Download
| Alert*
oval:org.secpod.oval:def:62273
The host is installed with Docker CE before 18.09.8 and Docker EE before 17.06.2-ee-23, 18.x before 18.03.1-ee-10 and 18.09.x before 18.09.8 and and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle logs in debug mode during redeployment ... oval:org.secpod.oval:def:117011 Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. Docker containers can encapsulate any payload, and will run consistently on and between virtually any server. The same container th ... oval:org.secpod.oval:def:117012 Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. Docker containers can encapsulate any payload, and will run consistently on and between virtually any server. The same container th ... oval:org.secpod.oval:def:1504467 [18.09.8-1.0.4] - Modified version to include ol suffix [ 18.09.8-1.0.3] - ol7 image related changes [ 18.09.8-1.0.2] - Merge upstream for CVE fixes. oval:org.secpod.oval:def:1601101 A command injection flaw was discovered in Docker during the `docker build` command. By providing a specially crafted path argument for the container to build, it is possible to inject command options to the `git fetch`/`git checkout` commands that are executed by Docker and to execute code with the ... oval:org.secpod.oval:def:69756 Three security vulnerabilities have been discovered in the Docker container runtime: Insecure loading of NSS libraries in docker cp could result in execution of code with root privileges, sensitive data could be logged in debug mode and there was a command injection vulnerability in the docker build ... oval:org.secpod.oval:def:604526 Three security vulnerabilities have been discovered in the Docker container runtime: Insecure loading of NSS libraries in quot;docker cpquot; could result in execution of code with root privileges, sensitive data could be logged in debug mode and there was a command injection vulnerability in the qu ... oval:org.secpod.oval:def:1700743 Docker Engine before 18.09 allows attackers to cause a denial of service via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go. A command injection flaw was discovered in Docker during the `docker build` c ... oval:org.secpod.oval:def:1700781 Docker Engine before 18.09 allows attackers to cause a denial of service via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go. A command injection flaw was discovered in Docker during the `docker build` c ... |