Lucene search
K

93 matches found

OSV
OSV
added 2023/08/14 8:52 a.m.13 views

SUSE-SU-2023:3307-1 Security update for docker

This update for docker fixes the following issues: - Update to v20.10.25-ce - CVE-2023-28840: Fixed a bug where an attacker could inject arbitrary Ethernet frames to execute a Denial of Service attack. bsc1214107 - CVE-2023-28841: Fixed a bug which allows an attacker to sit in a trusted position ...

8.7CVSS7.7AI score0.02733EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2023/03/29 12:0 a.m.37 views

SUSE SLES12 Security Update : docker (SUSE-SU-2023:1625-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:1625-1 advisory. - CVE-2022-36109: Fixed a supplementary group permissions bypass bsc1205375. Update to 20.10.23-ce...

6.3CVSS6.7AI score0.00837EPSS
Exploits0References6
OSV
OSV
added 2022/05/17 12:22 a.m.9 views

GHSA-HQWH-8XV9-42HW tar-split memory exhaustion

Lack of content verification in Docker-CE Also known as Moby versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing...

6.5CVSS6.2AI score0.0247EPSS
Exploits0References6
OSV
OSV
added 2022/05/16 12:9 p.m.9 views

SUSE-SU-2022:1689-1 Security update for containerd, docker

This update for containerd, docker fixes the following issues: - CVE-2022-24769: Fixed incorrect default inheritable capabilities bsc1197517. - CVE-2022-23648: Fixed directory traversal issue bsc1196441. - CVE-2022-27191: Fixed a crash in a golang.org/x/crypto/ssh server bsc1197284. -...

7.5CVSS7.5AI score0.27392EPSS
Exploits4References9
Github Security Blog
Github Security Blog
added 2022/02/15 12:40 a.m.72 views

Privilege Escalation in Docker

Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors...

7.2CVSS6.4AI score0.00393EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2022/02/04 8:31 a.m.11 views

SUSE-SU-2022:0334-1 Security update for containerd, docker

This update for containerd, docker fixes the following issues: - CVE-2021-41089: Fixed 'cp' can chmod host files bsc1191015. - CVE-2021-41091: Fixed flaw that could lead to data directory traversal in moby bsc1191434. - CVE-2021-41092: Fixed exposed user credentials with a misconfigured...

7.8CVSS6.4AI score0.02693EPSS
Exploits3References11
OPENSUSE Linux
OPENSUSE Linux
added 2022/02/04 12:0 a.m.63 views

Security update for containerd, docker (moderate)

openSUSE Security Update: Security update for containerd, docker Announcement ID: openSUSE-SU-2022:0334-1 Rating: moderate References: 1191015 1191121 1191334 1191434 1193273 Cross-References: CVE-2021-41089 CVE-2021-41091 CVE-2021-41092 CVE-2021-41103 CVE-2021-41190 CVSS scores: CVE-2021-41089 N...

6.3CVSS7.1AI score0.02693EPSS
Exploits3References5
Veracode
Veracode
added 2020/06/24 3:8 a.m.33 views

Information Disclosure

docker is vulnerable to information disclosure. A security regression of CVE-2016-9962 due to inclusion of vulnerable runc allows an attacker to obtain confidential information...

8.8CVSS3AI score0.00382EPSS
Exploits0References9Affected Software1
GithubExploit
GithubExploit
added 2020/05/10 4:49 a.m.164 views

Exploit for OS Command Injection in Docker

RunC-CVE-2019-5736 --- Video: https://bit.ly/2WqvIL...

9.3CVSS8AI score0.9857EPSS
Exploits33
ThreatPost
ThreatPost
added 2020/04/16 9:51 p.m.70 views

Poorly Secured Docker Image Comes Under Rapid Attack

In a vivid example of why cloud infrastructure needs strong security, a simple Docker container honeypot was used for four different criminal campaigns in the span of 24 hours, in a recent lab test. Akamai security researcher Larry Cashdollar set up the Docker image to see what kind of notice it...

7.4AI score
Exploits0References13
Qualys Blog
Qualys Blog
added 2020/01/17 4:10 p.m.57 views

LibMiner: Container-Based Cryptocurrency Miner Targeting Unprotected Redis Servers

Qualys is actively tracking threats which target containers. In our recent analysis, we have identified a few docker instances executing a malware which we term as “LibMiner”. This malware has the capability to deploy and execute Cryptominer. It uses a unique technique for lateral movement across...

0.8AI score
Exploits0
NVD
NVD
added 2020/01/02 5:15 p.m.29 views

CVE-2014-0048

An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways...

9.8CVSS9.5AI score0.06508EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2020/01/02 4:22 p.m.60 views

CVE-2014-0048

An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways...

9.8CVSS8.7AI score0.06508EPSS
Exploits0
OSV
OSV
added 2019/10/25 1:56 p.m.11 views

SUSE-SU-2019:2786-1 Security update for docker-runc

This update for docker-runc fixes the following issues: - CVE-2019-16884: Fixed an LSM bypass via malicious Docker images that mount over a /proc directory. bsc1152308...

7.5CVSS7.6AI score0.04409EPSS
Exploits1References3
OSV
OSV
added 2019/09/10 4:23 p.m.8 views

OPENSUSE-SU-2019:2118-1 Security update for python-Werkzeug

This update for python-Werkzeug fixes the following issues: Security issue fixed: - CVE-2019-14806: Fixed the development server in Docker, the debugger security pin is now unique per container bsc1145383. This update was imported from the SUSE:SLE-15:Update update project...

7.5CVSS7.5AI score0.02288EPSS
Exploits0References3
OSV
OSV
added 2019/09/05 12:45 p.m.8 views

SUSE-SU-2019:2308-1 Security update for python-Werkzeug

This update for python-Werkzeug fixes the following issues: Security issue fixed: - CVE-2019-14806: Fixed the development server in Docker, the debugger security pin is now unique per container bsc1145383...

7.5CVSS7.5AI score0.02288EPSS
Exploits0References3
NVD
NVD
added 2019/08/22 8:15 p.m.21 views

CVE-2019-13139

In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in command injection into the underlying "git...

8.4CVSS8.3AI score0.01945EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2019/08/22 8:15 p.m.115 views

CVE-2019-13139

In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in command injection into the underlying "git...

8.4CVSS7.3AI score0.01945EPSS
Exploits1References3
Cvelist
Cvelist
added 2019/08/22 7:47 p.m.25 views

CVE-2019-13139

In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in command injection into the underlying "git...

8.4AI score0.01945EPSS
Exploits1References7
Debian CVE
Debian CVE
added 2019/08/22 7:47 p.m.26 views

CVE-2019-13139

In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in command injection into the underlying "git...

8.4CVSS8.9AI score0.01945EPSS
Exploits1
Rows per page
Query Builder