The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Docker CE

vulnerability bulletin CVE-2018-15664

Docker Engine/Moby: information disclosure via Symlink Exchange

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Symlink Exchange of Docker Engine/Moby, in order to obtain sensitive information.
Impacted products: Docker CE, openSUSE Leap, RHEL, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 28/06/2019.
Identifiers: CVE-2018-15664, openSUSE-SU-2019:2044-1, RHSA-2019:1910-01, SUSE-SU-2019:2223-1, USN-4048-1, VIGILANCE-VUL-29653.

Description of the vulnerability

An attacker can bypass access restrictions to data via Symlink Exchange of Docker Engine/Moby, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-15664

Docker Engine/Moby: file corruption via chrootarchive

Synthesis of the vulnerability

A local attacker can create a symbolic link, in order to alter the pointed file, with privileges of Docker Engine/Moby on the host system.
Impacted products: Docker CE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: user shell.
Creation date: 24/05/2019.
Identifiers: CVE-2018-15664, openSUSE-SU-2019:1621-1, openSUSE-SU-2019:2044-1, RHSA-2019:1910-01, SUSE-SU-2019:1514-1, SUSE-SU-2019:1562-1, SUSE-SU-2019:2223-1, USN-4048-1, VIGILANCE-VUL-29403.

Description of the vulnerability

A local attacker can create a symbolic link, in order to alter the pointed file, with privileges of Docker Engine/Moby on the host system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2019-5736

runc: code execution via FS Descriptors Container Escape

Synthesis of the vulnerability

An attacker can use a vulnerability via FS Descriptors Container Escape of runc, in order to run code.
Impacted products: Docker CE, Fedora, openSUSE Leap, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 11/02/2019.
Identifiers: CVE-2019-5736, FEDORA-2019-2baa1f7b19, FEDORA-2019-352d4b9cd8, FEDORA-2019-3f19f13ecd, FEDORA-2019-4dc1e39b34, FEDORA-2019-6174b47003, FEDORA-2019-829524f28f, FEDORA-2019-963ea958f9, FEDORA-2019-a5f616808e, FEDORA-2019-bc70b381ad, FEDORA-2019-c1dac1b3b8, FEDORA-2019-df2e68aa6b, FEDORA-2019-f455ef79b8, openSUSE-SU-2019:0170-1, openSUSE-SU-2019:0201-1, openSUSE-SU-2019:0208-1, openSUSE-SU-2019:0252-1, openSUSE-SU-2019:0295-1, openSUSE-SU-2019:1079-1, openSUSE-SU-2019:1227-1, openSUSE-SU-2019:1230-1, openSUSE-SU-2019:1275-1, openSUSE-SU-2019:1444-1, openSUSE-SU-2019:1481-1, openSUSE-SU-2019:1499-1, openSUSE-SU-2019:1506-1, openSUSE-SU-2019:2021-1, RHSA-2019:0303-01, RHSA-2019:0304-01, SSA:2019-043-01, SUSE-SU-2019:0362-1, SUSE-SU-2019:0495-1, SUSE-SU-2019:0573-1, SUSE-SU-2019:1234-1, SUSE-SU-2019:1234-2, SUSE-SU-2019:1264-1, SUSE-SU-2019:2117-1, SUSE-SU-2019:2119-1, Synology-SA-19:06, USN-4048-1, VIGILANCE-VUL-28477.

Description of the vulnerability

An attacker can use a vulnerability via FS Descriptors Container Escape of runc, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-20699

Docker Engine/Moby: denial of service via cpuset-cpus/cpuset-mems

Synthesis of the vulnerability

An attacker can trigger a fatal error via cpuset-cpus/cpuset-mems of Docker Engine/Moby, in order to trigger a denial of service.
Impacted products: Docker CE, Fedora, RHEL.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 14/01/2019.
Identifiers: CVE-2018-20699, FEDORA-2019-723711c645, FEDORA-2019-901feba171, FEDORA-2019-a034423db8, FEDORA-2019-f5b57646b7, RHSA-2019:0487-01, VIGILANCE-VUL-28267.

