Download
| Alert*
|
oval:org.secpod.oval:def:502165
Docker is a service providing container management on Linux. It was found that the fix for the CVE-2014-5277 issue was incomplete: the docker client could under certain circumstances erroneously fall back to HTTP when an HTTPS connection to a registry failed. This could allow a man-in-the-middle att ... oval:org.secpod.oval:def:24745 The host is installed with docker in RHEL 7 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle symbolic and hardlink issues. Successful exploitation could allow attackers to write to arbitrary files and execute arbitrary co ... oval:org.secpod.oval:def:1500818 Oracle Linux has issued an update for docker. This fixes two security issues, which can be exploited by malicious people to manipulat certain data and bypass certain security restrictions. oval:org.secpod.oval:def:1500863 Oracle Linux has issued an update for docker. This fixes two security issues, which can be exploited by malicious people to manipulate certain data and bypass certain security restrictions. oval:org.secpod.oval:def:1600036 Docker versions 1.3.0 through 1.3.1 allowed security options to be applied to images, allowing images to modify the default run profile of containers executing these images. This vulnerability could allow a malicious image creator to loosen the restrictions applied to a container"s processes, potent ... oval:org.secpod.oval:def:51008 A vulnerability was discovered in runc, which is used by Docker to run containers. runc did not prevent container processes from modifying the runc binary via /proc/self/exe. A malicious container could replace the runc binary, resulting in container escape and privilege escalation. This was fixed b ... |
