Docker Engine 26.0.0 < 26.0.2 Unexpected Resource Exposure

The version of the Docker Engine installed on the remote host is 26.0.x prior to 26.0.2. It is therefore affected by an unexpected resource exposure vulnerability. In the affected versions of Moby, an open source container framework that is a key component of Docker Engine, Docker Desktop, and...

PT-2024-5203

Name of the Vulnerable Software and Affected Versions: Docker Engine versions prior to v27.1.1 Docker Engine versions 19.03 and later, excluding v19.03.x Docker CE versions prior to v27.1.1 Description: A security vulnerability has been detected in certain versions of Docker Engine, which could...

GHSA-2MM7-X5H6-5PVQ Moby (Docker Engine) started with non-empty inheritable Linux process capabilities

Impact A bug was found in Moby Docker Engine where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during...

Moby (Docker Engine) started with non-empty inheritable Linux process capabilities

Impact A bug was found in Moby Docker Engine where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during...

CVE-2024-32473

Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. In 26.0.0, IPv6 is not disabled on network interfaces, including those belonging to networks where --ipv6=false. An container with an ipvl...

CVE-2024-32473

Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. In 26.0.0, IPv6 is not disabled on network interfaces, including those belonging to networks where --ipv6=false. An container with an ipvl...

CVE-2024-32473 Moby IPv6 enabled on IPv4-only network interfaces

Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. In 26.0.0, IPv6 is not disabled on network interfaces, including those belonging to networks where --ipv6=false. An container with an ipvl...

CVE-2024-29018 External DNS requests from 'internal' networks could lead to data exfiltration

Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows for many networks, each with their own IP address range and gateway, to be defined. This feature i...

CVE-2024-29018

CVE-2024-29018 affects the Moby-based docker/libnetwork networking stack, where internal networks can forward DNS requests to an external nameserver due to how host loopback DNS resolution is bridged for internal networks. The issue enables an attacker controlling an authoritative DNS domain to c...

GHSA-3FWX-PJGW-3558 Moby (Docker Engine) Insufficiently restricted permissions on data directory

Impact A bug was found in Moby Docker Engine where the data directory typically /var/lib/docker contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable...

Moby (Docker Engine) Insufficiently restricted permissions on data directory

Impact A bug was found in Moby Docker Engine where the data directory typically /var/lib/docker contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable...

GHSA-6HWG-W5JG-9C6X Path Traversal in Moby builder

util/binfmtmisc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call...

Path Traversal in Moby builder

util/binfmtmisc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call...

EulerOS 2.0 SP8 : docker-engine (EulerOS-SA-2023-3118)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1,...

EulerOS 2.0 SP11 : docker-engine (EulerOS-SA-2023-2679)

According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various...

EulerOS 2.0 SP11 : docker-engine (EulerOS-SA-2023-2637)

According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various...

Siemens SCALANCE LPE9403 Incorrect Permission Assignment for Critical Resource (CVE-2021-41091)

A vulnerability was found in Moby Docker Engine where the data directory typically /var/lib/docker contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included...

Siemens SCALANCE LPE9403 Improper Preservation of Permissions (CVE-2021-41089)

A vulnerability was found in Moby Docker Engine where attempting to copy files using 'docker cp' into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, widening access to others. This bug does not directly allow files to be read,...

Security Bulletin: Vulnerability in docker affects Cloud Pak System (240631)

Summary Vulnerability has been found in docker engine moby shipped with docker pattern Type pType in Cloud Pak System. Vulnerability Details IBM X-Force ID: 240631 DESCRIPTION: Moby could allow a remote attacker to obtain sensitive information, caused by improper access control. By using a...

NewStart CGSL MAIN 5.04 : docker-ce Vulnerability (NS-SA-2023-0109)

The remote NewStart CGSL host, running version MAIN 5.04, has docker-ce packages installed that are affected by a vulnerability: - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where supplementary groups are not set up...