Download
| Alert*
oval:org.secpod.oval:def:62273
The host is installed with Docker CE before 18.09.8 and Docker EE before 17.06.2-ee-23, 18.x before 18.03.1-ee-10 and 18.09.x before 18.09.8 and and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle logs in debug mode during redeployment ... oval:org.secpod.oval:def:62271 The host is installed with Docker Desktop CE before 2.1.0.1 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle a Trojan horse docker-credential-wincred.exe file. Successful exploitation could allow local attackers to gain privileges. oval:org.secpod.oval:def:62269 Docker EE for Windows is installed oval:org.secpod.oval:def:62268 Docker CE is installed oval:org.secpod.oval:def:63633 The host is installed with Docker Desktop CE through 2.2.0.5 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle a same named pipe issue. Successful exploitation could allow attackers to intercept a connection attempt from Docker Service ... oval:org.secpod.oval:def:87196 The host is installed with Docker Desktop before 4.5.1 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could allow attackers to move arbitrary files. oval:org.secpod.oval:def:87197 The host is installed with Docker Desktop before 4.4.4 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could allow attackers to move arbitrary files. oval:org.secpod.oval:def:62270 The host is installed with Docker CE through 19.03.2 and is prone to an incorrect authorization vulnerability. A flaw is present in the application, which fails to handle incorrectly checked mount targets. Successful exploitation could allow attackers to mount a malicious Docker image over a /proc d ... oval:org.secpod.oval:def:94183 The host is installed with Docker Desktop Docker Docker_desktop versions less than 4.12.0 and is prone to a Rce vulnerability. A flaw is present in the application, which fails to properly handle a crafted extension description or changelog. Successful exploitation could allow an attacker to cause r ... oval:org.secpod.oval:def:94185 The host is installed with Docker Desktop Docker desktop 4.11.0 before 4.12.0, and is prone to a Local privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle ipc response spoofing. Successful exploitation allows an attacker to gain local privileges. oval:org.secpod.oval:def:94184 The host is installed with Docker Desktop Docker Docker_desktop versions less than 4.12.0 and is prone to a Rce vulnerability. A flaw is present in the application, which fails to properly handle query parameters in message-box route. Successful exploitation allows an attacker to cause remote code e ... oval:org.secpod.oval:def:94186 The host is installed with Docker Desktop before 4.12.0 and is prone to an argument injection vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation allows an attacker to gain local privilege. oval:org.secpod.oval:def:94187 The host is installed with Docker Desktop 4.13.0 before 4.23.0, and is prone to an improper protection of alternate path vulnerability. A flaw is present in the application, which fails to properly handle the debug shell which remains accessible for a short time window after launching docker desktop ... oval:org.secpod.oval:def:94188 The host is installed with Docker Desktop Docker Docker_desktop versions less than 4.23.0 and is prone to an access token theft vulnerability. A flaw is present in the application, which fails to properly handle crafted extension icon URL. Successful exploitation could allow an attacker to cause uns ... oval:org.secpod.oval:def:89518 The host is installed with Docker Desktop before 4.17.x and is prone to a command injection vulnerability. A flaw is present in the application, which fails to handle a specially crafted malicious docker-desktop:// URL. Successful exploitation allows an attacker to execute an arbitrary command insid ... oval:org.secpod.oval:def:89517 The host is installed with Docker Desktop before 4.17.x and is prone to a bypass vulnerability. A flaw is present in the application, which fails to handle issues in unspecified vectors. Successful exploitation allows an unprivileged user to bypass ECI restrictions by setting Docker host to docker.r ... oval:org.secpod.oval:def:97424 The host is installed with Docker Desktop before 4.27.1 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle two malicious build steps running in parallel sharing the same cache mounts with subpaths. Successful exploitation allows ... oval:org.secpod.oval:def:97425 The host is installed with Docker Desktop before 4.27.1 and is prone to a path traversal vulnerability. A flaw is present in the application, which fails to properly handle a malicious BuildKit frontend or Dockerfile using RUN --mount. Successful exploitation allows attackers to trick the feature th ... oval:org.secpod.oval:def:97426 The host is installed with Docker Desktop before 4.27.1 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle the BuildKit APIs when running interactive containers based on built images. Successful exploitation allows attackers to ... oval:org.secpod.oval:def:97427 The host is installed with Docker Desktop before 4.27.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a malicious BuildKit client or frontend. Successful exploitation allows attackers to craft a request that could lead to Buil ... oval:org.secpod.oval:def:97428 The host is installed with Docker Desktop 4.19.0 before 4.27.1 and is prone to a cache poisoning vulnerability. A flaw is present in the application, which fails to properly handle the classic builder cache system of Moby project. Successful exploitation allows attackers to poison their cache by mak ... oval:org.secpod.oval:def:97423 The host is installed with Docker Desktop before 4.27.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle an internal file descriptor leak issue in runc. Successful exploitation allows attackers to gain access to the host fi ... oval:org.secpod.oval:def:62274 The host is installed with Docker before 18.09.2 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle a file-descriptor. Successful exploitation could allow attackers to overwrite the host runc binary and gain root access. oval:org.secpod.oval:def:62272 The host is installed with Docker 19.03.x before 19.03.1 and is prone to a code injection vulnerability. A flaw is present in the application, which fails to handle a library loading issue in nsswitch facility. Successful exploitation could allow attackers to obtain sensitive information. |