Lucene search
+L

130 matches found

CNVD
CNVD
added 2021/02/26 12:0 a.m.6 views

Docker Resource Management Error Vulnerability (CNVD-2021-27276)

Docker is an open source application container engine from the American company Docker. It supports creating a container lightweight virtual machine and deploying and running applications on Linux systems, as well as automating the installation, deployment and upgrade of applications through...

6.5CVSS6.5AI score0.03287EPSS
Exploits0References1
CNNVD
CNNVD
added 2020/12/16 12:0 a.m.9 views

Docker Image influxdb Access Control Error Vulnerability

Docker is an open source application container engine from the American company Docker. The product supports creating a container lightweight virtual machine and deploying and running applications on Linux systems, as well as automating the installation, deployment, and upgrading of applications...

7.3AI score
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/10/19 12:0 a.m.88 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Docker vulnerability (USN-4589-2)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4589-2 advisory. USN-4589-1 fixed a vulnerability in containerd. This update provides the corresponding update for docker.io. Tenable has extracted the...

6.1CVSS6.4AI score0.02236EPSS
Exploits1References2
OSV
OSV
added 2020/02/07 6:15 p.m.8 views

CVE-2014-5278

A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs...

5.3CVSS6.7AI score0.01505EPSS
Exploits0References3
OSV
OSV
added 2020/02/07 6:15 p.m.4 views

DEBIAN-CVE-2014-5278

A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs...

5.3CVSS5.6AI score0.01505EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2020/02/07 5:3 p.m.59 views

CVE-2014-5278

A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs...

5.3CVSS5.2AI score0.01505EPSS
Exploits0
Gitee
Gitee
added 2020/02/04 1:43 p.m.11 views

Exploit for Improper Encoding or Escaping of Output in F5 Nginx

It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID is not explicitly mentioned, but the repository contains various vulnerable environments based on Docker-Compose, including ones for CVE-2016-9086, CVE-2013-4547, and CVE-2017-1000353. The target...

9.8CVSS7.5AI score0.99679EPSS
Exploits45
OSV
OSV
added 2020/01/28 7:52 a.m.4 views

MGASA-2020-0050 Updated opencontainers-runc packages fix security vulnerability

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory CVE-2019-16884...

7.5CVSS7.5AI score0.04409EPSS
Exploits1References3
OSV
OSV
added 2020/01/02 5:15 p.m.12 views

CVE-2014-0048

An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways...

9.8CVSS6.8AI score0.06508EPSS
Exploits0References14
RedHat Linux
RedHat Linux
added 2019/12/17 12:56 p.m.5 views

runc: AppArmor/SELinux bypass with malicious image that specifies a volume at /proc

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory...

7.5CVSS6.7AI score0.04409EPSS
Exploits1References4
Qualys Blog
Qualys Blog
added 2019/10/17 2:0 p.m.60 views

Graboid: Revenge of the Worms

This week saw news of self-propagating worms in the container landscape to perform unsanctioned computation tasks such as cryptojacking. This blog post is intended for Qualys customers and partners to understand how such container attacks work, provide security best practice recommendations &...

10CVSS9.6AI score0.06263EPSS
Exploits2
OSV
OSV
added 2019/08/19 5:9 p.m.6 views

USN-4103-2 Docker vulnerability

Jasiel Spelman discovered that a double free existed in the docker-credential- helpers dependency of Docker. A local attacker could use this to cause a denial of service crash or possibly execute arbitrary code. Original advisory details: Jasiel Spelman discovered that a double free existed in...

5.5CVSS6.2AI score0.00406EPSS
Exploits0References2
OSV
OSV
added 2019/08/09 3:15 p.m.1 views

DEBIAN-CVE-2019-14806

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id...

7.5CVSS6.6AI score0.02288EPSS
Exploits0References1
OSV
OSV
added 2019/07/08 2:41 p.m.4 views

USN-4048-1 Docker vulnerabilities

Aleksa Sarai discovered that Docker was vulnerable to a directory traversal attack. An attacker could use this vulnerability to read and write arbitrary files on the host filesystem as root...

9.3CVSS6.7AI score0.9857EPSS
Exploits34References3
OSV
OSV
added 2019/06/25 6:4 a.m.3 views

OPENSUSE-SU-2019:1621-1 Security update for docker

This update for docker fixes the following issues: Security issue fixed: - CVE-2018-15664: Fixed an issue which could make docker cp vulnerable to symlink-exchange race attacks bsc1096726. This update was imported from the SUSE:SLE-15:Update update project...

7.5CVSS7.7AI score0.03398EPSS
Exploits2References3
IBM Security Bulletins
IBM Security Bulletins
added 2019/05/17 4:10 p.m.50 views

Security Bulletin: A vulnerability in Docker affects PowerKVM

Summary PowerKVM is affected by a vulnerability in Docker. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2019-5736 DESCRIPTION: Runc could allow a local attacker to execute arbitrary commands on the system, cause by the improper handling of system file descriptors whe...

9.3CVSS2.2AI score0.9857EPSS
Exploits33Affected Software1
OpenVAS
OpenVAS
added 2019/02/14 12:0 a.m.203 views

Docker < 18.09.2 runc Command Execution Vulnerability

Docker is prone to a command execution vulnerability. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.3CVSS9AI score0.9857EPSS
Exploits33References2
IBM Security Bulletins
IBM Security Bulletins
added 2018/11/14 7:20 p.m.31 views

Security Bulletin: A Security Vulnerability could affect IBM® Cloud Private (CVE-2018-10892)

Summary Users of IBM Cloud Private and the IBM Cloud Automation Manager component could be affected by a vulnerability in Docker Vulnerability Details CVEID: CVE-2018-10892 DESCRIPTION: Docker could allow a local attacker to bypass security restrictions, caused by the failure to block /proc/acpi...

6.3CVSS0.6AI score0.01135EPSS
Exploits0Affected Software1
OSV
OSV
added 2018/09/10 5:29 p.m.3 views

UBUNTU-CVE-2018-12608

An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root...

7.5CVSS7.1AI score0.0092EPSS
Exploits0References2
OSV
OSV
added 2017/10/06 3:29 p.m.8 views

CVE-2014-0047

Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage...

7.8CVSS6.7AI score
Exploits0References5
Rows per page
Query Builder