The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Docker CE

computer vulnerability announce CVE-2019-5736

runc: code execution via FS Descriptors Container Escape

Synthesis of the vulnerability

An attacker can use a vulnerability via FS Descriptors Container Escape of runc, in order to run code.
Impacted products: Docker CE, Fedora, openSUSE Leap, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 11/02/2019.
Identifiers: CVE-2019-5736, FEDORA-2019-352d4b9cd8, FEDORA-2019-3f19f13ecd, FEDORA-2019-4dc1e39b34, FEDORA-2019-6174b47003, FEDORA-2019-829524f28f, FEDORA-2019-963ea958f9, FEDORA-2019-a5f616808e, FEDORA-2019-bc70b381ad, FEDORA-2019-df2e68aa6b, FEDORA-2019-f455ef79b8, openSUSE-SU-2019:0170-1, openSUSE-SU-2019:0201-1, openSUSE-SU-2019:0208-1, openSUSE-SU-2019:0252-1, openSUSE-SU-2019:0295-1, openSUSE-SU-2019:1079-1, openSUSE-SU-2019:1227-1, openSUSE-SU-2019:1230-1, openSUSE-SU-2019:1275-1, RHSA-2019:0303-01, RHSA-2019:0304-01, SSA:2019-043-01, SUSE-SU-2019:0362-1, SUSE-SU-2019:0495-1, SUSE-SU-2019:0573-1, SUSE-SU-2019:1234-1, SUSE-SU-2019:1264-1, Synology-SA-19:06, VIGILANCE-VUL-28477.

Description of the vulnerability

An attacker can use a vulnerability via FS Descriptors Container Escape of runc, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-20699

Docker Engine/Moby: denial of service via cpuset-cpus/cpuset-mems

Synthesis of the vulnerability

An attacker can trigger a fatal error via cpuset-cpus/cpuset-mems of Docker Engine/Moby, in order to trigger a denial of service.
Impacted products: Docker CE, Fedora, RHEL.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 14/01/2019.
Identifiers: CVE-2018-20699, FEDORA-2019-723711c645, FEDORA-2019-901feba171, FEDORA-2019-a034423db8, FEDORA-2019-f5b57646b7, RHSA-2019:0487-01, VIGILANCE-VUL-28267.

Description of the vulnerability

An attacker can trigger a fatal error via cpuset-cpus/cpuset-mems of Docker Engine/Moby, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-12608

Docker Moby: privilege escalation via System Root CA Signed Certificate

Synthesis of the vulnerability

An attacker can bypass restrictions via System Root CA Signed Certificate of Docker Moby, in order to escalate his privileges.
Impacted products: Docker CE.
Severity: 1/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: internet client.
Creation date: 11/09/2018.
Identifiers: CVE-2018-12608, VIGILANCE-VUL-27199.

Description of the vulnerability

An attacker can bypass restrictions via System Root CA Signed Certificate of Docker Moby, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-15514

Docker for Windows: privilege escalation via DockerBackend Named Pipe

Synthesis of the vulnerability

An attacker can bypass restrictions via DockerBackend Named Pipe of Docker for Windows, in order to escalate his privileges.
Impacted products: Docker CE.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: privileged account.
Creation date: 03/09/2018.
Identifiers: CVE-2018-15514, VIGILANCE-VUL-27131.

Description of the vulnerability

An attacker can bypass restrictions via DockerBackend Named Pipe of Docker for Windows, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-8115

Windows Host Compute Service Shim: code execution via Container Image

Synthesis of the vulnerability

An attacker can use a vulnerability via Container Image of Windows Host Compute Service Shim, in order to run code.
Impacted products: Docker CE.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: document.
Creation date: 31/08/2018.
Identifiers: CVE-2018-8115, VIGILANCE-VUL-27122.

Description of the vulnerability

An attacker can use a vulnerability via Container Image of Windows Host Compute Service Shim, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-10892

Docker Moby: privilege escalation via /proc/acpi

Synthesis of the vulnerability

An attacker can bypass restrictions via /proc/acpi of Docker Moby, in order to escalate his privileges.
Impacted products: Docker CE, Fedora, RHEL.
Severity: 1/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 09/07/2018.
Identifiers: 1598581, CVE-2018-10892, FEDORA-2018-160b3d2f6c, FEDORA-2018-28f30efaf6, FEDORA-2018-6243646704, FEDORA-2018-9695e9b0ed, FEDORA-2019-723711c645, FEDORA-2019-901feba171, FEDORA-2019-a034423db8, FEDORA-2019-f5b57646b7, RHSA-2018:2482-01, VIGILANCE-VUL-26655.

Description of the vulnerability

An attacker can bypass restrictions via /proc/acpi of Docker Moby, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-16539

Docker Moby: data loss via writes into /proc/scsi

Synthesis of the vulnerability

An attacker can send commands to /proc/scsi via Docker Moby, in order to make stored data unreachable.
Impacted products: Docker CE, openSUSE Leap.
Severity: 2/4.
Consequences: data creation/edition, data deletion.
Provenance: document.
Creation date: 08/02/2018.
Identifiers: CVE-2017-16539, openSUSE-SU-2018:0406-1, VIGILANCE-VUL-25246.

Description of the vulnerability

An attacker can send commands to /proc/scsi via Docker Moby, in order to make stored data unreachable.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-14992

Docker Moby: denial of service via gzip decompression

Synthesis of the vulnerability

An attacker can consume all disk storage via the unlimited decompression of a Gzip file by Docker Moby, in order to trigger a denial of service.
Impacted products: Docker CE, Fedora, openSUSE Leap.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 11/12/2017.
Revision date: 08/02/2018.
Identifiers: 35075, CVE-2017-14992, FEDORA-2017-15efa72a0c, FEDORA-2017-3976710f1e, openSUSE-SU-2018:0406-1, VIGILANCE-VUL-24719.

Description of the vulnerability

An attacker can consume all disk storage via the unlimited decompression of a Gzip file by Docker Moby, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2016-9962

Docker Engine: privilege escalation via file descriptors

Synthesis of the vulnerability

An attacker, inside a guest system, can use file descriptor inherited via the debug support of Docker Engine, in order to escalate his privileges on the host system.
Impacted products: Docker CE, Fedora, Kubernetes, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: privileged shell.
Creation date: 11/01/2017.
Identifiers: CVE-2016-9962, FEDORA-2017-0200646669, FEDORA-2017-20cdb2063a, FEDORA-2017-c2c2d1be16, FEDORA-2017-dbc2b618eb, FEDORA-2017-fcd02e2c2d, openSUSE-SU-2017:1966-1, RHSA-2017:0116-01, RHSA-2017:0123-01, RHSA-2017:0127-01, SUSE-SU-2019:0573-1, SUSE-SU-2019:1264-1, VIGILANCE-VUL-21551.

Description of the vulnerability

The Docker Engine product offers cross container debugging support.

However, file descriptors inherited by new processes are not filtered, so an attacker can access files opened by a process in another container.

An attacker, inside a guest system, can therefore use file descriptor inherited via the debug support of Docker Engine, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-8867

Docker Engine: privilege escalation via Ambient Capability

Synthesis of the vulnerability

An attacker can bypass restrictions via Ambient Capability of Docker Engine, in order to escalate his privileges.
Impacted products: Docker CE, openSUSE Leap.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 27/10/2016.
Identifiers: CVE-2016-8867, openSUSE-SU-2016:3009-1, VIGILANCE-VUL-20977.

Description of the vulnerability

An attacker can bypass restrictions via Ambient Capability of Docker Engine, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Docker CE: