CVE-2016-9223

CVE-2016-9223 affects Cisco CloudCenter Orchestrator (CCO) where the Docker Engine TCP port 2375 is exposed on 0.0.0.0. The misconfiguration allows an unauthenticated, remote attacker to install Docker containers with high privileges on the affected system. Cisco’s advisory and subsequent risk co...

Cisco Warns of Critical Flaw in CloudCenter Orchestrator Systems

Cisco Systems released a critical security bulletin for a vulnerability that could allow an attacker to gain root privileges on affected CloudCenter Orchestrator systems. The company released workaround instructions to mitigate the flaw along with making a software fix available for download. “Th...

Cisco CloudCenter Orchestrator Docker Engine Privilege Escalation Vulnerability

A vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator CCO; formerly CliQr could allow an unauthenticated, remote attacker to install Docker containers with high privileges on the affected system. The vulnerability is due to a misconfiguration that causes the Docker...

Docker Engine is vulnerable

Docker Engine is a set of lightweight runtime environments and package management tools from Docker, Inc. A security vulnerability exists in Docker Engine version 1.12.2, which stems from an enabled environment condition configured with the wrong condition policy. An attacker can exploit the...

CVE-2016-8867

Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or mounted volumes...

CVE-2016-8867

Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or mounted volumes...

CVE-2016-8867

Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or mounted volumes...

Oracle Linux 6 / 7 : docker-engine (ELSA-2016-3568)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2016-3568 advisory. 1.10.3-1.0.3 - CVE-2016-3697: docker: Potential privilege escalation via confusion of usernames and UIDs orabug 23279003 Tenable has extracted the preceding...

Oracle: Security Advisory (ELSA-2015-3085)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 6 / 7 : docker-engine (ELSA-2015-3085)

The remote Oracle Linux 6 / 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2015-3085 advisory. - Fix layer IDs lead to local graph poisoning CVE-2014-8178 - Fix manifest validation and parsing logic errors allow pull-by-digest validation bypa...

docker-engine security update

1.8.3-1.0.1 - Enable configuration of Docker daemon via sysconfig orabug 21804877 - Add documentation files to binary RPM 1.8.3 - Fix layer IDs lead to local graph poisoning CVE-2014-8178 - Fix manifest validation and parsing logic errors allow pull-by-digest validation bypass CVE-2014-8179 - Add...

docker: Read/write proc paths allow host modification & information disclosure

Docker Engine before 1.6.1 uses weak permissions for 1 /proc/asound, 2 /proc/timerstats, 3 /proc/latencystats, and 4 /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image...

docker: volume mounts allow LSM profile escalation

Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules LSM and dockert policies via an image that allows volumes to override files in /proc...

Docker Engine Arbitrary File Manipulation Vulnerability

Docker Engine is a set of lightweight runtime environments and package management tools from Docker, Inc. An arbitrary file manipulation vulnerability exists in versions of Docker Engine prior to 1.6.1, which allows local users to overwrite files in /proc by setting arbitrary Linux security modul...

CVE-2015-3631

Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules LSM and dockert policies via an image that allows volumes to override files in /proc...

CVE-2015-3631

Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules LSM and dockert policies via an image that allows volumes to override files in /proc...

DEBIAN-CVE-2015-3631

Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules LSM and dockert policies via an image that allows volumes to override files in /proc...

CVE-2015-3630

Docker Engine before 1.6.1 uses weak permissions for 1 /proc/asound, 2 /proc/timerstats, 3 /proc/latencystats, and 4 /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image...

DEBIAN-CVE-2015-3630

Docker Engine before 1.6.1 uses weak permissions for 1 /proc/asound, 2 /proc/timerstats, 3 /proc/latencystats, and 4 /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image...

CVE-2015-3629

Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization "mount namespace breakout" and write to arbitrary file on the host system via a symlink attack in an image when respawning a container...