CVE-2019-13139

In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in command injection into the underlying "git...

Rancher 2.0.x < 2.0.15 / 2.1.x < 2.1.10 / 2.2.x < 2.2.4 Command Injection

In Rancher 2 through 2.2.3, Project owners can inject additional fluentd configuration to read files or execute arbitrary commands inside the fluentd container. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable...

GHSA-GQ9M-QVPX-68HC Pallets Werkzeug Insufficient Entropy

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id...

Pallets Werkzeug Insufficient Entropy

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id...

Ubuntu 16.04 LTS / 18.04 LTS : Docker vulnerability (USN-4103-2)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4103-2 advisory. Jasiel Spelman discovered that a double free existed in the docker-credential- helpers dependency of Docker. A local attacker could use this to cause ...

Ubuntu: Security Advisory (USN-4103-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 19.04 : docker-credential-helpers vulnerability (USN-4103-1)

Jasiel Spelman discovered that a double free existed in docker-credential- helpers. A local attacker could use this to cause a denial of service crash or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu...

USN-4103-2: Docker vulnerability

Jasiel Spelman discovered that a double free existed in the docker-credential- helpers dependency of Docker. A local attacker could use this to cause a denial of service crash or possibly execute arbitrary code. Original advisory details: Jasiel Spelman discovered that a double free existed in...

USN-4103-2 Docker vulnerability

Jasiel Spelman discovered that a double free existed in the docker-credential- helpers dependency of Docker. A local attacker could use this to cause a denial of service crash or possibly execute arbitrary code. Original advisory details: Jasiel Spelman discovered that a double free existed in...

USN-4103-1: docker-credential-helpers vulnerability

Jasiel Spelman discovered that a double free existed in docker-credential- helpers. A local attacker could use this to cause a denial of service crash or possibly execute arbitrary code...

docker-engine security update

18.03.1.ol-0.0.15 - cherry-picked fix for CVE-2018-15664 from upstream 18.03.1.ol-0.0.14 - rebuild 18.03.1.ol-0.0.13 - update for CVE-2018-20699 18.03.1.ol-0.0.12 - correct the version string of containerd 18.03.1.ol-0.0.11 - update runc for CVE-2019-5736 18.03.1.ol-0.0.10 - update Go to version...

Security Bulletin: A Security Vulnerability affects IBM Cloud Private - Docker (CVE-2018-15664)

Summary A Security Vulnerability affects IBM Cloud Private - Docker CVE-2018-15664 Vulnerability Details CVEID: CVE-2018-15664 DESCRIPTION: Docker could allow a remote attacker to traverse directories on the system, caused by symlink-exchange race attacks in docker cp. By allowing the execution o...

OPENSUSE-SU-2019:1895-1 Security update for ledger

This update for ledger fixes the following issues: ledger was updated to 3.1.3: + Properly reject postings with a comment right after the flag bug 1753 + Make sorting order of lot information deterministic bug 1747 + Fix bug in tag value parsing bug 1702 + Remove the org command, which was always...

Security update for ansible (moderate)

openSUSE Security Update: Security update for ansible Announcement ID: openSUSE-SU-2019:1858-1 Rating: moderate References: 1109957 1112959 1118896 1126503 Cross-References: CVE-2018-16837 CVE-2018-16859 CVE-2018-16876 CVE-2019-3828 Affected Products: openSUSE Backports SLE-15-SP1 An update that...

Security update for ledger (moderate)

openSUSE Security Update: Security update for ledger Announcement ID: openSUSE-SU-2019:1895-1 Rating: moderate References: 1052478 1052484 1105084 Cross-References: CVE-2017-12481 CVE-2017-12482 CVE-2017-2807 CVE-2017-2808 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes four...

SUSE SLED15 / SLES15 Security Update : containerd, docker, docker-runc, golang-github-docker-libnetwork (SUSE-SU-2019:2117-1)

This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues : Docker : CVE-2019-14271: Fixed a code injection if the nsswitch facility dynamically loaded a library inside a chroot bsc1143409. CVE-2019-13509: Fixed an information leak in the debug lo...

OPENSUSE-SU-2019:1858-1 Security update for ansible

This update for ansible fixes the following issues: Ansible was updated to version 2.8.1: Full changelog is at /usr/share/doc/packages/ansible/changelogs/ - Bugfixes - ACI - DO not encode querystring - ACI modules - Fix non-signature authentication - Add missing directory provided via...

SUSE-SU-2019:2119-1 Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork

This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues: Docker: - CVE-2019-14271: Fixed a code injection if the nsswitch facility dynamically loaded a library inside a chroot bsc1143409. - CVE-2019-13509: Fixed an information leak in the debug...

SUSE-SU-2019:2117-1 Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork

This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues: Docker: - CVE-2019-14271: Fixed a code injection if the nsswitch facility dynamically loaded a library inside a chroot bsc1143409. - CVE-2019-13509: Fixed an information leak in the debug...

Insecure Randomness

werkzeug is vulnerable to insecure randomness. The vulnerability exists as the Docker containers uses the same machine ID...