Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/582264?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "type": "deb", "namespace": "debian", "name": "docker.io", "version": "20.10.24+dfsg1-1+deb12u1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "26.1.4+dfsg1-9", "latest_non_vulnerable_version": "28.5.2+dfsg3-2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16303?format=api", "vulnerability_id": "VCID-1sky-21r5-3qcu", "summary": "Moby's external DNS requests from 'internal' networks could lead to data exfiltration\nMoby is an open source container framework originally developed by Docker Inc. as Docker. It is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. As a batteries-included container runtime, Moby comes with a built-in networking implementation that enables communication between containers, and between containers and external resources.\n\nMoby's networking implementation allows for creating and using many networks, each with their own subnet and gateway. This feature is frequently referred to as custom networks, as each network can have a different driver, set of parameters, and thus behaviors. When creating a network, the `--internal` flag is used to designate a network as _internal_. The `internal` attribute in a docker-compose.yml file may also be used to mark a network _internal_, and other API clients may specify the `internal` parameter as well.\n\nWhen containers with networking are created, they are assigned unique network interfaces and IP addresses (typically from a non-routable [RFC 1918](https://datatracker.ietf.org/doc/html/rfc1918) subnet). The root network namespace (hereafter referred to as the 'host') serves as a router for non-internal networks, with a gateway IP that provides SNAT/DNAT to/from container IPs.\n\nContainers on an _internal_ network may communicate between each other, but are precluded from communicating with any networks the host has access to (LAN or WAN) as no default route is configured, and firewall rules are set up to drop all outgoing traffic. Communication with the gateway IP address (and thus appropriately configured host services) is possible, and the host may communicate with any container IP directly.\n\nIn addition to configuring the Linux kernel's various networking features to enable container networking, `dockerd` directly provides some services to container networks. Principal among these is serving as a resolver, enabling service discovery (looking up other containers on the network by name), and resolution of names from an upstream resolver.\n\nWhen a DNS request for a name that does not correspond to a container is received, the request is forwarded to the configured upstream resolver (by default, the host's configured resolver). This request is made from the container network namespace: the level of access and routing of traffic is the same as if the request was made by the container itself.\n\nAs a consequence of this design, containers solely attached to _internal_ network(s) will be unable to resolve names using the upstream resolver, as the container itself is unable to communicate with that nameserver. Only the names of containers also attached to the internal network are able to be resolved.\n\nMany systems will run a local forwarding DNS resolver, typically present on a loopback address (`127.0.0.0/8`), such as systemd-resolved or dnsmasq. Common loopback address examples include `127.0.0.1` or `127.0.0.53`. As the host and any containers have separate loopback devices, a consequence of the design described above is that containers are unable to resolve names from the host's configured resolver, as they cannot reach these addresses on the host loopback device.\n\nTo bridge this gap, and to allow containers to properly resolve names even when a local forwarding resolver is used on a loopback address, `dockerd` will detect this scenario and instead forward DNS requests from the host/root network namespace. The loopback resolver will then forward the requests to its configured upstream resolvers, as expected.\n\n## Impact\n\nBecause `dockerd` will forward DNS requests to the host loopback device, bypassing the container network namespace's normal routing semantics entirely, _internal_ networks can unexpectedly forward DNS requests to an external nameserver.\n\nBy registering a domain for which they control the authoritative nameservers, an attacker could arrange for a compromised container to exfiltrate data by encoding it in DNS queries that will eventually be answered by their nameservers. For example, if the domain `evil.example` was registered, the authoritative nameserver(s) for that domain could (eventually and indirectly) receive a request for `this-is-a-secret.evil.example`.\n\nDocker Desktop is not affected, as Docker Desktop always runs an internal resolver on a RFC 1918 address.\n\n## Patches\n\nMoby releases 26.0.0-rc3, 25.0.5 (released) and 23.0.11 (to be released) are patched to prevent forwarding DNS requests from internal networks.\n\n## Workarounds\n\n- Run containers intended to be solely attached to _internal_ networks with a custom upstream address (`--dns` argument to `docker run`, or API equivalent), which will force all upstream DNS queries to be resolved from the container network namespace.\n\n## Background\n\n- yair zak originally reported this issue to the Docker security team.\n- PR <https://github.com/moby/moby/pull/46609> was opened in public to fix this issue, as it was not originally considered to have a security implication.\n- [The official documentation](https://docs.docker.com/network/drivers/ipvlan/#:~:text=If%20the%20parent,the%20network%20completely) claims that \"the `--internal` flag that will completely isolate containers on a network from any communications external to that network,\" which necessitated this advisory and CVE.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29018.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29018.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29018", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49702", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.4975", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.49723", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.57968", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58021", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58023", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.5804", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58018", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.57998", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58028", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58027", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58004", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29018" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29018", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29018" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/moby/moby", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby" }, { "reference_url": "https://github.com/moby/moby/pull/46609", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-28T19:09:14Z/" } ], "url": "https://github.com/moby/moby/pull/46609" }, { "reference_url": "https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-28T19:09:14Z/" } ], "url": "https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068460", "reference_id": "1068460", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068460" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270591", "reference_id": "2270591", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270591" }, { "reference_url": "https://usn.ubuntu.com/7161-1/", "reference_id": "USN-7161-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7161-1/" }, { "reference_url": "https://usn.ubuntu.com/7161-2/", "reference_id": "USN-7161-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7161-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/921998?format=api", "purl": "pkg:deb/debian/docker.io@26.1.4%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.4%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-29018", "GHSA-mq39-4gv4-mvpx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1sky-21r5-3qcu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17210?format=api", "vulnerability_id": "VCID-6tg9-3vhh-muae", "summary": "Moby Race Condition vulnerability\nmoby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36621.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36621.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36621", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16419", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16524", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16485", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16465", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16528", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16587", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16594", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16648", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.1671", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16509", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16627", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36621" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36621", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36621" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gist.github.com/1047524396/5d44459edab5fafcdf86b43909b81135", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T17:13:03Z/" } ], "url": "https://gist.github.com/1047524396/5d44459edab5fafcdf86b43909b81135" }, { "reference_url": "https://github.com/advisories/GHSA-2mj3-vfvx-fc43", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2mj3-vfvx-fc43" }, { "reference_url": "https://github.com/moby/moby", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby" }, { "reference_url": "https://github.com/moby/moby/blob/v25.0.5/builder/builder-next/adapters/snapshot/layer.go#L24", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T17:13:03Z/" } ], "url": "https://github.com/moby/moby/blob/v25.0.5/builder/builder-next/adapters/snapshot/layer.go#L24" }, { "reference_url": "https://github.com/moby/moby/commit/37545cc644344dcb576cba67eb7b6f51a463d31e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T17:13:03Z/" } ], "url": "https://github.com/moby/moby/commit/37545cc644344dcb576cba67eb7b6f51a463d31e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36621", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36621" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2329522", "reference_id": "2329522", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2329522" }, { "reference_url": "https://usn.ubuntu.com/7474-1/", "reference_id": "USN-7474-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7474-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/921998?format=api", "purl": "pkg:deb/debian/docker.io@26.1.4%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.4%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-36621", "GHSA-2mj3-vfvx-fc43" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6tg9-3vhh-muae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17543?format=api", "vulnerability_id": "VCID-8e1u-z6kg-ryhc", "summary": "Moby Race Condition vulnerability\nmoby v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36623.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36623.