CVSS: 6.0EPSS: 13%CPEs: 5EXPL: 1CVE-2020-13401 – Debian Security Advisory 4716-1
https://notcve.org/view.php?id=CVE-2020-13401
02 Jun 2020 — An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service. Se detectó un problema en Docker Engine versiones anteriores a 19.03.11. Un atacante en un contenedor, con la capacidad CAP_NET_RAW, puede diseñar anuncios de router IPv6, y en consecuencia falsificar hosts IPv6 externos, obtener información confidenc... • https://github.com/arax-zaeimi/Docker-Container-CVE-2020-13401 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2014-8179
https://notcve.org/view.php?id=CVE-2014-8179
04 Dec 2019 — Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation. Docker Engine versiones anteriores a la versión 1.8.3 y CS Docker Engine versiones anteriores a la versión 1.6.2-CS7 no comprueba y extrae apropiadamente el objeto manifiesto desde su representación JSON durante una extracción, lo que permit... • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00014.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-8178
https://notcve.org/view.php?id=CVE-2014-8178
04 Dec 2019 — Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands. Docker Engine versiones anteriores a la versión 1.8.3 y CS Docker Engine versiones anteriores a la versión 1.6.2-CS7, no utilizan un identificador único de forma global para almacenar capas de imágenes, lo que facilita a atacantes envenenar la caché de imágenes por medio de u... • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00014.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 55%CPEs: 43EXPL: 39CVE-2019-5736 – runc < 1.0-rc6 (Docker < 18.09.2) - Container Breakout
https://notcve.org/view.php?id=CVE-2019-5736
11 Feb 2019 — runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/sel... • https://packetstorm.news/files/id/165197 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2018-20699 – docker: Memory exhaustion via large integer used with --cpuset-mems or --cpuset-cpus
https://notcve.org/view.php?id=CVE-2018-20699
12 Jan 2019 — Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go. Docker Engine, en versiones anteriores a la 18.09, permite que los atacantes provoquen una denegación de servicio (consumo de la memoria dockerd) mediante un entero grande en los valores --cpuset-mems o --cpuset-cpus. Esto está relacionado con daemon/daemon_uni... • https://access.redhat.com/errata/RHSA-2019:0487 • CWE-400: Uncontrolled Resource Consumption •