Lucene search
K

9 matches found

CVE
CVE
added 2022/03/24 12:0 a.m.558 views

CVE-2022-24769

CVE-2022-24769 affects Moby (Docker Engine) before 20.10.14. The bug starts containers with non-empty inheritable Linux process capabilities, enabling programs with inheritable file capabilities to elevate to the container’s permitted set during execve, potentially impacting containers using Linu...

5.9CVSS6.5AI score0.00492EPSS
CVE
CVE
added 2021/10/04 8:20 p.m.526 views

CVE-2021-41089

CVE-2021-41089 concerns Moby (Docker Engine). A bug in docker cp into a specially-crafted container can cause Unix file permission changes for existing host files, potentially widening access to others. The issue is fixed in Moby/Docker Engine 20.10.9; users should upgrade to that version. Runnin...

6.3CVSS5.5AI score0.0027EPSS
CVE
CVE
added 2024/03/20 8:27 p.m.414 views

CVE-2024-29018

CVE-2024-29018 affects the Moby-based docker/libnetwork networking stack, where internal networks can forward DNS requests to an external nameserver due to how host loopback DNS resolution is bridged for internal networks. The issue enables an attacker controlling an authoritative DNS domain to c...

7.5CVSS5.8AI score0.0075EPSS
CVE
CVE
added 2024/02/01 4:26 p.m.412 views

CVE-2024-24557

CVE-2024-24557 affects Moby/Docker’s classic builder cache. The risk arises when building from scratch: HEALTHCHECK and ONBUILD changes may not trigger a cache miss, enabling cache poisoning if an attacker knows the Dockerfile. Impact varies by Buildkit usage: 23.0 and earlier are broadly affecte...

7.8CVSS7.4AI score0.00258EPSS
CVE
CVE
added 2021/10/04 8:20 p.m.284 views

CVE-2021-41091

CVE-2021-41091 concerns Moby (Docker Engine). A bug in the Docker Engine data directory (/var/lib/docker) left subdirectories with weak permissions, enabling unprivileged host users to traverse contents and, if containers held executables with elevated bits (e.g., setuid), to discover and run tho...

6.3CVSS6.9AI score0.02693EPSS
CVE
CVE
added 2022/09/09 5:20 p.m.176 views

CVE-2022-36109

CVE-2022-36109 concerns a bug in Moby/Docker Engine where supplementary groups are not set up correctly inside a container. An attacker with access to a container could manipulate supplementary group access to bypass primary group restrictions, potentially exposing sensitive information or enabli...

6.3CVSS6AI score0.00807EPSS
CVE
CVE
added 2022/04/18 4:20 p.m.172 views

CVE-2022-27652

CVE-2022-27652 relates to a security regression in cri-o/OpenShift container components where containers could be started with inheritable capabilities improperly. The Red Hat advisories note that the issue involves adding the fix for CVE-2022-27652 to certain OpenShift releases, and that older O...

5.3CVSS5.3AI score0.00241EPSS
CVE
CVE
added 2025/07/30 1:24 p.m.98 views

CVE-2025-54410

CVE-2025-54410 affects Moby (Docker Engine, Mirantis Container Runtime, and downstreams). A firewalld-related issue causes Docker to fail to re-create iptables rules that isolate bridge networks when firewalld reloads, allowing containers to reach ports across bridge networks on the same host. Th...

5.2CVSS6.5AI score0.00152EPSS
CVE
CVE
added 2018/09/10 5:0 p.m.69 views

CVE-2018-12608

Docker Moby before 17.06.0 is affected by a TLS authentication flaw: the engine validates client certificates against both the configured CA and system roots (on non‑Windows). This lets a client presenting a certificate signed by any system‑trusted root CA authenticate, instead of only certificat...

7.5CVSS7.3AI score0.0092EPSS