rpm package
suse/docker&distro=SUSE Linux Enterprise Micro 5.1
pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Micro%205.1
Vulnerabilities (37)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-36109 | — | < 20.10.23_ce-150000.175.1 | 20.10.23_ce-150000.175.1 | Sep 9, 2022 | Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they | ||
| CVE-2021-43565 | — | < 20.10.14_ce-150000.163.1 | 20.10.14_ce-150000.163.1 | Sep 6, 2022 | The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server. | ||
| CVE-2022-31030 | — | < 20.10.17_ce-150000.166.1 | 20.10.17_ce-150000.166.1 | Jun 6, 2022 | containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume a | ||
| CVE-2022-29162 | — | < 20.10.17_ce-150000.166.1 | 20.10.17_ce-150000.166.1 | May 17, 2022 | runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environme | ||
| CVE-2022-24769 | — | < 20.10.14_ce-150000.163.1 | 20.10.14_ce-150000.163.1 | Mar 24, 2022 | Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atyp | ||
| CVE-2022-27191 | — | < 20.10.14_ce-150000.163.1 | 20.10.14_ce-150000.163.1 | Mar 18, 2022 | The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey. | ||
| CVE-2022-23648 | — | < 20.10.14_ce-150000.163.1 | 20.10.14_ce-150000.163.1 | Mar 3, 2022 | containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could | ||
| CVE-2021-41190 | — | < 20.10.12_ce-159.1 | 20.10.12_ce-159.1 | Nov 17, 2021 | The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operat | ||
| CVE-2021-41089 | — | < 20.10.9_ce-156.1 | 20.10.9_ce-156.1 | Oct 4, 2021 | Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the h | ||
| CVE-2021-41091 | — | < 20.10.9_ce-156.1 | 20.10.9_ce-156.1 | Oct 4, 2021 | Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivilege | ||
| CVE-2021-41092 | — | < 20.10.9_ce-156.1 | 20.10.9_ce-156.1 | Oct 4, 2021 | Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHel | ||
| CVE-2021-41103 | — | < 20.10.9_ce-156.1 | 20.10.9_ce-156.1 | Oct 4, 2021 | containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to tra | ||
| CVE-2021-32760 | — | < 20.10.9_ce-156.1 | 20.10.9_ce-156.1 | Jul 19, 2021 | containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions | ||
| CVE-2021-30465 | — | < 20.10.9_ce-156.1 | 20.10.9_ce-156.1 | May 27, 2021 | runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on | ||
| CVE-2020-12912 | — | < 24.0.7_ce-150000.190.4 | 24.0.7_ce-150000.190.4 | Nov 12, 2020 | A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require pr | ||
| CVE-2020-8695 | — | < 24.0.7_ce-150000.190.4 | 24.0.7_ce-150000.190.4 | Nov 12, 2020 | Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. | ||
| CVE-2020-8694 | — | < 24.0.7_ce-150000.190.4 | 24.0.7_ce-150000.190.4 | Nov 12, 2020 | Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
- CVE-2022-36109Sep 9, 2022affected < 20.10.23_ce-150000.175.1fixed 20.10.23_ce-150000.175.1
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they
- CVE-2021-43565Sep 6, 2022affected < 20.10.14_ce-150000.163.1fixed 20.10.14_ce-150000.163.1
The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.
- CVE-2022-31030Jun 6, 2022affected < 20.10.17_ce-150000.166.1fixed 20.10.17_ce-150000.166.1
containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume a
- CVE-2022-29162May 17, 2022affected < 20.10.17_ce-150000.166.1fixed 20.10.17_ce-150000.166.1
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environme
- CVE-2022-24769Mar 24, 2022affected < 20.10.14_ce-150000.163.1fixed 20.10.14_ce-150000.163.1
Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atyp
- CVE-2022-27191Mar 18, 2022affected < 20.10.14_ce-150000.163.1fixed 20.10.14_ce-150000.163.1
The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.
- CVE-2022-23648Mar 3, 2022affected < 20.10.14_ce-150000.163.1fixed 20.10.14_ce-150000.163.1
containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could
- CVE-2021-41190Nov 17, 2021affected < 20.10.12_ce-159.1fixed 20.10.12_ce-159.1
The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operat
- CVE-2021-41089Oct 4, 2021affected < 20.10.9_ce-156.1fixed 20.10.9_ce-156.1
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the h
- CVE-2021-41091Oct 4, 2021affected < 20.10.9_ce-156.1fixed 20.10.9_ce-156.1
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivilege
- CVE-2021-41092Oct 4, 2021affected < 20.10.9_ce-156.1fixed 20.10.9_ce-156.1
Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHel
- CVE-2021-41103Oct 4, 2021affected < 20.10.9_ce-156.1fixed 20.10.9_ce-156.1
containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to tra
- CVE-2021-32760Jul 19, 2021affected < 20.10.9_ce-156.1fixed 20.10.9_ce-156.1
containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions
- CVE-2021-30465May 27, 2021affected < 20.10.9_ce-156.1fixed 20.10.9_ce-156.1
runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on
- CVE-2020-12912Nov 12, 2020affected < 24.0.7_ce-150000.190.4fixed 24.0.7_ce-150000.190.4
A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require pr
- CVE-2020-8695Nov 12, 2020affected < 24.0.7_ce-150000.190.4fixed 24.0.7_ce-150000.190.4
Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.
- CVE-2020-8694Nov 12, 2020affected < 24.0.7_ce-150000.190.4fixed 24.0.7_ce-150000.190.4
Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Page 2 of 2