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36623", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16921", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17194", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17245", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17025", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17116", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17174", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17149", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17102", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1704", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16976", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1698", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17017", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36623" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36623", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36623" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gist.github.com/1047524396/c192c0159a19bf58a4373b696467dc29", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T17:11:46Z/" } ], "url": "https://gist.github.com/1047524396/c192c0159a19bf58a4373b696467dc29" }, { "reference_url": "https://github.com/moby/moby", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby" }, { "reference_url": "https://github.com/moby/moby/blob/v25.0.3/pkg/streamformatter/streamformatter.go#L115", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T17:11:46Z/" } ], "url": "https://github.com/moby/moby/blob/v25.0.3/pkg/streamformatter/streamformatter.go#L115" }, { "reference_url": "https://github.com/moby/moby/commit/5689dabfb357b673abdb4391eef426f297d7d1bb", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T17:11:46Z/" } ], "url": "https://github.com/moby/moby/commit/5689dabfb357b673abdb4391eef426f297d7d1bb" }, { "reference_url": "https://github.com/moby/moby/commit/8e3bcf19748838b30e34d612832d1dc9d90363b8", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T17:11:46Z/" } ], "url": "https://github.com/moby/moby/commit/8e3bcf19748838b30e34d612832d1dc9d90363b8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36623", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36623" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2329519", "reference_id": "2329519", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2329519" }, { "reference_url": "https://usn.ubuntu.com/7474-1/", "reference_id": "USN-7474-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7474-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/921998?format=api", "purl": "pkg:deb/debian/docker.io@26.1.4%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.4%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-36623", "GHSA-gh5c-3h97-2f3q" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8e1u-z6kg-ryhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12968?format=api", "vulnerability_id": "VCID-b2qe-8u58-2qck", "summary": "IPv6 enabled on IPv4-only network interfaces\nIn 26.0.0 and 26.0.1, IPv6 is not disabled on network interfaces, including those belonging to networks where `--ipv6=false`.\n\n### Impact\n\nA container with an `ipvlan` or `macvlan` interface will normally be configured to share an external network link with the host machine. Because of this direct access, with IPv6 enabled:\n\n- Containers may be able to communicate with other hosts on the local network over link-local IPv6 addresses.\n- If router advertisements are being broadcast over the local network, containers may get SLAAC-assigned addresses.\n- The interface will be a member of IPv6 multicast groups.\n\nThis means interfaces in IPv4-only networks present an unexpectedly and unnecessarily increased attack surface.\n\nA container with an unexpected IPv6 address can do anything a container configured with an IPv6 address can do. That is, listen for connections on its IPv6 address, open connections to other nodes on the network over IPv6, or attempt a DoS attack by flooding packets from its IPv6 address. This has CVSS score AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L (2.7).\n\nBecause the container may not be constrained by an IPv6 firewall, there is increased potential for data exfiltration from the container. This has CVSS score AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N (4.7).\n\nA remote attacker could send malicious Router Advertisements to divert traffic to itself, a black-hole, or another device. The same attack is possible today for IPv4 macvlan/ipvlan endpoints with ARP spoofing, TLS is commonly used by Internet APIs to mitigate this risk. The presence of an IPv6 route could impact the container's availability by indirectly abusing the behaviour of software which behaves poorly in a dual-stack environment. For example, it could resolve a name to a DNS AAAA record and keep trying to connect over IPv6 without ever falling back to IPv4, potentially denying service to the container. This has CVSS score AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H (4.5).\n\n### Patches\n\nThe issue is patched in 26.0.2.\n\n### Workarounds\n\nTo completely disable IPv6 in a container, use `--sysctl=net.ipv6.conf.all.disable_ipv6=1` in the `docker create` or `docker run` command. Or, in the service configuration of a `compose` file, the equivalent:\n\n```\n sysctls:\n - net.ipv6.conf.all.disable_ipv6=1\n```\n\n### References\n\n- sysctl configuration using `docker run`:\n - https://docs.docker.com/reference/cli/docker/container/run/#sysctl\n- sysctl configuration using `docker compose`:\n - https://docs.docker.com/compose/compose-file/compose-file-v3/#sysctls", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32473.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32473.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32473", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26184", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26467", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.2651", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26286", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26353", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26403", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26412", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26366", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26307", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26317", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.2629", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26254", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32473" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/moby/moby", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby" }, { "reference_url": "https://github.com/moby/moby/commit/7cef0d9cd1cf221d8c0b7b7aeda69552649e0642", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T13:58:32Z/" } ], "url": "https://github.com/moby/moby/commit/7cef0d9cd1cf221d8c0b7b7aeda69552649e0642" }, { "reference_url": "https://github.com/moby/moby/security/advisories/GHSA-x84c-p2g9-rqv9", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T13:58:32Z/" } ], "url": "https://github.com/moby/moby/security/advisories/GHSA-x84c-p2g9-rqv9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32473", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32473" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070378", "reference_id": "1070378", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070378" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276026", "reference_id": "2276026", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276026" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/921998?format=api", "purl": "pkg:deb/debian/docker.io@26.1.4%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.4%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-32473", "GHSA-x84c-p2g9-rqv9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b2qe-8u58-2qck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15326?format=api", "vulnerability_id": "VCID-njcw-wc13-dqcz", "summary": "Classic builder cache poisoning\nThe classic builder cache system is prone to cache poisoning if the image is built `FROM scratch`.\nAlso, changes to some instructions (most important being `HEALTHCHECK` and `ONBUILD`) would not cause a cache miss.\n\n\nAn attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps.\n\nFor example, an attacker could create an image that is considered as a valid cache candidate for:\n```\nFROM scratch\nMAINTAINER Pawel\n```\n\nwhen in fact the malicious image used as a cache would be an image built from a different Dockerfile.\n\nIn the second case, the attacker could for example substitute a different `HEALTCHECK` command.\n\n\n### Impact\n\n23.0+ users are only affected if they explicitly opted out of Buildkit (`DOCKER_BUILDKIT=0` environment variable) or are using the `/build` API endpoint (which uses the classic builder by default).\n\nAll users on versions older than 23.0 could be impacted. An example could be a CI with a shared cache, or just a regular Docker user pulling a malicious image due to misspelling/typosquatting.\n\nImage build API endpoint (`/build`) and `ImageBuild` function from `github.com/docker/docker/client` is also affected as it the uses classic builder by default. \n\n\n### Patches\n\nPatches are included in Moby releases:\n\n- v25.0.2\n- v24.0.9\n- v23.0.10\n\n### Workarounds\n\n- Use `--no-cache` or use Buildkit if possible (`DOCKER_BUILDKIT=1`, it's default on 23.0+ assuming that the buildx plugin is installed).\n- Use `Version = types.BuilderBuildKit` or `NoCache = true` in `ImageBuildOptions` for `ImageBuild` call.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24557.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24557.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-24557", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24167", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24292", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24317", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24328", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.2431", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24367", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24409", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24392", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24348", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24281", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24464", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24498", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-24557" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24557", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24557" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/moby/moby", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby" }, { "reference_url": "https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T15:20:50Z/" } ], "url": "https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae" }, { "reference_url": "https://github.com/moby/moby/commit/fca702de7f71362c8d103073c7e4a1d0a467fadd", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/commit/fca702de7f71362c8d103073c7e4a1d0a467fadd" }, { "reference_url": "https://github.com/moby/moby/commit/fce6e0ca9bc000888de3daa157af14fa41fcd0ff", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/commit/fce6e0ca9bc000888de3daa157af14fa41fcd0ff" }, { "reference_url": "https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T15:20:50Z/" } ], "url": "https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24557", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24557" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071745", "reference_id": "1071745", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071745" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262352", "reference_id": "2262352", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262352" }, { "reference_url": "https://security.gentoo.org/glsa/202409-29", "reference_id": "GLSA-202409-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11749", "reference_id": "RHSA-2025:11749", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11749" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9340", "reference_id": "RHSA-2025:9340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9340" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/921998?format=api", "purl": "pkg:deb/debian/docker.io@26.1.4%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.4%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-24557", "GHSA-xw73-rw38-6vjc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-njcw-wc13-dqcz" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81130?format=api", "vulnerability_id": "VCID-14uu-1w2t-ekh2", "summary": "docker: Security regression of CVE-2016-9962 due to inclusion of vulnerable runc", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14300.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14300.