SUSE CVE-2020-13401

An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAPNETRAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service...

SUSE CVE-2020-27534

util/binfmtmisc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call...

SUSE CVE-2021-41091

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where the data directory typically /var/lib/docker contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traver...

SUSE CVE-2022-24769

Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby Docker Engine prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux...

SUSE CVE-2022-27650

A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby Docker Engine where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to...

SUSE CVE-2022-27649

A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby Docker Engine, where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to...

SUSE CVE-2022-27651

A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby Docker Engine where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with...

SUSE CVE-2022-27652

A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby Docker Engine where containers started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs...

SUSE CVE-2022-36109

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use...

SUSE SLES15 / openSUSE 15 Security Update : podman (SUSE-SU-2023:0187-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0187-1 advisory. - Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 including from remot...

Amazon Linux 2022 : containerd, containerd-stress (ALAS2022-2022-210)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-210 advisory. A bug was found in containerd where containers launched through containerd's CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : containerd vulnerabilities (USN-5776-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5776-1 advisory. It was discovered that containerd incorrectly handled memory when receiving certain faulty Exec or ExecSync commands. A remote...

A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity.

...

EulerOS 2.0 SP5 : docker-engine (EulerOS-SA-2022-2706)

According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distributi...

EulerOS 2.0 SP5 : docker-engine (EulerOS-SA-2022-2707)

According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to versi...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2022-2707)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2022-2706)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2022 : containerd, containerd-stress (ALAS2022-2022-156)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-156 advisory. A bug was found in containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the ExecSync API. This...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2022-2427)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2022-2414)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...