rpm package
suse/docker-stable&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP5
pkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5
Vulnerabilities (56)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-41091 | — | < 24.0.9_ce-150000.1.25.1 | 24.0.9_ce-150000.1.25.1 | Oct 4, 2021 | Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivilege | ||
| CVE-2021-41092 | — | < 24.0.9_ce-150000.1.25.1 | 24.0.9_ce-150000.1.25.1 | Oct 4, 2021 | Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHel | ||
| CVE-2021-41103 | — | < 24.0.9_ce-150000.1.25.1 | 24.0.9_ce-150000.1.25.1 | Oct 4, 2021 | containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to tra | ||
| CVE-2021-21284 | — | < 24.0.9_ce-150000.1.25.1 | 24.0.9_ce-150000.1.25.1 | Feb 2, 2021 | In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesy | ||
| CVE-2021-21285 | — | < 24.0.9_ce-150000.1.25.1 | 24.0.9_ce-150000.1.25.1 | Feb 2, 2021 | In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing. | ||
| CVE-2020-15257 | — | < 24.0.9_ce-150000.1.25.1 | 24.0.9_ce-150000.1.25.1 | Dec 1, 2020 | containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified tha | ||
| CVE-2020-12912 | — | < 24.0.9_ce-150000.1.25.1 | 24.0.9_ce-150000.1.25.1 | Nov 12, 2020 | A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require pr | ||
| CVE-2020-8695 | — | < 24.0.9_ce-150000.1.25.1 | 24.0.9_ce-150000.1.25.1 | Nov 12, 2020 | Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. | ||
| CVE-2020-8694 | — | < 24.0.9_ce-150000.1.25.1 | 24.0.9_ce-150000.1.25.1 | Nov 12, 2020 | Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||
| CVE-2020-13401 | — | < 24.0.9_ce-150000.1.25.1 | 24.0.9_ce-150000.1.25.1 | Jun 2, 2020 | An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service. | ||
| CVE-2014-8179 | — | < 24.0.9_ce-150000.1.25.1 | 24.0.9_ce-150000.1.25.1 | Dec 4, 2019 | Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation. | ||
| CVE-2014-8178 | — | < 24.0.9_ce-150000.1.25.1 | 24.0.9_ce-150000.1.25.1 | Dec 4, 2019 | Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands. | ||
| CVE-2014-9356 | — | < 24.0.9_ce-150000.1.25.1 | 24.0.9_ce-150000.1.25.1 | Dec 2, 2019 | Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile. | ||
| CVE-2019-14271 | — | < 24.0.9_ce-150000.1.25.1 | 24.0.9_ce-150000.1.25.1 | Jul 29, 2019 | In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container. | ||
| CVE-2019-13509 | — | < 24.0.9_ce-150000.1.25.1 | 24.0.9_ce-150000.1.25.1 | Jul 18, 2019 | In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non | ||
| CVE-2018-15664 | — | < 24.0.9_ce-150000.1.25.1 | 24.0.9_ce-150000.1.25.1 | May 23, 2019 | In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do | ||
| CVE-2018-20699 | — | < 24.0.9_ce-150000.1.25.1 | 24.0.9_ce-150000.1.25.1 | Jan 12, 2019 | Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go. | ||
| CVE-2018-16875 | — | < 24.0.9_ce-150000.1.25.1 | 24.0.9_ce-150000.1.25.1 | Dec 14, 2018 | The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates | ||
| CVE-2018-16874 | — | < 24.0.9_ce-150000.1.25.1 | 24.0.9_ce-150000.1.25.1 | Dec 14, 2018 | In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but | ||
| CVE-2018-16873 | — | < 24.0.9_ce-150000.1.25.1 | 24.0.9_ce-150000.1.25.1 | Dec 14, 2018 | In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPA |
- CVE-2021-41091Oct 4, 2021affected < 24.0.9_ce-150000.1.25.1fixed 24.0.9_ce-150000.1.25.1
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivilege
- CVE-2021-41092Oct 4, 2021affected < 24.0.9_ce-150000.1.25.1fixed 24.0.9_ce-150000.1.25.1
Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHel
- CVE-2021-41103Oct 4, 2021affected < 24.0.9_ce-150000.1.25.1fixed 24.0.9_ce-150000.1.25.1
containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to tra
- CVE-2021-21284Feb 2, 2021affected < 24.0.9_ce-150000.1.25.1fixed 24.0.9_ce-150000.1.25.1
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesy
- CVE-2021-21285Feb 2, 2021affected < 24.0.9_ce-150000.1.25.1fixed 24.0.9_ce-150000.1.25.1
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.
- CVE-2020-15257Dec 1, 2020affected < 24.0.9_ce-150000.1.25.1fixed 24.0.9_ce-150000.1.25.1
containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified tha
- CVE-2020-12912Nov 12, 2020affected < 24.0.9_ce-150000.1.25.1fixed 24.0.9_ce-150000.1.25.1
A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require pr
- CVE-2020-8695Nov 12, 2020affected < 24.0.9_ce-150000.1.25.1fixed 24.0.9_ce-150000.1.25.1
Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.
- CVE-2020-8694Nov 12, 2020affected < 24.0.9_ce-150000.1.25.1fixed 24.0.9_ce-150000.1.25.1
Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2020-13401Jun 2, 2020affected < 24.0.9_ce-150000.1.25.1fixed 24.0.9_ce-150000.1.25.1
An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service.
- CVE-2014-8179Dec 4, 2019affected < 24.0.9_ce-150000.1.25.1fixed 24.0.9_ce-150000.1.25.1
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation.
- CVE-2014-8178Dec 4, 2019affected < 24.0.9_ce-150000.1.25.1fixed 24.0.9_ce-150000.1.25.1
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands.
- CVE-2014-9356Dec 2, 2019affected < 24.0.9_ce-150000.1.25.1fixed 24.0.9_ce-150000.1.25.1
Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile.
- CVE-2019-14271Jul 29, 2019affected < 24.0.9_ce-150000.1.25.1fixed 24.0.9_ce-150000.1.25.1
In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.
- CVE-2019-13509Jul 18, 2019affected < 24.0.9_ce-150000.1.25.1fixed 24.0.9_ce-150000.1.25.1
In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non
- CVE-2018-15664May 23, 2019affected < 24.0.9_ce-150000.1.25.1fixed 24.0.9_ce-150000.1.25.1
In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do
- CVE-2018-20699Jan 12, 2019affected < 24.0.9_ce-150000.1.25.1fixed 24.0.9_ce-150000.1.25.1
Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go.
- CVE-2018-16875Dec 14, 2018affected < 24.0.9_ce-150000.1.25.1fixed 24.0.9_ce-150000.1.25.1
The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates
- CVE-2018-16874Dec 14, 2018affected < 24.0.9_ce-150000.1.25.1fixed 24.0.9_ce-150000.1.25.1
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but
- CVE-2018-16873Dec 14, 2018affected < 24.0.9_ce-150000.1.25.1fixed 24.0.9_ce-150000.1.25.1
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPA
Page 2 of 3