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14300", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50168", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50213", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50242", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50191", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50245", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50237", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50265", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50238", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50227", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50272", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50273", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50247", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.5022", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14300" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848829", "reference_id": "1848829", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848829" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2653", "reference_id": "RHSA-2020:2653", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2653" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582262?format=api", "purl": "pkg:deb/debian/docker.io@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-14300" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-14uu-1w2t-ekh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36505?format=api", "vulnerability_id": "VCID-165g-hgmx-nybk", "summary": "Information Exposure in RunC\nRunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0116.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0116.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0123.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0123.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0127.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0127.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9962.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9962.json" }, { "reference_url": "https://access.redhat.com/security/vulnerabilities/cve-2016-9962", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/vulnerabilities/cve-2016-9962" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9962", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32117", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32067", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32242", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32205", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32078", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31897", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32079", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.3211", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32149", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32144", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.3209", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32063", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32112", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9962" }, { "reference_url": "https://bugzilla.suse.com/show_bug.cgi?id=1012568#c6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1012568#c6" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9962", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9962" }, { "reference_url": "http://seclists.org/fulldisclosure/2017/Jan/21", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2017/Jan/21" }, { "reference_url": "http://seclists.org/fulldisclosure/2017/Jan/29", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2017/Jan/29" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:S/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/docker/docker/releases/tag/v1.12.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/docker/docker/releases/tag/v1.12.6" }, { "reference_url": "https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5" }, { "reference_url": "https://github.com/opencontainers/runc/commit/5d93fed3d27f1e2bab58bad13b180a7a81d0b378", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/opencontainers/runc/commit/5d93fed3d27f1e2bab58bad13b180a7a81d0b378" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQAXJMMLRU7DD2IMG47SR2K4BOFFG7FZ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQAXJMMLRU7DD2IMG47SR2K4BOFFG7FZ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FINGBFMIXBG6B6ZWYH3TMRP5V3PDBNXR", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FINGBFMIXBG6B6ZWYH3TMRP5V3PDBNXR" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVM7FCOQMPKOFLDTUYSS4ES76DDM56VP", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVM7FCOQMPKOFLDTUYSS4ES76DDM56VP" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WUQ3MQNEL5IBZZLMLR72Q4YDCL2SCKRK", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WUQ3MQNEL5IBZZLMLR72Q4YDCL2SCKRK" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9962", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9962" }, { "reference_url": "https://security.gentoo.org/glsa/201701-34", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201701-34" }, { "reference_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9962", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9962" }, { "reference_url": "http://www.securityfocus.com/archive/1/540001/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/archive/1/540001/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/95361", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/95361" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1409531", "reference_id": "1409531", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1409531" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850951", "reference_id": "850951", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850951" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850952", "reference_id": "850952", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850952" }, { "reference_url": "https://security.archlinux.org/ASA-201701-19", "reference_id": "ASA-201701-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-19" }, { "reference_url": "https://security.archlinux.org/ASA-201805-11", "reference_id": "ASA-201805-11", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201805-11" }, { "reference_url": "https://security.archlinux.org/AVG-133", "reference_id": "AVG-133", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-133" }, { "reference_url": "https://security.archlinux.org/AVG-134", "reference_id": "AVG-134", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-134" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0116", "reference_id": "RHSA-2017:0116", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0116" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0123", "reference_id": "RHSA-2017:0123", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0123" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0127", "reference_id": "RHSA-2017:0127", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0127" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585480?format=api", "purl": "pkg:deb/debian/docker.io@1.13.1~ds1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@1.13.1~ds1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-9962", "GHSA-gp4j-w3vj-7299" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-165g-hgmx-nybk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52965?format=api", "vulnerability_id": "VCID-2hy3-uwad-mydt", "summary": "Privilege Escalation in Docker\nDocker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0820.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0820.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3499.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3499.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3499", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09389", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09452", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09352", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09264", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09341", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09401", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.094", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09248", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.0925", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09357", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.093", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09372", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09302", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3499" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1111687", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1111687" }, { "reference_url": "https://github.com/docker/docker/commit/707ef9618b3b26a0534a0af732a22f159eccfaa5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/docker/docker/commit/707ef9618b3b26a0534a0af732a22f159eccfaa5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3499", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:C/I:C/A:C" }, { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3499" }, { "reference_url": "https://rhn.redhat.com/errata/RHSA-2014-0820.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rhn.redhat.com/errata/RHSA-2014-0820.html" }, { "reference_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3499", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3499" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:1.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:docker:docker:1.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:1.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0820", "reference_id": "RHSA-2014:0820", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0820" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582262?format=api", "purl": "pkg:deb/debian/docker.io@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-3499", "GHSA-wxj3-qwv4-cvfm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2hy3-uwad-mydt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14029?format=api", "vulnerability_id": "VCID-2ttv-me4k-z7hx", "summary": "Path Traversal in Moby builder\nutil/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27534.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27534.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27534", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0077", "scoring_system": "epss", "scoring_elements": "0.73597", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0077", "scoring_system": "epss", "scoring_elements": "0.73565", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0077", "scoring_system": "epss", "scoring_elements": "0.73572", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0077", "scoring_system": "epss", "scoring_elements": "0.73562", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0077", "scoring_system": "epss", "scoring_elements": "0.73519", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0077", "scoring_system": "epss", "scoring_elements": "0.73472", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0077", "scoring_system": "epss", "scoring_elements": "0.735", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0077", "scoring_system": "epss", "scoring_elements": "0.73508", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0077", "scoring_system": "epss", "scoring_elements": "0.73526", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0077", "scoring_system": "epss", "scoring_elements": "0.73545", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0077", "scoring_system": "epss", "scoring_elements": "0.73469", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0077", "scoring_system": "epss", "scoring_elements": "0.73522", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0077", "scoring_system": "epss", "scoring_elements": "0.73478", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27534" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921154", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921154" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/moby/buildkit/pull/1462", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/buildkit/pull/1462" }, { "reference_url": "https://github.com/moby/moby/pull/40877", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/pull/40877" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27534", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27534" }, { "reference_url": "http://web.archive.org/web/20200530054359/https://docs.docker.com/engine/release-notes", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://web.archive.org/web/20200530054359/https://docs.docker.com/engine/release-notes" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582262?format=api", "purl": "pkg:deb/debian/docker.io@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-27534", "GHSA-6hwg-w5jg-9c6x" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2ttv-me4k-z7hx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18277?format=api", "vulnerability_id": "VCID-3eju-5upk-auhy", "summary": "`docker cp` allows unexpected chmod of host files in Moby Docker Engine\n## Impact\nA bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process.\n\n## Patches\nThis bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted.