Download
| Alert*
oval:org.secpod.oval:def:42572
docker.io is installed oval:org.secpod.oval:def:42578 The host is installed with docker.io on Ubuntu 14.04 and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could allow local attackers to conduct downgrade attacks and obtain authentication ... oval:org.secpod.oval:def:42577 The host is installed with docker.io on Ubuntu 14.04 or 16.04 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle a symlink attack. Successful exploitation could allow local users to gain privileges. oval:org.secpod.oval:def:75981 docker.io: Linux container runtime Docker could be made to adjust the permissions of files. oval:org.secpod.oval:def:1901103 Docker Engine before 18.09 allows attackers to cause a denial of service via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go. oval:org.secpod.oval:def:42576 The host is installed with docker.io on Ubuntu 14.04 or 16.04 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly assign permissions. Successful exploitation could allow attackers to obtain sensitive information, and perform protocol ... oval:org.secpod.oval:def:42575 The host is installed with docker.io on Ubuntu 14.04 or 16.04 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle an image that allows volumes to override files in /proc. Successful exploitation could allow attackers to set arbitrary ... oval:org.secpod.oval:def:42579 The host is installed with docker.io on Ubuntu 14.04 or 16.04 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle vectors involving unsafe /tmp usage. Successful exploitation could allow local users to have unspecified impact. oval:org.secpod.oval:def:42573 The host is installed with RunC on Ubuntu 17.04 or 17.10 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle the container. Successful exploitation could allow attackers to gain access to file-descriptors of new processes duri ... oval:org.secpod.oval:def:705127 docker.io: Linux container runtime Details: Jasiel Spelman discovered that a double free existed in the docker-credential- helpers dependency of Docker. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Original advisory Docker could be made to crash o ... oval:org.secpod.oval:def:69883 Multiple security issues were discovered in Docker, a Linux container runtime, which could result in denial of service, an information leak or privilege escalation. oval:org.secpod.oval:def:1900025 runc through 1.0-rc6, as used in Docker before 18.09.2 and other products,allows attackers to overwrite the host runc binary by leveraging the ability to execute a command as root within one of these types of containers: a new container with an attacker-controlled image, or an existing container, t ... oval:org.secpod.oval:def:69756 Three security vulnerabilities have been discovered in the Docker container runtime: Insecure loading of NSS libraries in docker cp could result in execution of code with root privileges, sensitive data could be logged in debug mode and there was a command injection vulnerability in the docker build ... oval:org.secpod.oval:def:604526 Three security vulnerabilities have been discovered in the Docker container runtime: Insecure loading of NSS libraries in quot;docker cpquot; could result in execution of code with root privileges, sensitive data could be logged in debug mode and there was a command injection vulnerability in the qu ... oval:org.secpod.oval:def:705056 docker.io: Linux container runtime Docker could be made to overwrite files as the administrator. oval:org.secpod.oval:def:57461 docker.io: Linux container runtime Docker could be made to overwrite files as the administrator. oval:org.secpod.oval:def:50662 runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacke ... |