Lucene search
K

35 matches found

Tenable Nessus
Tenable Nessus
added 2024/12/17 12:0 a.m.26 views

Ubuntu 18.04 LTS / 24.04 LTS : Docker vulnerabilities (USN-7161-1)

The remote Ubuntu 18.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7161-1 advisory. Yair Zak discovered that Docker could unexpectedly forward DNS requests from internal networks in an unexpected manner. An attacker could...

9.9CVSS7.6AI score0.16496EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2024/12/16 1:56 p.m.38 views

USN-7161-1: Docker vulnerabilities

Yair Zak discovered that Docker could unexpectedly forward DNS requests from internal networks in an unexpected manner. An attacker could possibly use this issue to exfiltrate data by encoding information in DNS queries to controlled nameservers. This issue was only addressed for the source packa...

9.9CVSS7.5AI score0.16496EPSS
Exploits0
CISA
CISA
added 2024/02/01 12:0 p.m.12 views

Moby and Open Container Initiative Release Critical Updates for Multiple Vulnerabilities Affecting Docker-related Components

Moby and the Open Container Initiative OCI have released updates for multiple vulnerabilities CVE-2024-23651, CVE-2024-23652, CVE-2024-23653, CVE-2024-21626 affecting Docker-related components, including Moby BuildKit and OCI runc. A cyber threat actor could exploit these vulnerabilities to take...

10CVSS9.4AI score0.18087EPSS
Exploits18References7
Amazon
Amazon
added 2023/04/05 12:0 a.m.5 views

Medium: docker

Issue Overview: A flaw was found in Moby. This flaw allows an attacker to bypass primary group restrictions due to a flaw in the supplementary group access setup. CVE-2022-36109 Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permissions. Unauthorized users outside the Docker...

6.3CVSS6.8AI score0.00837EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/03 12:48 p.m.36 views

Security Bulletin: IBM Cloud Private is vulnerable to Docker vulnerabilities (CVE-2021-21285, CVE-2021-21284)

Summary IBM Cloud Private is vulnerable to Docker vulnerabilities Vulnerability Details CVEID: CVE-2021-21285 DESCRIPTION: Docker is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to pull a specially-crafted Docker image, a remote attacker could...

6.8CVSS0.8AI score0.03287EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/08/09 12:0 a.m.14 views

Ubuntu 21.04 : Docker vulnerabilities (USN-5032-2)

The remote Ubuntu 21.04 host has a package installed that is affected by a vulnerability as referenced in the USN-5032-2 advisory. USN-5032-1 fixed vulnerabilities in Docker. This update provides the corresponding updates for Ubuntu 21.04. Tenable has extracted the preceding description block...

5.6AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2021/08/06 12:0 a.m.21 views

Ubuntu 18.04 LTS / 20.04 LTS : Docker vulnerabilities (USN-5032-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5032-1 advisory. Several vulnerabilities were fixed in Docker. This update provides a new upstream version that fixed them. Tenable has extracted the preceding...

5.6AI score
Exploits0References1
OSV
OSV
added 2021/08/05 1:32 p.m.5 views

USN-5032-1 docker.io vulnerabilities

Several vulnerabilities were fixed in Docker. This update provides a new upstream version that fixed them...

6.8CVSS6.9AI score0.03287EPSS
Exploits0References2
Gitee
Gitee
added 2021/05/16 8:36 p.m.4 views

vulhub

This repository is an open-source collection of pre-built vulnerable Docker environments, known as Vulhub. It is an offensive tool for testing and demonstrating vulnerabilities in various software and systems. The primary vulnerability class/vector targeted by Vulhub is not explicitly stated, but...

8.6AI score
Exploits0
Gitee
Gitee
added 2020/10/02 7:57 p.m.2 views

vulhub

This is an open-source collection of pre-built vulnerable docker environments. It is not a PoC exploit for a specific CVE, but rather a toolkit for testing and demonstrating vulnerabilities. The repository contains a variety of vulnerable environments, including ones for Flask, Apache, and Jenkin...

7.1AI score
Exploits0
Gitee
Gitee
added 2020/07/12 3:58 p.m.7 views

Exploit for Improper Encoding or Escaping of Output in F5 Nginx

It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID present in the provided context is not explicitly stated, but the repository contains various vulnerable environments based on Docker-Compose, including ones for CVE-2016-9086, CVE-2017-1000353,...

9.8CVSS7.5AI score0.99679EPSS
Exploits53
Gitee
Gitee
added 2020/06/14 9:34 p.m.4 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not specified, but it includes various types of vulnerabilities such as SQL injection, cross-site scripting XSS, and remote code execution RCE. The target product/service or...

8.3AI score
Exploits0
OSV
OSV
added 2019/08/29 4:21 p.m.8 views

OPENSUSE-SU-2019:2021-1 Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork

This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues: Docker: - CVE-2019-14271: Fixed a code injection if the nsswitch facility dynamically loaded a library inside a chroot bsc1143409. - CVE-2019-13509: Fixed an information leak in the debug...

9.8CVSS7.4AI score0.9857EPSS
Exploits35References12
OSV
OSV
added 2019/05/19 11:27 a.m.12 views

MGASA-2019-0180 Updated docker packages fix security vulnerability

Security issues fixed for containerd, docker, docker-runc and golang-github-docker-libnetwork: CVE-2018-16873: cmd/go: remote command execution during "go get -u" bsc1118897 CVE-2018-16874: cmd/go: directory traversal in "go get" via curly braces in import paths bsc1118898 CVE-2018-16875:...

8.1CVSS7.8AI score0.66252EPSS
Exploits0References4
Amazon
Amazon
added 2015/05/07 12:0 a.m.37 views

Critical: docker

Issue Overview: The file-descriptor passed by libcontainer to the pid-1 process of a container has been found to be opened prior to performing the chroot, allowing insecure open and symlink traversal. This allows malicious container images to trigger a local privilege escalation. CVE-2015-3627...

7.8CVSS6.6AI score0.00609EPSS
Exploits0
Rows per page
Query Builder