801 matches found
Medium: docker
Issue Overview: Lack of content verification in Docker-CE Also known as Moby versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing...
Medium: docker
Issue Overview: The default OCI Linux spec in oci/defaultslinux.go in Docker/Moby, from 1.11 to current, does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling Bluetooth or turning up/down keyboard brightness. CVE-2018-10892 Affected...
Important: docker
Issue Overview: A flaw was discovered in the API endpoint behind the 'docker cp' command. The endpoint is vulnerable to a Time Of Check to Time Of Use TOCTOU vulnerability in the way it handles symbolic links inside a container. An attacker who has compromised an existing container can cause...
Medium: containerd
Issue Overview: A flaw was found in containerd. Access controls for the shim's API socket verified that a connecting process had an effective UID of 0, but otherwise did not restrict access to the abstract Unix domain socket. This could allow malicious containers running in the same network...
Important: runc
Issue Overview: runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. CVE-2019-16884 A flaw was...
Important: runc
Issue Overview: runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. CVE-2019-16884 A flaw was...
Medium: containerd, docker
Issue Overview: In the OCI Distribution Specification version 1.0.0 and prior and in the OCI Image Specification version 1.0.1 and prior, manifest and index documents are ambiguous without an accompanying Content-Type HTTP header. Versions of Moby Docker Engine prior to 20.10.11 and versions of...
Medium: docker
Issue Overview: A flaw was found in the userns-remap feature of Docker. The root user in the remapped namespace can modify files under /var/lib/docker/, leading to possible privilege escalation to the root user in the host. The highest threat from this vulnerability is to data integrity...
Important: kernel-livepatch-5.10.62-55.141
Issue Overview: No CVE associated with this advisory Affected Packages: kernel-livepatch-5.10.62-55.141 Issue Correction: Please ensure you have live patching enabled. Run yum update kernel-livepatch-5.10.62-55.141 or yum update --advisory ALAS2LIVEPATCH-2021-068 to update your system. New...
Important: kernel-livepatch-4.14.241-184.433
Issue Overview: No CVE associated with this advisory Affected Packages: kernel-livepatch-4.14.241-184.433 Issue Correction: Please ensure you have live patching enabled. Run yum update kernel-livepatch-4.14.241-184.433 or yum update --advisory ALAS2LIVEPATCH-2021-063 to update your system. New...
Important: kernel-livepatch-4.14.243-185.433
Issue Overview: No CVE associated with this advisory Affected Packages: kernel-livepatch-4.14.243-185.433 Issue Correction: Please ensure you have live patching enabled. Run yum update kernel-livepatch-4.14.243-185.433 or yum update --advisory ALAS2LIVEPATCH-2021-062 to update your system. New...
Important: kernel-livepatch-4.14.232-177.418
Issue Overview: No CVE associated with this advisory Affected Packages: kernel-livepatch-4.14.232-177.418 Issue Correction: Please ensure you have live patching enabled. Run yum update kernel-livepatch-4.14.232-177.418 or yum update --advisory ALAS2LIVEPATCH-2021-060 to update your system. New...
Important: kernel-livepatch-4.14.232-176.381
Issue Overview: No CVE associated with this advisory Affected Packages: kernel-livepatch-4.14.232-176.381 Issue Correction: Please ensure you have live patching enabled. Run yum update kernel-livepatch-4.14.232-176.381 or yum update --advisory ALAS2LIVEPATCH-2021-054 to update your system. New...
Important: kernel-livepatch-4.14.232-177.418
Issue Overview: No CVE associated with this advisory Affected Packages: kernel-livepatch-4.14.232-177.418 Issue Correction: Please ensure you have live patching enabled. Run yum update kernel-livepatch-4.14.232-177.418 or yum update --advisory ALAS2LIVEPATCH-2021-059 to update your system. New...
Important: kernel-livepatch-4.14.232-176.381
Issue Overview: No CVE associated with this advisory Affected Packages: kernel-livepatch-4.14.232-176.381 Issue Correction: Please ensure you have live patching enabled. Run yum update kernel-livepatch-4.14.232-176.381 or yum update --advisory ALAS2LIVEPATCH-2021-056 to update your system. New...
Important: kernel-livepatch-4.14.231-173.360
Issue Overview: No CVE associated with this advisory Affected Packages: kernel-livepatch-4.14.231-173.360 Issue Correction: Please ensure you have live patching enabled. Run yum update kernel-livepatch-4.14.231-173.360 or yum update --advisory ALAS2LIVEPATCH-2021-058 to update your system. New...
Low: kernel-livepatch-4.14.219-161.340
Issue Overview: A low severity issue was found in the Nitro Enclaves Linux kernel driver that could lead to local privilege escalation. The issue does not break the isolation or security of what is running inside the enclave as the Nitro Enclave's security model already excludes the instance...
Low: kernel-livepatch-4.14.225-168.357
Issue Overview: A low severity issue was found in the Nitro Enclaves Linux kernel driver that could lead to local privilege escalation. The issue does not break the isolation or security of what is running inside the enclave as the Nitro Enclave's security model already excludes the instance...
Important: kernel-livepatch-4.14.186-146.268
Issue Overview: An issue has been reported in the Linux kernel's handling of raw sockets. This issue can be used locally to cause denial of service or local privilege escalation from unprivileged processes or from containers with the CAPNETRAW capability enabled. See Also:...
Important: kernel-livepatch-4.14.171-136.231
Issue Overview: An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-iosched.c related to bfqidleslicetimerbody.CVE-2020-12657 Affected Packages: kernel-livepatch-4.14.171-136.231 Issue Correction: Please ensure you have live patching enabled. Run yum...