\n\n## Workarounds\nEnsure you only run trusted containers.\n\n## Credits\nThe Moby project would like to thank Lei Wang and Ruizhi Xiao for responsibly disclosing this issue in accordance with the [Moby security policy](https://github.com/moby/moby/blob/master/SECURITY.md).\n\n## For more information\nIf you have any questions or comments about this advisory:\n\n* [Open an issue](https://github.com/moby/moby/issues/new)\n* Email us at security@docker.com if you think you’ve found a security bug", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41089.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41089.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41089", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08756", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08652", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08679", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08727", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08651", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08728", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08752", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08753", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.0873", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08715", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08605", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08592", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08744", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41089" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41089", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41089" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/moby/moby", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby" }, { "reference_url": "https://github.com/moby/moby/commit/bce32e5c93be4caf1a592582155b9cb837fc129a", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/commit/bce32e5c93be4caf1a592582155b9cb837fc129a" }, { "reference_url": "https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41089", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41089" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2024-2913", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pkg.go.dev/vuln/GO-2024-2913" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2008592", "reference_id": "2008592", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2008592" }, { "reference_url": "https://security.archlinux.org/AVG-2440", "reference_id": "AVG-2440", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2440" }, { "reference_url": "https://security.gentoo.org/glsa/202409-29", "reference_id": "GLSA-202409-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-29" }, { "reference_url": "https://usn.ubuntu.com/5103-1/", "reference_id": "USN-5103-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5103-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583680?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583681?format=api", "purl": "pkg:deb/debian/docker.io@20.10.10%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.10%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-41089", "GHSA-v994-f8vw-g7j4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3eju-5upk-auhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18133?format=api", "vulnerability_id": "VCID-41ft-14gt-bbbq", "summary": "Authz zero length regression\nA security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass [authorization plugins (AuthZ)](https://docs.docker.com/engine/extend/plugins_authorization/) under specific circumstances. The base likelihood of this being exploited is low. This advisory outlines the issue, identifies the affected versions, and provides remediation steps for impacted users.\n\n### Impact\n\nUsing a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an [authorization plugin](https://docs.docker.com/engine/extend/plugins_authorization/) without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it.\n\n\nA security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine [v18.09.1](https://docs.docker.com/engine/release-notes/18.09/#security-fixes-1) in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted.\n\nDocker EE v19.03.x and all versions of Mirantis Container Runtime **are not vulnerable.**\n\n### Vulnerability details\n\n- **AuthZ bypass and privilege escalation:** An attacker could exploit a bypass using an API request with Content-Length set to 0, causing the Docker daemon to forward the request without the body to the AuthZ plugin, which might approve the request incorrectly.\n- **Initial fix:** The issue was fixed in Docker Engine [v18.09.1](https://docs.docker.com/engine/release-notes/18.09/#security-fixes-1) January 2019..\n- **Regression:** The fix was not included in Docker Engine v19.03 or newer versions. This was identified in April 2024 and patches were released for the affected versions on July 23, 2024. The issue was assigned [CVE-2024-41110](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41110).\n\n### Patches\n\n- docker-ce v27.1.1 containes patches to fix the vulnerability.\n- Patches have also been merged into the master, 19.0, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches.\n\n### Remediation steps\n\n- If you are running an affected version, update to the most recent patched version.\n- Mitigation if unable to update immediately:\n - Avoid using AuthZ plugins.\n - Restrict access to the Docker API to trusted parties, following the principle of least privilege.\n\n\n### References\n\n- https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb\n- https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1\n- https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41110.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41110.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41110", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03033", "scoring_system": "epss", "scoring_elements": "0.8669", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.03417", "scoring_system": "epss", "scoring_elements": "0.87459", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.04028", "scoring_system": "epss", "scoring_elements": "0.88486", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04028", "scoring_system": "epss", "scoring_elements": "0.88487", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04028", "scoring_system": "epss", "scoring_elements": "0.88497", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.04028", "scoring_system": "epss", "scoring_elements": "0.88501", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.04028", "scoring_system": "epss", "scoring_elements": "0.88494", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04028", "scoring_system": "epss", "scoring_elements": "0.88484", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04028", "scoring_system": "epss", "scoring_elements": "0.88478", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04028", "scoring_system": "epss", "scoring_elements": "0.88459", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04028", "scoring_system": "epss", "scoring_elements": "0.88455", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04028", "scoring_system": "epss", "scoring_elements": "0.8844", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41110" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41110", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41110" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/moby/moby", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby" }, { "reference_url": "https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/" } ], "url": "https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191" }, { "reference_url": "https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/" } ], "url": "https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76" }, { "reference_url": "https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/" } ], "url": "https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919" }, { "reference_url": "https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/" } ], "url": "https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b" }, { "reference_url": "https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/" } ], "url": "https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0" }, { "reference_url": "https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/" } ], "url": "https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1" }, { "reference_url": "https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/" } ], "url": "https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00" }, { "reference_url": "https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/" } ], "url": "https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f" }, { "reference_url": "https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/" } ], "url": "https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801" }, { "reference_url": "https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/" } ], "url": "https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb" }, { "reference_url": "https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/" } ], "url": "https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41110", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41110" }, { "reference_url": "https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/" } ], "url": "https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2299720", "reference_id": "2299720", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2299720" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3714", "reference_id": "RHSA-2025:3714", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3714" }, { "reference_url": "https://usn.ubuntu.com/7161-1/", "reference_id": "USN-7161-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7161-1/" }, { "reference_url": "https://usn.ubuntu.com/7161-2/", "reference_id": "USN-7161-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7161-2/" }, { "reference_url": "https://usn.ubuntu.com/7161-3/", "reference_id": "USN-7161-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7161-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584129?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584130?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-41110", "GHSA-v23v-6jw2-98fq" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-41ft-14gt-bbbq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83350?format=api", "vulnerability_id": "VCID-43es-2d6x-jba8", "summary": "docker: container breakout without selinux in enforcing mode", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html" }, { "reference_url": "https://access.redhat.com/errata/RHBA-2018:2796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHBA-2018:2796" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10892.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10892.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10892", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30061", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29842", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29967", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29982", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29962", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29916", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30098", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30147", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.2996", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.3002", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30056", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.3006", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30016", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10892" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10892", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10892" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10892", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10892" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/moby/moby/pull/37404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moby/moby/pull/37404" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1598581", "reference_id": "1598581", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1598581" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908057", "reference_id": "908057", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908057" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:community_edition:*:*:*", "reference_id": "cpe:2.3:a:docker:docker:*:*:*:*:community_edition:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:community_edition:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:enterprise_edition:*:*:*", "reference_id": "cpe:2.3:a:docker:docker:*:*:*:*:enterprise_edition:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:enterprise_edition:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10892", "reference_id": "CVE-2018-10892", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10892" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2482", "reference_id": "RHSA-2018:2482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2482" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584476?format=api", "purl": "pkg:deb/debian/docker.io@18.06.1%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.06.1%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-10892" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-43es-2d6x-jba8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53104?format=api", "vulnerability_id": "VCID-4mf3-mmz6-2kfs", "summary": "Information Exposure in Docker Engine\nDocker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3630.