Page 5 of 33 results (0.008 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2014-0047

https://notcve.org/view.php?id=CVE-2014-0047

Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage. Las versiones anteriores a la 1.5 de Docker permiten que los usuarios locales provoquen un impacto sin especificar mediante vectores relacionados con el uso no seguro de /tmp. • http://www.openwall.com/lists/oss-security/2015/03/24/23 http://www.securityfocus.com/bid/73315 https://bugzilla.redhat.com/show_bug.cgi?id=1063549 •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2016-3697 – docker: privilege escalation via confusion of usernames and UIDs

https://notcve.org/view.php?id=CVE-2016-3697

libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container. libcontainer/user/user.go en runC en versiones anteriores a 0.1.0, tal como se utiliza en Docker en versiones anteriores a 1.11.2, trata indebidamente un UID numérico como un nombre de usuario potencial, lo que permite a usuarios locales obtener privilegios a través de un nombre de usuario numérico en el archivo password en un contenedor. It was found that Docker would launch containers under the specified UID instead of a username. An attacker able to launch a container could use this flaw to escalate their privileges to root within the launched container. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00111.html http://rhn.redhat.com/errata/RHSA-2016-1034.html http://rhn.redhat.com/errata/RHSA-2016-2634.html https://github.com/docker/docker/issues/21436 https://github.com/opencontainers/runc/commit/69af385de62ea68e2e608335cffbb0f4aa3db091 https://github.com/opencontainers/runc/pull/708 https://github.com/opencontainers/runc/releases/tag/v0.1.0 https://security.gentoo.org/glsa/201612-28 https://access.redhat.com/security/cve/CVE- • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0

CVE-2015-3627

https://notcve.org/view.php?id=CVE-2015-3627

Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image. Libcontainer and Docker Engine anterior a 1.6.1 abre el descriptor de ficheros pasado al proceso pid-1 antes de realizar el chroot, lo que permite a usuarios locales ganar privilegios a través de una ataque de enlace simbólico en una imagen. • http://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html http://seclists.org/fulldisclosure/2015/May/28 https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-3630

https://notcve.org/view.php?id=CVE-2015-3630

Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image. Docker Engine anterior a 1.6.1 utiliza permisos débiles para (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, y (4) /proc/fs, lo que permite a usuarios locales modificar el anfitrión, obtener información sensible y realizar ataques de la degradación de protocolos a través de una imagen manipulada. • http://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html http://seclists.org/fulldisclosure/2015/May/28 http://www.securityfocus.com/bid/74566 https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 3.6EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-3631

https://notcve.org/view.php?id=CVE-2015-3631

Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc. Docker Engine anterior a 1.6.1 permite a usuarios locales configurar políticas arbitrarias de Linux Security Modules (LSM) y docker_t a través de una imagen que permite los volúmenes sobrepasar los ficheros en /proc. • http://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html http://seclists.org/fulldisclosure/2015/May/28 https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ • CWE-264: Permissions, Privileges, and Access Controls •