Lucene search
K

35 matches found

AlpineLinux
AlpineLinux
added 2022/09/09 5:20 p.m.62 views

CVE-2022-36109

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use...

6.3CVSS6.2AI score0.00807EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2022/09/09 12:0 a.m.8 views

PT-2022-4745 · Docker +4 · Moby +5

Name of the Vulnerable Software and Affected Versions: Moby Docker Engine versions prior to 20.10.18 Description: The issue is related to the improper setup of supplementary groups in Moby Docker Engine, which can allow an attacker with direct access to a container to bypass primary group...

9.9CVSS6.1AI score0.16496EPSS
Exploits2References97
Tenable Nessus
Tenable Nessus
added 2022/08/17 12:0 a.m.46 views

EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2022-2253)

According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where attempti...

7.8CVSS7.3AI score0.02693EPSS
Exploits3References6
OpenVAS
OpenVAS
added 2022/07/29 12:0 a.m.32 views

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2022-2129)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.2AI score0.00492EPSS
Exploits0References2
OSV
OSV
added 2022/05/24 4:51 p.m.35 views

GHSA-V2CV-WWXQ-QQ97 Moby Docker cp broken with debian containers

In Docker 19.03.x before 19.03.1 linked against the GNU C Library aka glibc, code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container...

9.8CVSS9.2AI score0.18828EPSS
Exploits3References11
Tenable Nessus
Tenable Nessus
added 2022/05/04 12:0 a.m.73 views

SUSE SLES12 Security Update : containerd, docker (SUSE-SU-2022:1507-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1507-1 advisory. - CVE-2022-24769: Fixed incorrect default inheritable capabilities bsc1197517. - CVE-2022-23648: Fixed directory traversal issue...

7.5CVSS7AI score0.27392EPSS
Exploits4References17
Amazon
Amazon
added 2022/04/27 12:0 a.m.3 views

Medium: containerd, docker

Issue Overview: A flaw was found in Moby Docker Engine, where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when...

5.9CVSS6.9AI score0.00492EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2021/11/15 6:14 p.m.689 views

CVE-2021-41091

A file permissions vulnerability was found in the Moby Docker Engine. The Moby data directory usually /var/lib/docker contains subdirectories with insufficiently restricted permissions, allowing unprivileged Linux users to traverse directory contents and execute programs. When the running contain...

6.3CVSS6.7AI score0.02693EPSS
Exploits3References5
Amazon
Amazon
added 2021/10/05 12:0 a.m.50 views

Medium: docker

Issue Overview: A bug was found in Moby Docker Engine where attempting to copy files using docker cp into a specially-crafted container can result in Unix file permission changes for existing files in the host 2019s filesystem, widening access to others. This bug does not directly allow files to ...

7.5CVSS6.4AI score0.02693EPSS
Exploits3
Ubuntu
Ubuntu
added 2021/10/04 10:48 p.m.130 views

USN-5103-1: docker.io vulnerability

Lei Wang and Ruizhi Xiao discovered that the Moby Docker engine in Docker incorrectly allowed the docker cp command to make permissions changes in the host filesystem in some situations. A local attacker could possibly use to this to expose sensitive information or gain administrative privileges...

6.3CVSS6.1AI score0.0027EPSS
Exploits0
NVD
NVD
added 2021/10/04 9:15 p.m.23 views

CVE-2021-41091

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where the data directory typically /var/lib/docker contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traver...

6.3CVSS0.02693EPSS
Exploits3References5
Debian CVE
Debian CVE
added 2021/10/04 8:20 p.m.31 views

CVE-2021-41089

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where attempting to copy files using docker cp into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem,...

6.3CVSS5.8AI score0.0027EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2021/10/04 12:0 a.m.49 views

CVE-2021-41089

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where attempting to copy files using docker cp into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem,...

6.3CVSS6.2AI score0.0027EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2021/10/04 12:0 a.m.69 views

CVE-2021-41091

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where the data directory typically /var/lib/docker contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traver...

6.3CVSS6.6AI score0.02693EPSS
Exploits3References2
OSV
OSV
added 2017/11/01 5:29 p.m.0 views

DEBIAN-CVE-2017-14992

Lack of content verification in Docker-CE Also known as Moby versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing...

6.5CVSS8.8AI score0.0247EPSS
Exploits0References1
Rows per page
Query Builder