CVSS: 7.5EPSS: 0%CPEs: 64EXPL: 2CVE-2018-15664 – docker: symlink-exchange race attacks in docker cp
https://notcve.org/view.php?id=CVE-2018-15664
23 May 2019 — In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot). En Docker hasta la versión 18.06.1-ce-rc2, los endpoints API debajo del comando 'docker cp' son vulnerables a un ataque de de tipo symlink-exchange con salto de d... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00066.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 9.3EPSS: 0%CPEs: 43EXPL: 39CVE-2019-5736 – runc < 1.0-rc6 (Docker < 18.09.2) - Container Breakout
https://notcve.org/view.php?id=CVE-2019-5736
11 Feb 2019 — runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/sel... • https://packetstorm.news/files/id/165197 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 8.8EPSS: 1%CPEs: 104EXPL: 1CVE-2018-15514
https://notcve.org/view.php?id=CVE-2018-15514
01 Sep 2018 — HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the "docker-users" group (who may not otherwise have administrator access) to escalate to administrator privileges. HandleRequestAsync en Docker para Windows en versiones anteriores a la 18.06.0-ce-rc3-win68 (edge) y anteriores a la... • http://www.securityfocus.com/bid/105202 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.3EPSS: 0%CPEs: 8EXPL: 0CVE-2018-10892 – docker: container breakout without selinux in enforcing mode
https://notcve.org/view.php?id=CVE-2018-10892
06 Jul 2018 — The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness. La especificación OCI por defecto de Linux en oci/defaults{_linux}.go en Docker y Moby desde la versión 1.11 hasta la más actual no bloquea los nombres de ruta /proc/acpi. El error permite que un atacante modifique el hardware del host, como habilitar/desha... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html • CWE-250: Execution with Unnecessary Privileges •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-5282
https://notcve.org/view.php?id=CVE-2014-5282
06 Feb 2018 — Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'. Docker, en versiones anteriores a la 1.3, no valida correctamente los ID de imagen, lo que permite que atacantes remotos redireccionen a otra imagen mediante la carga de imágenes no fiables utilizando "docker load". • https://bugzilla.redhat.com/show_bug.cgi?id=1168436 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2017-14992
https://notcve.org/view.php?id=CVE-2017-14992
01 Nov 2017 — Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing. Una falta de verificación en Docker-CE (también conocido como Moby), en versiones 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0 y anteriores, permite que un atacante remoto provoque una denegación de servic... • https://blog.cloudpassage.com/2017/10/13/discovering-docker-cve-2017-14992 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0047
https://notcve.org/view.php?id=CVE-2014-0047
06 Oct 2017 — Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage. Las versiones anteriores a la 1.5 de Docker permiten que los usuarios locales provoquen un impacto sin especificar mediante vectores relacionados con el uso no seguro de /tmp. • http://www.openwall.com/lists/oss-security/2015/03/24/23 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9962 – docker: insecure opening of file-descriptor allows privilege escalation
https://notcve.org/view.php?id=CVE-2016-9962
10 Jan 2017 — RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container. RunC permitió procesos de contenedores adicionales a través de 'runc exec' para ser ptraced por el pid 1 del contenedor. Esto permite... • http://rhn.redhat.com/errata/RHSA-2017-0116.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6595
https://notcve.org/view.php?id=CVE-2016-6595
04 Jan 2017 — The SwarmKit toolkit 1.12.0 for Docker allows remote authenticated users to cause a denial of service (prevention of cluster joins) via a long sequence of join and quit actions. NOTE: the vendor disputes this issue, stating that this sequence is not "removing the state that is left by old nodes. At some point the manager obviously stops being able to accept new nodes, since it runs out of memory. Given that both for Docker swarm and for Docker Swarmkit nodes are *required* to provide a secret token (it's ac... • http://www.openwall.com/lists/oss-security/2016/08/04/1 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8867 – docker: Ambient capability usage in containers
https://notcve.org/view.php?id=CVE-2016-8867
28 Oct 2016 — Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or mounted volumes. Docker Engine 1.12.2 habilitó capacidades ambientales con políticas de capacidad mal configuradas. Esto permitió a imágenes maliciosas eludir los permisos de usuario de acceso a archivos dentro del contenedor filesystem o volúmenes montados. The runc version as used in docker 1.12.2 was incorrect... • http://www.securityfocus.com/bid/94228 • CWE-264: Permissions, Privileges, and Access Controls •