Description of the vulnerability

An attacker can trigger a fatal error via cpuset-cpus/cpuset-mems of Docker Engine/Moby, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-12608

Docker Moby: privilege escalation via System Root CA Signed Certificate

Synthesis of the vulnerability

An attacker can bypass restrictions via System Root CA Signed Certificate of Docker Moby, in order to escalate his privileges.
Impacted products: Docker CE.
Severity: 1/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: internet client.
Creation date: 11/09/2018.
Identifiers: CVE-2018-12608, VIGILANCE-VUL-27199.

Description of the vulnerability

An attacker can bypass restrictions via System Root CA Signed Certificate of Docker Moby, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-15514

Docker for Windows: privilege escalation via DockerBackend Named Pipe

Synthesis of the vulnerability

An attacker can bypass restrictions via DockerBackend Named Pipe of Docker for Windows, in order to escalate his privileges.
Impacted products: Docker CE.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: privileged account.
Creation date: 03/09/2018.
Identifiers: CVE-2018-15514, VIGILANCE-VUL-27131.

Description of the vulnerability

An attacker can bypass restrictions via DockerBackend Named Pipe of Docker for Windows, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-8115

Windows Host Compute Service Shim: code execution via Container Image

Synthesis of the vulnerability

An attacker can use a vulnerability via Container Image of Windows Host Compute Service Shim, in order to run code.
Impacted products: Docker CE.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: document.
Creation date: 31/08/2018.
Identifiers: CVE-2018-8115, VIGILANCE-VUL-27122.

Description of the vulnerability

An attacker can use a vulnerability via Container Image of Windows Host Compute Service Shim, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-10892

Docker Moby: privilege escalation via /proc/acpi

Synthesis of the vulnerability

An attacker can bypass restrictions via /proc/acpi of Docker Moby, in order to escalate his privileges.
Impacted products: Docker CE, Fedora, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 09/07/2018.
Identifiers: 1598581, CVE-2018-10892, FEDORA-2018-160b3d2f6c, FEDORA-2018-28f30efaf6, FEDORA-2018-6243646704, FEDORA-2018-9695e9b0ed, FEDORA-2019-723711c645, FEDORA-2019-901feba171, FEDORA-2019-a034423db8, FEDORA-2019-f5b57646b7, openSUSE-SU-2019:2021-1, RHSA-2018:2482-01, SUSE-SU-2019:2117-1, SUSE-SU-2019:2119-1, VIGILANCE-VUL-26655.

Description of the vulnerability

An attacker can bypass restrictions via /proc/acpi of Docker Moby, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-16539

Docker Moby: data loss via writes into /proc/scsi

Synthesis of the vulnerability

An attacker can send commands to /proc/scsi via Docker Moby, in order to make stored data unreachable.
Impacted products: Docker CE, openSUSE Leap.
Severity: 2/4.
Consequences: data creation/edition, data deletion.
Provenance: document.
Creation date: 08/02/2018.
Identifiers: CVE-2017-16539, openSUSE-SU-2018:0406-1, VIGILANCE-VUL-25246.

Description of the vulnerability

An attacker can send commands to /proc/scsi via Docker Moby, in order to make stored data unreachable.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-14992

Docker Moby: denial of service via gzip decompression

Synthesis of the vulnerability

An attacker can consume all disk storage via the unlimited decompression of a Gzip file by Docker Moby, in order to trigger a denial of service.
Impacted products: Docker CE, Fedora, openSUSE Leap.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 11/12/2017.
Revision date: 08/02/2018.
Identifiers: 35075, CVE-2017-14992, FEDORA-2017-15efa72a0c, FEDORA-2017-3976710f1e, openSUSE-SU-2018:0406-1, VIGILANCE-VUL-24719.

Description of the vulnerability

An attacker can consume all disk storage via the unlimited decompression of a Gzip file by Docker Moby, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Docker CE: