rpm package

suse/docker&distro=SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS

Vulnerabilities (23)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2023-28840	—	< 24.0.5_ce-150000.185.1	24.0.5_ce-150000.185.1	Apr 4, 2023	Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docke
CVE-2023-28841	—	< 24.0.5_ce-150000.185.1	24.0.5_ce-150000.185.1	Apr 4, 2023	Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docker
CVE-2023-28842	—	< 24.0.5_ce-150000.185.1	24.0.5_ce-150000.185.1	Apr 4, 2023	Moby) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docke
CVE-2022-36109	—	< 20.10.23_ce-150000.175.1	20.10.23_ce-150000.175.1	Sep 9, 2022	Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they
CVE-2021-43565	—	< 20.10.14_ce-150000.163.1	20.10.14_ce-150000.163.1	Sep 6, 2022	The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.
CVE-2022-31030	—	< 20.10.17_ce-150000.166.1	20.10.17_ce-150000.166.1	Jun 6, 2022	containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume a
CVE-2022-29162	—	< 20.10.17_ce-150000.166.1	20.10.17_ce-150000.166.1	May 17, 2022	runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environme
CVE-2022-24769	—	< 20.10.14_ce-150000.163.1	20.10.14_ce-150000.163.1	Mar 24, 2022	Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atyp
CVE-2022-27191	—	< 20.10.14_ce-150000.163.1	20.10.14_ce-150000.163.1	Mar 18, 2022	The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.
CVE-2022-23648	—	< 20.10.14_ce-150000.163.1	20.10.14_ce-150000.163.1	Mar 3, 2022	containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could
CVE-2021-41089	—	< 20.10.9_ce-156.1	20.10.9_ce-156.1	Oct 4, 2021	Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the h
CVE-2021-41091	—	< 20.10.9_ce-156.1	20.10.9_ce-156.1	Oct 4, 2021	Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivilege
CVE-2021-41092	—	< 20.10.9_ce-156.1	20.10.9_ce-156.1	Oct 4, 2021	Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHel
CVE-2021-41103	—	< 20.10.9_ce-156.1	20.10.9_ce-156.1	Oct 4, 2021	containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to tra
CVE-2021-32760	—	< 20.10.9_ce-156.1	20.10.9_ce-156.1	Jul 19, 2021	containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions
CVE-2021-30465	—	< 20.10.6_ce-6.49.3	20.10.6_ce-6.49.3	May 27, 2021	runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on
CVE-2021-21334	—	< 20.10.6_ce-6.49.3	20.10.6_ce-6.49.3	Mar 10, 2021	In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may
CVE-2021-21284	—	< 19.03.15_ce-6.43.3	19.03.15_ce-6.43.3	Feb 2, 2021	In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesy
CVE-2021-21285	—	< 19.03.15_ce-6.43.3	19.03.15_ce-6.43.3	Feb 2, 2021	In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.
CVE-2020-15257	—	< 19.03.15_ce-6.43.3	19.03.15_ce-6.43.3	Dec 1, 2020	containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified tha

CVE-2023-28840Apr 4, 2023
affected < 24.0.5_ce-150000.185.1fixed 24.0.5_ce-150000.185.1
Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docke
CVE-2023-28841Apr 4, 2023
affected < 24.0.5_ce-150000.185.1fixed 24.0.5_ce-150000.185.1
Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docker
CVE-2023-28842Apr 4, 2023
affected < 24.0.5_ce-150000.185.1fixed 24.0.5_ce-150000.185.1
Moby) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docke
CVE-2022-36109Sep 9, 2022
affected < 20.10.23_ce-150000.175.1fixed 20.10.23_ce-150000.175.1
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they
CVE-2021-43565Sep 6, 2022
affected < 20.10.14_ce-150000.163.1fixed 20.10.14_ce-150000.163.1
The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.
CVE-2022-31030Jun 6, 2022
affected < 20.10.17_ce-150000.166.1fixed 20.10.17_ce-150000.166.1
containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume a
CVE-2022-29162May 17, 2022
affected < 20.10.17_ce-150000.166.1fixed 20.10.17_ce-150000.166.1
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environme
CVE-2022-24769Mar 24, 2022
affected < 20.10.14_ce-150000.163.1fixed 20.10.14_ce-150000.163.1
Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atyp
CVE-2022-27191Mar 18, 2022
affected < 20.10.14_ce-150000.163.1fixed 20.10.14_ce-150000.163.1
The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.
CVE-2022-23648Mar 3, 2022
affected < 20.10.14_ce-150000.163.1fixed 20.10.14_ce-150000.163.1
containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could
CVE-2021-41089Oct 4, 2021
affected < 20.10.9_ce-156.1fixed 20.10.9_ce-156.1
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the h
CVE-2021-41091Oct 4, 2021
affected < 20.10.9_ce-156.1fixed 20.10.9_ce-156.1
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivilege
CVE-2021-41092Oct 4, 2021
affected < 20.10.9_ce-156.1fixed 20.10.9_ce-156.1
Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHel
CVE-2021-41103Oct 4, 2021
affected < 20.10.9_ce-156.1fixed 20.10.9_ce-156.1
containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to tra
CVE-2021-32760Jul 19, 2021
affected < 20.10.9_ce-156.1fixed 20.10.9_ce-156.1
containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions
CVE-2021-30465May 27, 2021
affected < 20.10.6_ce-6.49.3fixed 20.10.6_ce-6.49.3
runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on
CVE-2021-21334Mar 10, 2021
affected < 20.10.6_ce-6.49.3fixed 20.10.6_ce-6.49.3
In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may
CVE-2021-21284Feb 2, 2021
affected < 19.03.15_ce-6.43.3fixed 19.03.15_ce-6.43.3
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesy
CVE-2021-21285Feb 2, 2021
affected < 19.03.15_ce-6.43.3fixed 19.03.15_ce-6.43.3
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.
CVE-2020-15257Dec 1, 2020
affected < 19.03.15_ce-6.43.3fixed 19.03.15_ce-6.43.3
containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified tha

Page 1 of 2