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3630.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3630", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29471", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29186", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29301", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29346", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29372", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.2935", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29403", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29448", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29443", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29405", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29402", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29338", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29519", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3630" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3630", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3630" }, { "reference_url": "https://github.com/moby/moby", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby" }, { "reference_url": "https://github.com/moby/moby/commit/545b440a80f676a506e5837678dd4c4f65e78660", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/commit/545b440a80f676a506e5837678dd4c4f65e78660" }, { "reference_url": "https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ" }, { "reference_url": "https://groups.google.com/forum/#!searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ" }, { "reference_url": "https://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3630", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3630" }, { "reference_url": "https://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html" }, { "reference_url": "https://seclists.org/fulldisclosure/2015/May/28", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/fulldisclosure/2015/May/28" }, { "reference_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3630", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3630" }, { "reference_url": "https://www.securityfocus.com/bid/74566", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.securityfocus.com/bid/74566" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1219063", "reference_id": "1219063", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1219063" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784726", "reference_id": "784726", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784726" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583905?format=api", "purl": "pkg:deb/debian/docker.io@1.6.1%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@1.6.1%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-3630", "GHSA-8fvr-5rqf-3wwh" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4mf3-mmz6-2kfs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81129?format=api", "vulnerability_id": "VCID-5syq-v7xj-zqcv", "summary": "docker: Security regression of CVE-2019-5736 due to inclusion of vulnerable runc", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14298.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14298.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14298", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32712", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32843", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32879", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32699", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32747", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32774", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32775", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32738", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32751", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32728", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32697", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32546", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14298" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848239", "reference_id": "1848239", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848239" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2653", "reference_id": "RHSA-2020:2653", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2653" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582262?format=api", "purl": "pkg:deb/debian/docker.io@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-14298" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5syq-v7xj-zqcv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52953?format=api", "vulnerability_id": "VCID-6gxe-db4h-93ex", "summary": "Symlink Attack in Libcontainer and Docker Engine\nLibcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3627.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3627.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3627", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28317", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28538", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28578", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.2858", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28536", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28487", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28503", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.2848", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28432", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28539", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28625", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.2867", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28473", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3627" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3627", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3627" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.2", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:P/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/docker/docker/commit/d5ebb60bddbabea0439213501f4f6ed494b23cba", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/docker/docker/commit/d5ebb60bddbabea0439213501f4f6ed494b23cba" }, { "reference_url": "https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ" }, { "reference_url": "https://groups.google.com/forum/#!searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ" }, { "reference_url": "https://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3627", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3627" }, { "reference_url": "https://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html" }, { "reference_url": "https://seclists.org/fulldisclosure/2015/May/28", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/fulldisclosure/2015/May/28" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1219061", "reference_id": "1219061", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1219061" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784726", "reference_id": "784726", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784726" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583905?format=api", "purl": "pkg:deb/debian/docker.io@1.6.1%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@1.6.1%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-3627", "GHSA-g7v2-2qxx-wjrw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6gxe-db4h-93ex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39463?format=api", "vulnerability_id": "VCID-6vru-hsfs-rufg", "summary": "Multiple vulnerabilities have been found in containerd, the worst\n of which could result in privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15257.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15257.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15257", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11147", "scoring_system": "epss", "scoring_elements": "0.93495", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.11147", "scoring_system": "epss", "scoring_elements": "0.93501", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.11147", "scoring_system": "epss", "scoring_elements": "0.93442", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.11147", "scoring_system": "epss", "scoring_elements": "0.9345", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.11147", "scoring_system": "epss", "scoring_elements": "0.93458", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.11147", "scoring_system": "epss", "scoring_elements": "0.93466", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.11147", "scoring_system": "epss", "scoring_elements": "0.9347", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.11147", "scoring_system": "epss", "scoring_elements": "0.93475", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.11997", "scoring_system": "epss", "scoring_elements": "0.93802", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.11997", "scoring_system": "epss", "scoring_elements": "0.93806", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15257" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/containerd/containerd/commit/4a4bb851f5da563ff6e68a83dc837c7699c469ad", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/containerd/containerd/commit/4a4bb851f5da563ff6e68a83dc837c7699c469ad" }, { "reference_url": "https://github.com/containerd/containerd/releases/tag/v1.4.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/containerd/containerd/releases/tag/v1.4.3" }, { "reference_url": "https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNKXLOLZWO5FMAPX63ZL7JNKTNNT5NQD", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNKXLOLZWO5FMAPX63ZL7JNKTNNT5NQD" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15257", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15257" }, { "reference_url": "https://research.nccgroup.com/2020/12/10/abstract-shimmer-cve-2020-15257-host-networking-is-root-equivalent-again", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://research.nccgroup.com/2020/12/10/abstract-shimmer-cve-2020-15257-host-networking-is-root-equivalent-again" }, { "reference_url": "https://security.gentoo.org/glsa/202105-33", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202105-33" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4865", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4865" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1899487", "reference_id": "1899487", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1899487" }, { "reference_url": "https://security.archlinux.org/ASA-202012-8", "reference_id": "ASA-202012-8", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202012-8" }, { "reference_url": "https://security.archlinux.org/AVG-1309", "reference_id": "AVG-1309", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1309" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:2183", "reference_id": "RHSA-2022:2183", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:2183" }, { "reference_url": "https://usn.ubuntu.com/4653-1/", "reference_id": "USN-4653-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4653-1/" }, { "reference_url": "https://usn.ubuntu.com/4653-2/", "reference_id": "USN-4653-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4653-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586703?format=api", "purl": "pkg:deb/debian/docker.io@20.10.0~rc1%2Bdfsg2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.0~rc1%252Bdfsg2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-15257", "GHSA-36xw-fx78-c5r4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6vru-hsfs-rufg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86084?format=api", "vulnerability_id": "VCID-7z14-w8da-rufv", "summary": "docker: tagging image to ID can redirect images on subsequent pulls", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5282.