Lucene search
K

9278 matches found

CVE
CVE
added 2020/06/27 12:7 p.m.59 views

CVE-2020-15360

The provided connected documents identify CVE-2020-15360 as an elevation of privilege in Docker Desktop 2.3.0.3 caused by com.docker.vmnetd due to a lack of client verification/authentication. Affected product/component: Docker Desktop (Windows/macOS) with the vmnetd helper. Impact: privilege esc...

7.8CVSS7.8AI score0.00681EPSS
Exploits1References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/06/27 9:38 a.m.41 views

Security Bulletin: Multiple vulnerabilities in middleware software affect IBM Cloud Pak for Automation

Summary The vulnerabilities are related to Java, WebSphere Liberty and docker images used by IBM Cloud Pak for Automation ICP4A. More precisely these are in IBM® SDK Java™ Technology Edition, Version 8 disclosed as part of the IBM Java SDK updates in October 2019 and January 2020, and in WebSpher...

9.8CVSS1.4AI score0.14961EPSS
Exploits4Affected Software1
Gitee
Gitee
added 2020/06/26 4:35 p.m.3 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The repository carvin0316/vulhub contains a collection of vulnerable environments based on Docker-Compose. The target product/service or framework is not explicitly stated, but the environments are designed to be...

7.8AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2020/06/26 1:0 p.m.23 views

This Week in Security News: XORDDoS and Kaiji Botnet Malware Variants Target Exposed Docker Servers and Ripple20 Vulnerabilities Could Impact Millions of IoT Devices

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about two recently detected variants of existing Linux botnet malware types targeting exposed Docker servers. Also, read about a group...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2020/06/25 10:42 a.m.29 views

Docker Images Containing Cryptojacking Malware Distributed via Docker Hub

With Docker gaining popularity as a service to package and deploy software applications, malicious actors are taking advantage of the opportunity to target exposed API endpoints and craft malware-infested images to facilitate distributed denial-of-service DDoS attacks and mine cryptocurrencies...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2020/06/25 10:42 a.m.4 views

Docker Images Containing Cryptojacking Malware Distributed via Docker Hub

With Docker gaining popularity as a service to package and deploy software applications, malicious actors are taking advantage of the opportunity to target exposed API endpoints and craft malware-infested images to facilitate distributed denial-of-service DDoS attacks and mine cryptocurrencies...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2020/06/25 7:35 a.m.116 views

Exploit for Link Following in Docker Desktop

CVE-2020-10665 Docker Desktop Local Privilege Escalation POC...

7.2CVSS7AI score0.01435EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2020/06/25 12:0 a.m.253 views

Oracle Linux 7 : docker-cli / docker-engine (ELSA-2020-5739)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5739 advisory. - update to 19.03.11 for CVE-2020-13401 - apply e4931e664feac6fa8846f3f04268a0cc98822549, fixes CVE-2019-5736 - update to 19.03.11 for CVE-2020-13401 - apply...

9.3CVSS7AI score0.9857EPSS
Exploits33References2
Veracode
Veracode
added 2020/06/24 3:8 a.m.33 views

Information Disclosure

docker is vulnerable to information disclosure. A security regression of CVE-2016-9962 due to inclusion of vulnerable runc allows an attacker to obtain confidential information...

8.8CVSS3AI score0.00385EPSS
Exploits0References9Affected Software1
Veracode
Veracode
added 2020/06/24 3:8 a.m.36 views

Remote Code Execution

docker is vulnerable to remote code execution. The vulnerability exists due to a security regression of CVE-2019-5736 due to inclusion of vulnerable runc...

8.8CVSS3.4AI score0.9857EPSS
Exploits33References8Affected Software1
CNVD
CNVD
added 2020/06/24 12:0 a.m.3 views

Docker Code Issues Vulnerabilities

Docker is an open source application container engine from the American company Docker. It supports creating a container lightweight virtual machine and deploying and running applications on Linux systems, as well as automating the installation, deployment and upgrade of applications through...

8.8CVSS6.8AI score0.00385EPSS
Exploits0References1
Oracle linux
Oracle linux
added 2020/06/24 12:0 a.m.83 views

docker-cli docker-engine security update

docker-cli 19.03.11-4 - added patch for registry list 19.03.11-3 - update to 19.03.11 for CVE-2020-13401 19.03.1-1.0.0 - update to 19.03.1 19.03-0.0.1 - update to 19.03 18.09.1-1.0.6 - disable kmem accounting for UEKR4 18.09.1-1.0.5 - apply e4931e664feac6fa8846f3f04268a0cc98822549, fixes...

9.3CVSS0.3AI score0.9857EPSS
Exploits33
Tenable Nessus
Tenable Nessus
added 2020/06/24 12:0 a.m.117 views

RHEL 7 : docker (RHSA-2020:2653)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2653 advisory. Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that...

9.3CVSS7.2AI score0.9857EPSS
Exploits33References9
RedHat Linux
RedHat Linux
added 2020/06/23 7:44 p.m.4 views

docker: Ambient capability usage in containers

The runc version as used in docker 1.12.2 was incorrectly setting ambient capabilities for all processes executed inside containers. This caused processes of non-root users to run with unexpected privileges, allowing them to escalate their privileges to root...

7.5CVSS7.1AI score0.02754EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/06/23 7:44 p.m.3 views

docker: Security regression of CVE-2016-9962 due to inclusion of vulnerable runc

The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2016-9962, which was previously fixed via RHSA-2017:0116. This issue could allow a malicious or compromised container to compromise the...

8.8CVSS6.9AI score0.00385EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/06/23 7:44 p.m.3 views

docker: Security regression of CVE-2019-5736 due to inclusion of vulnerable runc

The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the...

9.3CVSS6.9AI score0.9857EPSS
Exploits33References5
RedHat Linux
RedHat Linux
added 2020/06/23 7:44 p.m.102 views

Important: Red Hat Security Advisory: docker security update

An update for docker is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

9.3CVSS7AI score0.9857EPSS
Exploits33References5
RedhatCVE
RedhatCVE
added 2020/06/23 7:26 p.m.41 views

CVE-2020-14300

The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2016-9962, which was previously fixed via RHSA-2017:0116. This issue could allow a malicious or compromised container to compromise the...

4.6CVSS3.7AI score0.00385EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2020/06/23 7:26 p.m.75 views

CVE-2020-14298

The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the...

9.3CVSS3.7AI score0.9857EPSS
Exploits33References3
OpenVAS
OpenVAS
added 2020/06/23 12:0 a.m.20 views

Fedora: Security Advisory for moby-engine (FEDORA-2020-5ba8c2d9d5)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6CVSS6.4AI score0.02839EPSS
Exploits0References2
Rows per page
Query Builder