Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

31 – 40 of 54 results


CVE-2019-13509

Low priority
Not affected

In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack...

1 affected packages

docker.io

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
docker.io Not affected Not affected
Show less packages

CVE-2018-15664

Medium priority
Fixed

In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root...

1 affected packages

docker.io

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
docker.io Fixed Fixed
Show less packages

CVE-2019-5736

Medium priority
Fixed

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within...

2 affected packages

docker.io, runc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
docker.io Fixed Fixed
runc Fixed Fixed
Show less packages

CVE-2018-20699

Negligible priority
Fixed

Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and...

1 affected packages

docker.io

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
docker.io Fixed Fixed
Show less packages

CVE-2018-12608

Low priority
Fixed

An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client...

1 affected packages

docker.io

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
docker.io Fixed Fixed
Show less packages

CVE-2018-10892

Medium priority

Some fixes available 3 of 4

The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning...

1 affected packages

docker.io

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
docker.io Fixed Fixed
Show less packages

CVE-2014-5282

Medium priority
Ignored

Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'.

1 affected packages

docker.io

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
docker.io Not affected
Show less packages

CVE-2017-16539

Medium priority

Some fixes available 3 of 5

The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker...

1 affected packages

docker.io

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
docker.io Fixed Fixed
Show less packages

CVE-2017-14992

Low priority

Some fixes available 15 of 18

Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a...

2 affected packages

docker.io, golang-github-vbatts-tar-split

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
docker.io Fixed Fixed Fixed Fixed Fixed
golang-github-vbatts-tar-split Not affected Not affected Not affected Not affected Vulnerable
Show less packages

CVE-2014-0047

Low priority

Some fixes available 2 of 6

Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage.

1 affected packages

docker.io

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
docker.io Fixed
Show less packages