rpm package
suse/docker&distro=SUSE Linux Enterprise Module for Containers 15 SP2
pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP2
Vulnerabilities (11)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-41089 | — | < 20.10.9_ce-156.1 | 20.10.9_ce-156.1 | Oct 4, 2021 | Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the h | ||
| CVE-2021-41091 | — | < 20.10.9_ce-156.1 | 20.10.9_ce-156.1 | Oct 4, 2021 | Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivilege | ||
| CVE-2021-41092 | — | < 20.10.9_ce-156.1 | 20.10.9_ce-156.1 | Oct 4, 2021 | Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHel | ||
| CVE-2021-41103 | — | < 20.10.9_ce-156.1 | 20.10.9_ce-156.1 | Oct 4, 2021 | containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to tra | ||
| CVE-2021-32760 | — | < 20.10.9_ce-156.1 | 20.10.9_ce-156.1 | Jul 19, 2021 | containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions | ||
| CVE-2021-30465 | — | < 20.10.6_ce-6.49.3 | 20.10.6_ce-6.49.3 | May 27, 2021 | runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on | ||
| CVE-2021-21334 | — | < 20.10.6_ce-6.49.3 | 20.10.6_ce-6.49.3 | Mar 10, 2021 | In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may | ||
| CVE-2021-21284 | — | < 19.03.15_ce-6.43.3 | 19.03.15_ce-6.43.3 | Feb 2, 2021 | In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesy | ||
| CVE-2021-21285 | — | < 19.03.15_ce-6.43.3 | 19.03.15_ce-6.43.3 | Feb 2, 2021 | In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing. | ||
| CVE-2020-15257 | — | < 19.03.15_ce-6.43.3 | 19.03.15_ce-6.43.3 | Dec 1, 2020 | containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified tha | ||
| CVE-2020-13401 | — | < 19.03.11_ce-6.34.2 | 19.03.11_ce-6.34.2 | Jun 2, 2020 | An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service. |
- CVE-2021-41089Oct 4, 2021affected < 20.10.9_ce-156.1fixed 20.10.9_ce-156.1
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the h
- CVE-2021-41091Oct 4, 2021affected < 20.10.9_ce-156.1fixed 20.10.9_ce-156.1
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivilege
- CVE-2021-41092Oct 4, 2021affected < 20.10.9_ce-156.1fixed 20.10.9_ce-156.1
Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHel
- CVE-2021-41103Oct 4, 2021affected < 20.10.9_ce-156.1fixed 20.10.9_ce-156.1
containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to tra
- CVE-2021-32760Jul 19, 2021affected < 20.10.9_ce-156.1fixed 20.10.9_ce-156.1
containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions
- CVE-2021-30465May 27, 2021affected < 20.10.6_ce-6.49.3fixed 20.10.6_ce-6.49.3
runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on
- CVE-2021-21334Mar 10, 2021affected < 20.10.6_ce-6.49.3fixed 20.10.6_ce-6.49.3
In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may
- CVE-2021-21284Feb 2, 2021affected < 19.03.15_ce-6.43.3fixed 19.03.15_ce-6.43.3
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesy
- CVE-2021-21285Feb 2, 2021affected < 19.03.15_ce-6.43.3fixed 19.03.15_ce-6.43.3
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.
- CVE-2020-15257Dec 1, 2020affected < 19.03.15_ce-6.43.3fixed 19.03.15_ce-6.43.3
containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified tha
- CVE-2020-13401Jun 2, 2020affected < 19.03.11_ce-6.34.2fixed 19.03.11_ce-6.34.2
An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service.