CVSS: 8.8EPSS: 1%CPEs: 104EXPL: 1CVE-2018-15514
https://notcve.org/view.php?id=CVE-2018-15514
HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the "docker-users" group (who may not otherwise have administrator access) to escalate to administrator privileges. HandleRequestAsync en Docker para Windows en versiones anteriores a la 18.06.0-ce-rc3-win68 (edge) y anteriores a la 18.06.0-ce-win72 (estable) deserializaba peticiones a través de la tubería nombrada \\.\pipe\dockerBackend sin verificar la validez de los objetos .NET deserializados. • http://www.securityfocus.com/bid/105202 https://docs.docker.com/docker-for-windows/edge-release-notes https://docs.docker.com/docker-for-windows/release-notes https://srcincite.io/blog/2018/08/31/you-cant-contain-me-analyzing-and-exploiting-an-elevation-of-privilege-in-docker-for-windows.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2017-14992
https://notcve.org/view.php?id=CVE-2017-14992
Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing. Una falta de verificación en Docker-CE (también conocido como Moby), en versiones 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0 y anteriores, permite que un atacante remoto provoque una denegación de servicio (DoS) mediante un payload de capa de imagen modificado. Esto también se conoce como gzip bombing. • https://blog.cloudpassage.com/2017/10/13/discovering-docker-cve-2017-14992 https://github.com/moby/moby/issues/35075 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2016-3697 – docker: privilege escalation via confusion of usernames and UIDs
https://notcve.org/view.php?id=CVE-2016-3697
libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container. libcontainer/user/user.go en runC en versiones anteriores a 0.1.0, tal como se utiliza en Docker en versiones anteriores a 1.11.2, trata indebidamente un UID numérico como un nombre de usuario potencial, lo que permite a usuarios locales obtener privilegios a través de un nombre de usuario numérico en el archivo password en un contenedor. It was found that Docker would launch containers under the specified UID instead of a username. An attacker able to launch a container could use this flaw to escalate their privileges to root within the launched container. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00111.html http://rhn.redhat.com/errata/RHSA-2016-1034.html http://rhn.redhat.com/errata/RHSA-2016-2634.html https://github.com/docker/docker/issues/21436 https://github.com/opencontainers/runc/commit/69af385de62ea68e2e608335cffbb0f4aa3db091 https://github.com/opencontainers/runc/pull/708 https://github.com/opencontainers/runc/releases/tag/v0.1.0 https://security.gentoo.org/glsa/201612-28 https://access.redhat.com/security/cve/CVE- • CWE-264: Permissions, Privileges, and Access Controls •