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5282.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5282", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68837", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68854", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68875", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68856", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68906", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68924", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68947", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68933", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68904", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68944", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68955", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68935", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00581", "scoring_system": "epss", "scoring_elements": "0.68986", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5282" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5282", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5282" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1168436", "reference_id": "1168436", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1168436" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585114?format=api", "purl": "pkg:deb/debian/docker.io@1.3.0~dfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@1.3.0~dfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-5282" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7z14-w8da-rufv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48375?format=api", "vulnerability_id": "VCID-8uuk-1592-syg2", "summary": "Path Traversal in Docker\nPath traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9356.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9356.json" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2014-9356", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/cve-2014-9356" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9356", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01018", "scoring_system": "epss", "scoring_elements": "0.77225", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01018", "scoring_system": "epss", "scoring_elements": "0.77147", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01018", "scoring_system": "epss", "scoring_elements": "0.77259", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01018", "scoring_system": "epss", "scoring_elements": "0.77136", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01018", "scoring_system": "epss", "scoring_elements": "0.77165", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01018", "scoring_system": "epss", "scoring_elements": "0.7718", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01018", "scoring_system": "epss", "scoring_elements": "0.77233", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01018", "scoring_system": "epss", "scoring_elements": "0.77232", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01018", "scoring_system": "epss", "scoring_elements": "0.77192", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01018", "scoring_system": "epss", "scoring_elements": "0.77195", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01018", "scoring_system": "epss", "scoring_elements": "0.77216", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01018", "scoring_system": "epss", "scoring_elements": "0.77189", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01018", "scoring_system": "epss", "scoring_elements": "0.7713", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9356" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1172761", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1172761" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9356" }, { "reference_url": "https://github.com/moby/moby", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby" }, { "reference_url": "https://groups.google.com/forum/#%21msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#%21msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9356", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9356" }, { "reference_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9356", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9356" }, { "reference_url": "http://www.securityfocus.com/archive/1/archive/1/534215/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/archive/1/archive/1/534215/100/0/threaded" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772909", "reference_id": "772909", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772909" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0623", "reference_id": "RHSA-2015:0623", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0623" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583203?format=api", "purl": "pkg:deb/debian/docker.io@1.3.3~dfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@1.3.3~dfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-9356", "GHSA-vj3f-3286-r4pf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8uuk-1592-syg2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85738?format=api", "vulnerability_id": "VCID-9zkj-h3wh-afb6", "summary": "docker: regression of CVE-2014-5277", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1843.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1843.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1843", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01544", "scoring_system": "epss", "scoring_elements": "0.81322", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01544", "scoring_system": "epss", "scoring_elements": "0.81331", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01544", "scoring_system": "epss", "scoring_elements": "0.81353", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01544", "scoring_system": "epss", "scoring_elements": "0.81352", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01544", "scoring_system": "epss", "scoring_elements": "0.8138", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01544", "scoring_system": "epss", "scoring_elements": "0.81385", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01544", "scoring_system": "epss", "scoring_elements": "0.81407", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01544", "scoring_system": "epss", "scoring_elements": "0.81394", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01544", "scoring_system": "epss", "scoring_elements": "0.81386", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01544", "scoring_system": "epss", "scoring_elements": "0.81423", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01544", "scoring_system": "epss", "scoring_elements": "0.81424", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01544", "scoring_system": "epss", "scoring_elements": "0.81425", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01544", "scoring_system": "epss", "scoring_elements": "0.81446", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1843" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1206443", "reference_id": "1206443", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1206443" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0776", "reference_id": "RHSA-2015:0776", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0776" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582262?format=api", "purl": "pkg:deb/debian/docker.io@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-1843" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9zkj-h3wh-afb6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55518?format=api", "vulnerability_id": "VCID-ahbf-gwnw-nufp", "summary": "Docker Moby /proc/scsi Path Exposure Allows Host Data Loss (SCSI MICDROP)\nThe DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a \"scsi remove-single-device\" line to /proc/scsi/scsi, aka SCSI MICDROP.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16539.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16539.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16539", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63424", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63406", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63427", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.6342", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63298", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63385", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63438", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63421", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63403", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63351", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63359", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63386", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16539" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16539", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16539" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:N/I:P/A:P" }, { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/moby/moby", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby" }, { "reference_url": "https://github.com/moby/moby/commit/a21ecdf3c8a343a7c94e4c4d01b178c87ca7aaa1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/commit/a21ecdf3c8a343a7c94e4c4d01b178c87ca7aaa1" }, { "reference_url": "https://github.com/moby/moby/pull/35399", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T15:10:20Z/" } ], "url": "https://github.com/moby/moby/pull/35399" }, { "reference_url": "https://github.com/moby/moby/pull/35399/commits/a21ecdf3c8a343a7c94e4c4d01b178c87ca7aaa1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T15:10:20Z/" } ], "url": "https://github.com/moby/moby/pull/35399/commits/a21ecdf3c8a343a7c94e4c4d01b178c87ca7aaa1" }, { "reference_url": "https://marc.info/?l=linux-scsi&m=150985062200941&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T15:10:20Z/" } ], "url": "https://marc.info/?l=linux-scsi&m=150985062200941&w=2" }, { "reference_url": "https://marc.info/?l=linux-scsi&m=150985455801444&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T15:10:20Z/" } ], "url": "https://marc.info/?l=linux-scsi&m=150985455801444&w=2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16539", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16539" }, { "reference_url": "https://twitter.com/ewindisch/status/926443521820774401", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T15:10:20Z/" } ], "url": "https://twitter.com/ewindisch/status/926443521820774401" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1516205", "reference_id": "1516205", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1516205" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900140", "reference_id": "900140", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900140" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583093?format=api", "purl": "pkg:deb/debian/docker.io@1.13.1~ds3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@1.13.1~ds3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-16539", "GHSA-vfjc-2qcw-j95j" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ahbf-gwnw-nufp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84964?format=api", "vulnerability_id": "VCID-au62-jayw-u7hx", "summary": "docker: DoS via repeatedly joining and quitting swarm cluster as a node", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6595.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6595.