Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

41 – 50 of 53 results


CVE-2016-6595

Medium priority
Not affected

** DISPUTED ** The SwarmKit toolkit 1.12.0 for Docker allows remote authenticated users to cause a denial of service (prevention of cluster joins) via a long sequence of join and quit actions. NOTE: the vendor disputes this...

1 affected packages

docker.io

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
docker.io Not affected
Show less packages

CVE-2016-3697

Medium priority

Some fixes available 1 of 4

libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a...

2 affected packages

docker.io, runc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
docker.io Not affected
runc Not affected
Show less packages

CVE-2015-3631

Medium priority

Some fixes available 2 of 6

Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc.

1 affected packages

docker.io

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
docker.io Fixed
Show less packages

CVE-2015-3630

Medium priority

Some fixes available 2 of 6

Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and...

1 affected packages

docker.io

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
docker.io Fixed
Show less packages

CVE-2015-3629

Medium priority

Some fixes available 2 of 6

Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.

1 affected packages

docker.io

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
docker.io Fixed
Show less packages

CVE-2015-3627

Medium priority

Some fixes available 1 of 5

Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.

1 affected packages

docker.io

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
docker.io Not affected
Show less packages

CVE-2015-1843

Medium priority
Not affected

The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain...

1 affected packages

docker.io

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
docker.io
Show less packages

CVE-2014-9358

Medium priority
Ignored

Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation or (2) "registry communications."

1 affected packages

docker.io

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
docker.io Not affected
Show less packages

CVE-2014-9357

High priority
Not affected

Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction.

1 affected packages

docker.io

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
docker.io
Show less packages

CVE-2014-6408

Medium priority
Not affected

Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image.

1 affected packages

docker.io

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
docker.io
Show less packages