rpm package
suse/docker-runc&distro=SUSE OpenStack Cloud 6-LTSS
pkg:rpm/suse/docker-runc&distro=SUSE%20OpenStack%20Cloud%206-LTSS
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-14271 | — | < 1.0.0rc8+gitr3826_425e105d5a03-1.29.1 | 1.0.0rc8+gitr3826_425e105d5a03-1.29.1 | Jul 29, 2019 | In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container. | ||
| CVE-2019-13509 | — | < 1.0.0rc8+gitr3826_425e105d5a03-1.29.1 | 1.0.0rc8+gitr3826_425e105d5a03-1.29.1 | Jul 18, 2019 | In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non | ||
| CVE-2019-5736 | — | < 1.0.0rc5+gitr3562_69663f0bd4b6-1.9.1 | 1.0.0rc5+gitr3562_69663f0bd4b6-1.9.1 | Feb 11, 2019 | runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new conta | ||
| CVE-2018-16875 | — | < 1.0.0rc6+gitr3748_96ec2177ae84-1.17.2 | 1.0.0rc6+gitr3748_96ec2177ae84-1.17.2 | Dec 14, 2018 | The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates | ||
| CVE-2018-16874 | — | < 1.0.0rc6+gitr3748_96ec2177ae84-1.17.2 | 1.0.0rc6+gitr3748_96ec2177ae84-1.17.2 | Dec 14, 2018 | In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but | ||
| CVE-2018-16873 | — | < 1.0.0rc6+gitr3748_96ec2177ae84-1.17.2 | 1.0.0rc6+gitr3748_96ec2177ae84-1.17.2 | Dec 14, 2018 | In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPA | ||
| CVE-2018-10892 | — | < 1.0.0rc8+gitr3826_425e105d5a03-1.29.1 | 1.0.0rc8+gitr3826_425e105d5a03-1.29.1 | Jul 6, 2018 | The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness. | ||
| CVE-2016-9962 | Med | 6.4 | < 1.0.0rc6+gitr3748_96ec2177ae84-1.17.2 | 1.0.0rc6+gitr3748_96ec2177ae84-1.17.2 | Jan 31, 2017 | RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to conta |
- CVE-2019-14271Jul 29, 2019affected < 1.0.0rc8+gitr3826_425e105d5a03-1.29.1fixed 1.0.0rc8+gitr3826_425e105d5a03-1.29.1
In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.
- CVE-2019-13509Jul 18, 2019affected < 1.0.0rc8+gitr3826_425e105d5a03-1.29.1fixed 1.0.0rc8+gitr3826_425e105d5a03-1.29.1
In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non
- CVE-2019-5736Feb 11, 2019affected < 1.0.0rc5+gitr3562_69663f0bd4b6-1.9.1fixed 1.0.0rc5+gitr3562_69663f0bd4b6-1.9.1
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new conta
- CVE-2018-16875Dec 14, 2018affected < 1.0.0rc6+gitr3748_96ec2177ae84-1.17.2fixed 1.0.0rc6+gitr3748_96ec2177ae84-1.17.2
The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates
- CVE-2018-16874Dec 14, 2018affected < 1.0.0rc6+gitr3748_96ec2177ae84-1.17.2fixed 1.0.0rc6+gitr3748_96ec2177ae84-1.17.2
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but
- CVE-2018-16873Dec 14, 2018affected < 1.0.0rc6+gitr3748_96ec2177ae84-1.17.2fixed 1.0.0rc6+gitr3748_96ec2177ae84-1.17.2
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPA
- CVE-2018-10892Jul 6, 2018affected < 1.0.0rc8+gitr3826_425e105d5a03-1.29.1fixed 1.0.0rc8+gitr3826_425e105d5a03-1.29.1
The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness.
- affected < 1.0.0rc6+gitr3748_96ec2177ae84-1.17.2fixed 1.0.0rc6+gitr3748_96ec2177ae84-1.17.2
RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to conta