35 matches found
Ubuntu 18.04 LTS / 24.04 LTS : Docker vulnerabilities (USN-7161-1)
The remote Ubuntu 18.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7161-1 advisory. Yair Zak discovered that Docker could unexpectedly forward DNS requests from internal networks in an unexpected manner. An attacker could...
USN-7161-1: Docker vulnerabilities
Yair Zak discovered that Docker could unexpectedly forward DNS requests from internal networks in an unexpected manner. An attacker could possibly use this issue to exfiltrate data by encoding information in DNS queries to controlled nameservers. This issue was only addressed for the source packa...
Moby and Open Container Initiative Release Critical Updates for Multiple Vulnerabilities Affecting Docker-related Components
Moby and the Open Container Initiative OCI have released updates for multiple vulnerabilities CVE-2024-23651, CVE-2024-23652, CVE-2024-23653, CVE-2024-21626 affecting Docker-related components, including Moby BuildKit and OCI runc. A cyber threat actor could exploit these vulnerabilities to take...
Medium: docker
Issue Overview: A flaw was found in Moby. This flaw allows an attacker to bypass primary group restrictions due to a flaw in the supplementary group access setup. CVE-2022-36109 Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permissions. Unauthorized users outside the Docker...
Security Bulletin: IBM Cloud Private is vulnerable to Docker vulnerabilities (CVE-2021-21285, CVE-2021-21284)
Summary IBM Cloud Private is vulnerable to Docker vulnerabilities Vulnerability Details CVEID: CVE-2021-21285 DESCRIPTION: Docker is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to pull a specially-crafted Docker image, a remote attacker could...
Ubuntu 21.04 : Docker vulnerabilities (USN-5032-2)
The remote Ubuntu 21.04 host has a package installed that is affected by a vulnerability as referenced in the USN-5032-2 advisory. USN-5032-1 fixed vulnerabilities in Docker. This update provides the corresponding updates for Ubuntu 21.04. Tenable has extracted the preceding description block...
Ubuntu 18.04 LTS / 20.04 LTS : Docker vulnerabilities (USN-5032-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5032-1 advisory. Several vulnerabilities were fixed in Docker. This update provides a new upstream version that fixed them. Tenable has extracted the preceding...
USN-5032-1 docker.io vulnerabilities
Several vulnerabilities were fixed in Docker. This update provides a new upstream version that fixed them...
vulhub
This repository is an open-source collection of pre-built vulnerable Docker environments, known as Vulhub. It is an offensive tool for testing and demonstrating vulnerabilities in various software and systems. The primary vulnerability class/vector targeted by Vulhub is not explicitly stated, but...
vulhub
This is an open-source collection of pre-built vulnerable docker environments. It is not a PoC exploit for a specific CVE, but rather a toolkit for testing and demonstrating vulnerabilities. The repository contains a variety of vulnerable environments, including ones for Flask, Apache, and Jenkin...
Exploit for Improper Encoding or Escaping of Output in F5 Nginx
It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID present in the provided context is not explicitly stated, but the repository contains various vulnerable environments based on Docker-Compose, including ones for CVE-2016-9086, CVE-2017-1000353,...
vulhub
It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not specified, but it includes various types of vulnerabilities such as SQL injection, cross-site scripting XSS, and remote code execution RCE. The target product/service or...
OPENSUSE-SU-2019:2021-1 Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork
This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues: Docker: - CVE-2019-14271: Fixed a code injection if the nsswitch facility dynamically loaded a library inside a chroot bsc1143409. - CVE-2019-13509: Fixed an information leak in the debug...
MGASA-2019-0180 Updated docker packages fix security vulnerability
Security issues fixed for containerd, docker, docker-runc and golang-github-docker-libnetwork: CVE-2018-16873: cmd/go: remote command execution during "go get -u" bsc1118897 CVE-2018-16874: cmd/go: directory traversal in "go get" via curly braces in import paths bsc1118898 CVE-2018-16875:...
Critical: docker
Issue Overview: The file-descriptor passed by libcontainer to the pid-1 process of a container has been found to be opened prior to performing the chroot, allowing insecure open and symlink traversal. This allows malicious container images to trigger a local privilege escalation. CVE-2015-3627...