CVSS: 6.0EPSS: 13%CPEs: 5EXPL: 1CVE-2020-13401 – Debian Security Advisory 4716-1
https://notcve.org/view.php?id=CVE-2020-13401
02 Jun 2020 — An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service. Se detectó un problema en Docker Engine versiones anteriores a 19.03.11. Un atacante en un contenedor, con la capacidad CAP_NET_RAW, puede diseñar anuncios de router IPv6, y en consecuencia falsificar hosts IPv6 externos, obtener información confidenc... • https://github.com/arax-zaeimi/Docker-Container-CVE-2020-13401 • CWE-20: Improper Input Validation •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11075 – Shell Escape in Anchore Engine
https://notcve.org/view.php?id=CVE-2020-11075
27 May 2020 — In Anchore Engine version 0.7.0, a specially crafted container image manifest, fetched from a registry, can be used to trigger a shell escape flaw in the anchore engine analyzer service during an image analysis process. The image analysis operation can only be executed by an authenticated user via a valid API request to anchore engine, or if an already added image that anchore is monitoring has its manifest altered to exploit the same flaw. A successful attack can be used to execute commands that run in the... • https://github.com/anchore/anchore-engine/commit/e41786901f097fd32104447a45864073105d37db • CWE-114: Process Control •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2018-20699 – docker: Memory exhaustion via large integer used with --cpuset-mems or --cpuset-cpus
https://notcve.org/view.php?id=CVE-2018-20699
12 Jan 2019 — Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go. Docker Engine, en versiones anteriores a la 18.09, permite que los atacantes provoquen una denegación de servicio (consumo de la memoria dockerd) mediante un entero grande en los valores --cpuset-mems o --cpuset-cpus. Esto está relacionado con daemon/daemon_uni... • https://access.redhat.com/errata/RHSA-2019:0487 • CWE-400: Uncontrolled Resource Consumption •