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6595", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00649", "scoring_system": "epss", "scoring_elements": "0.7073", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00649", "scoring_system": "epss", "scoring_elements": "0.70745", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00649", "scoring_system": "epss", "scoring_elements": "0.70763", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00649", "scoring_system": "epss", "scoring_elements": "0.70739", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00649", "scoring_system": "epss", "scoring_elements": "0.70784", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00649", "scoring_system": "epss", "scoring_elements": "0.70801", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00649", "scoring_system": "epss", "scoring_elements": "0.70823", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00649", "scoring_system": "epss", "scoring_elements": "0.70807", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00649", "scoring_system": "epss", "scoring_elements": "0.70792", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00649", "scoring_system": "epss", "scoring_elements": "0.70837", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00649", "scoring_system": "epss", "scoring_elements": "0.70843", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00649", "scoring_system": "epss", "scoring_elements": "0.7082", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00649", "scoring_system": "epss", "scoring_elements": "0.70873", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6595" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1364008", "reference_id": "1364008", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1364008" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582262?format=api", "purl": "pkg:deb/debian/docker.io@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-6595" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-au62-jayw-u7hx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52363?format=api", "vulnerability_id": "VCID-avqu-wswg-c3ga", "summary": "Docker supplementary group permissions not set up properly, allowing attackers to bypass primary group restrictions\nMoby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. This bug is fixed in Moby (Docker Engine) 20.10.18. Users should update to this version when it is available. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade, this problem can be worked around by not using the `\"USER $USERNAME\"` Dockerfile instruction. Instead by calling `ENTRYPOINT [\"su\", \"-\", \"user\"]` the supplementary groups will be set up properly.\n\nThanks to Steven Murdoch for reporting this issue.\n\n----\n\n### Impact\n\nIf an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. \n\n### Patches\n\n This bug is fixed in Moby (Docker Engine) 20.10.18. Users should update to this version when it is available.\n\n### Workarounds\n\nThis problem can be worked around by not using the `\"USER $USERNAME\"` Dockerfile instruction. Instead by calling `ENTRYPOINT [\"su\", \"-\", \"user\"]` the supplementary groups will be set up properly.\n\n### References\n\nhttps://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* [Open an issue](https://github.com/moby/moby/issues/new)\n* Email us at [security@docker.com](mailto:security@docker.com)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36109.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36109.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36109", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12425", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12533", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12576", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12384", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12464", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12514", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12487", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12449", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12409", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12309", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.1231", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12421", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36109" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36109", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36109" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/moby/moby", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby" }, { "reference_url": "https://github.com/moby/moby/commit/de7af816e76a7fd3fbf06bffa6832959289fba32", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:05Z/" } ], "url": "https://github.com/moby/moby/commit/de7af816e76a7fd3fbf06bffa6832959289fba32" }, { "reference_url": "https://github.com/moby/moby/releases/tag/v20.10.18", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:05Z/" } ], "url": "https://github.com/moby/moby/releases/tag/v20.10.18" }, { "reference_url": "https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:05Z/" } ], "url": "https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7JL2QA3RB732MLJ3RMUXB3IB7AA22YU", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7JL2QA3RB732MLJ3RMUXB3IB7AA22YU" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQQ4E3JBXVR3VK5FIZVJ3QS2TAOOXXTQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQQ4E3JBXVR3VK5FIZVJ3QS2TAOOXXTQ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7JL2QA3RB732MLJ3RMUXB3IB7AA22YU", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7JL2QA3RB732MLJ3RMUXB3IB7AA22YU" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQQ4E3JBXVR3VK5FIZVJ3QS2TAOOXXTQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQQ4E3JBXVR3VK5FIZVJ3QS2TAOOXXTQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36109", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36109" }, { "reference_url": "https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:05Z/" } ], "url": "https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019601", "reference_id": "1019601", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019601" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127290", "reference_id": "2127290", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127290" }, { "reference_url": "https://security.gentoo.org/glsa/202409-29", "reference_id": "GLSA-202409-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-29" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/921996?format=api", "purl": "pkg:deb/debian/docker.io@20.10.19%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.19%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-36109", "GHSA-rc4r-wh2q-q6c4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-avqu-wswg-c3ga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18958?format=api", "vulnerability_id": "VCID-bhju-575k-ebh3", "summary": "Docker CLI leaks private registry credentials to registry-1.docker.io\n## Impact\n\nA bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry.\n\n## Patches\n\nThis bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible.\n\n## Workarounds\n\nEnsure that any configured `credsStore` or `credHelpers` entries in the configuration file reference an installed credential helper that is executable and on the `PATH`.\n\n## For more information\n\nIf you have any questions or comments about this advisory:\n\n* [Open an issue](https://github.com/docker/cli/issues/new/choose)\n* Email us at security@docker.com if you think you’ve found a security bug", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41092.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41092.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41092", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22778", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22948", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22984", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22991", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22977", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23034", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.2307", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.2305", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22998", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22925", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23134", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23089", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22923", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41092" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41092", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41092" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/docker/cli/commit/893e52cf4ba4b048d72e99748e0f86b2767c6c6b", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/docker/cli/commit/893e52cf4ba4b048d72e99748e0f86b2767c6c6b" }, { "reference_url": "https://github.com/docker/cli/security/advisories/GHSA-99pg-grm5-qq3v", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/docker/cli/security/advisories/GHSA-99pg-grm5-qq3v" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41092", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41092" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023449", "reference_id": "2023449", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023449" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998292", "reference_id": "998292", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998292" }, { "reference_url": "https://security.archlinux.org/AVG-2440", "reference_id": "AVG-2440", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2440" }, { "reference_url": "https://usn.ubuntu.com/5134-1/", "reference_id": "USN-5134-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5134-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583680?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583681?format=api", "purl": "pkg:deb/debian/docker.io@20.10.10%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.10%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-41092", "GHSA-99pg-grm5-qq3v" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bhju-575k-ebh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/30539?format=api", "vulnerability_id": "VCID-bzeb-kj67-vfds", "summary": "Docker Swarm encrypted overlay network may be unauthenticated\n[Moby](https://mobyproject.org/) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as [moby/moby](https://github.com/moby/moby) is commonly referred to as *Docker*.\n\nSwarm Mode, which is compiled in and delivered by default in `dockerd` and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of [SwarmKit](https://github.com/moby/swarmkit) and supporting network code.\n\nThe `overlay` network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of [VXLAN](https://en.wikipedia.org/wiki/Virtual_Extensible_LAN), which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes.\n\nEncrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the [IPsec Encapsulating Security Payload](https://en.wikipedia.org/wiki/IPsec#Encapsulating_Security_Payload) protocol in [Transport mode](https://en.wikipedia.org/wiki/IPsec#Transport_mode). By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption.\n\nWhen setting an endpoint up on an encrypted overlay network, Moby installs three [iptables](https://www.netfilter.org/projects/iptables/index.html) (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the `u32` iptables extension provided by the `xt_u32` kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN.\n\n[Two iptables rules](https://github.com/moby/libnetwork/blob/d9fae4c73daf76c3b0f77e14b45b8bf612ba764d/drivers/overlay/encryption.go#L230-L234) serve to filter incoming VXLAN datagrams with a VNI that corresponds to an encrypted network and discards unencrypted datagrams. The rules are appended to the end of the `INPUT` filter chain, following any rules that have been previously set by the system administrator. Administrator-set rules take precedence over the rules Moby sets to discard unencrypted VXLAN datagrams, which can potentially admit unencrypted datagrams that should have been discarded.\n\nOn Red Hat Enterprise Linux and derivatives such as CentOS and Rocky, the `xt_u32` module has been:\n* [moved to the kernel-modules-extra package and no longer installed by default in RHEL 8.3](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/rhel-8-3-0-release#technology-preview_networking)\n* [officially deprecated in RHEL 8.6](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/deprecated_functionality#deprecated-functionality_networking)\n* [removed completely in RHEL 9](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/considerations_in_adopting_rhel_9/assembly_networking_considerations-in-adopting-rhel-9#ref_firewall-networking_assembly_networking)\n\nThese rules are not created when `xt_u32` is unavailable, even though the container is still attached to the network.\n\n## Impact\nEncrypted overlay networks on affected configurations silently accept cleartext VXLAN datagrams that are tagged with the VNI of an encrypted overlay network. As a result, it is possible to inject arbitrary Ethernet frames into the encrypted overlay network by encapsulating them in VXLAN datagrams.