:15 p.m.•23 views

CVE-2020-8907

A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "docker" group, an attacker with this role is able to run docker and...

9.3CVSS0.00309EPSS

Exploits1References5

OSV•added 2020/06/22 2:15 p.m.•14 views

CVE-2020-8907

7.8CVSS6.9AI score

Exploits0References5

Prion•added 2020/06/22 2:15 p.m.•16 views

Design/Logic Flaw

6.9CVSS7.7AI score0.00309EPSS

Exploits1References5Affected Software2

UbuntuCve•added 2020/06/22 2:15 p.m.•25 views

CVE-2020-8907

9.3CVSS7.1AI score0.00309EPSS

Exploits1References4

OSV•added 2020/06/22 2:15 p.m.•1 views

UBUNTU-CVE-2020-8907

9.3CVSS7.1AI score0.00309EPSS

Exploits1References5

Vulnrichment•added 2020/06/22 1:45 p.m.•16 views

CVE-2020-8907 Priviged Escalation in Google Cloud Platform's Guest-OSLogin

9.3CVSS6.9AI score0.00309EPSS

Exploits1References5

Cvelist•added 2020/06/22 1:45 p.m.•25 views

CVE-2020-8907 Priviged Escalation in Google Cloud Platform's Guest-OSLogin

9.3CVSS7.7AI score0.00309EPSS

Exploits1References5

CVE•added 2020/06/22 1:45 p.m.•160 views

CVE-2020-8907

CVE-2020-8907 affects Google Cloud Platform’s guest-oslogin (versions between 20190304 and 20200507). A user with only the roles/compute.osLogin role can escalate to root by using their membership in the docker group to run docker, mount the host OS, and modify the host filesystem (including /etc...

9.3CVSS7.6AI score0.00309EPSS

Exploits1References5Affected Software1