\n\nThe injection of arbitrary Ethernet frames can enable a Denial of Service attack. A sophisticated attacker may be able to establish a UDP or TCP connection by way of the container’s outbound gateway that would otherwise be blocked by a stateful firewall, or carry out other escalations beyond simple injection by smuggling packets into the overlay network.\n\n## Patches\nPatches are available in Moby releases 23.0.3, and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16.\n\n## Workarounds\n* Close the VXLAN port (by default, UDP port 4789) to incoming traffic at the Internet boundary (see [GHSA-vwm3-crmr-xfxw](https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw)) to prevent all VXLAN packet injection.\n* Ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.\n\n## Background\n* [#43382](https://github.com/moby/moby/issues/43382) partially discussed this concern, but did not consider the security implications.\n* Mirantis FIELD-5788 essentially duplicates [#43382](https://github.com/moby/moby/issues/43382), and was created six months earlier; it similarly overlooked the security implications.\n* [#45118](https://github.com/moby/moby/pull/45118) is the ancestor of the final patches, and was where the security implications were discovered.\n\n## Related\n* [CVE-2023-28841: Encrypted overlay network traffic may be unencrypted](https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237)\n* [CVE-2023-28842: Encrypted overlay network with a single endpoint is unauthenticated](https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p)\n* [GHSA-vwm3-crmr-xfxw: The Swarm VXLAN port may be exposed to attack due to ambiguous documentation](https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw)\n* [GHSA-gvm4-2qqg-m333: Security issues in encrypted overlay networks](https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333) (libnetwork)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28840.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28840.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28840", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.63771", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.63746", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65134", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65098", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65126", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65127", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65143", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65136", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65117", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65103", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65054", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00652", "scoring_system": "epss", "scoring_elements": "0.70963", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28840" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28840", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28840" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:31:15Z/" } ], "url": "https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333" }, { "reference_url": "https://github.com/moby/moby", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby" }, { "reference_url": "https://github.com/moby/moby/issues/43382", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:31:15Z/" } ], "url": "https://github.com/moby/moby/issues/43382" }, { "reference_url": "https://github.com/moby/moby/pull/45118", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:31:15Z/" } ], "url": "https://github.com/moby/moby/pull/45118" }, { "reference_url": "https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:31:15Z/" } ], "url": "https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp" }, { "reference_url": "https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:31:15Z/" } ], "url": "https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237" }, { "reference_url": "https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:31:15Z/" } ], "url": "https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p" }, { "reference_url": "https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:31:15Z/" } ], "url": "https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28840", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28840" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184683", "reference_id": "2184683", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184683" }, { "reference_url": "https://security.gentoo.org/glsa/202409-29", "reference_id": "GLSA-202409-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-29" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/", "reference_id": "LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:31:15Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/" }, { "reference_url": "https://usn.ubuntu.com/7474-1/", "reference_id": "USN-7474-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7474-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/", "reference_id": "XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:31:15Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/", "reference_id": "ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:31:15Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/921997?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-28840", "GHSA-232p-vwff-86mp" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bzeb-kj67-vfds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53023?format=api", "vulnerability_id": "VCID-cey6-s9jk-s7cf", "summary": "Arbitrary Code Execution\nDocker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9357.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9357.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9357", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.36182", "scoring_system": "epss", "scoring_elements": "0.97095", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.36182", "scoring_system": "epss", "scoring_elements": "0.97118", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.36182", "scoring_system": "epss", "scoring_elements": "0.97117", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.36182", "scoring_system": "epss", "scoring_elements": "0.97112", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.36182", "scoring_system": "epss", "scoring_elements": "0.97109", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.36182", "scoring_system": "epss", "scoring_elements": "0.971", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.36182", "scoring_system": "epss", "scoring_elements": "0.97072", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.36182", "scoring_system": "epss", "scoring_elements": "0.9708", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.36182", "scoring_system": "epss", "scoring_elements": "0.97084", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.36182", "scoring_system": "epss", "scoring_elements": "0.97085", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.36182", "scoring_system": "epss", "scoring_elements": "0.97099", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9357" }, { "reference_url": "https://github.com/docker/docker/compare/aef842e7dfb534aba22c3c911de525ce9ac12b72...313a1b7620910e47d888f8b0a6a5eb06ad9c1ff2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/docker/docker/compare/aef842e7dfb534aba22c3c911de525ce9ac12b72...313a1b7620910e47d888f8b0a6a5eb06ad9c1ff2" }, { "reference_url": "https://github.com/moby/moby/blob/master/CHANGELOG.md#133-2014-12-11", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/blob/master/CHANGELOG.md#133-2014-12-11" }, { "reference_url": "https://groups.google.com/forum/#%21msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#%21msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ" }, { "reference_url": "https://groups.google.com/forum/#!msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9357", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:C/I:C/A:C" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9357" }, { "reference_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9357", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9357" }, { "reference_url": "http://www.securityfocus.com/archive/1/534215/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/archive/1/534215/100/0/threaded" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1172782", "reference_id": "1172782", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1172782" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772909", "reference_id": "772909", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772909" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:1.3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:docker:docker:1.3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:1.3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0623", "reference_id": "RHSA-2015:0623", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0623" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583203?format=api", "purl": "pkg:deb/debian/docker.io@1.3.3~dfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@1.3.3~dfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-9357", "GHSA-997c-fj8j-rq5h" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cey6-s9jk-s7cf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85495?format=api", "vulnerability_id": "VCID-e6sp-khpk-r3d8", "summary": "docker: Manifest validation and parsing logic errors allow pull-by-digest validation bypass", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8179.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8179.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8179", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.8161", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.81622", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.81643", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.8164", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.81668", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.81672", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.81692", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.8168", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.81673", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.81712", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.81715", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.8174", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8179" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8179", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8179" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271256", "reference_id": "1271256", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271256" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583969?format=api", "purl": "pkg:deb/debian/docker.io@1.8.3~ds1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@1.8.3~ds1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-8179" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e6sp-khpk-r3d8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/30513?format=api", "vulnerability_id": "VCID-e82r-vc77-f7bz", "summary": "Docker Swarm encrypted overlay network with a single endpoint is unauthenticated\n[Moby](https://mobyproject.org/) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as [moby/moby](https://github.com/moby/moby) is commonly referred to as *Docker*.\n\nSwarm Mode, which is compiled in and delivered by default in `dockerd` and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of [SwarmKit](https://github.com/moby/swarmkit) and supporting network code.\n\nThe `overlay` network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of [VXLAN](https://en.wikipedia.org/wiki/Virtual_Extensible_LAN), which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes.\n\nEncrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the [IPsec Encapsulating Security Payload](https://en.wikipedia.org/wiki/IPsec#Encapsulating_Security_Payload) protocol in [Transport mode](https://en.wikipedia.org/wiki/IPsec#Transport_mode). By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption.\n\nWhen setting an endpoint up on an encrypted overlay network, Moby installs three [iptables](https://www.netfilter.org/projects/iptables/index.html) (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the `u32` iptables extension provided by the `xt_u32` kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN.\n\nThe `overlay` driver dynamically and lazily defines the kernel configuration for the VXLAN network on each node as containers are attached and detached. Routes and encryption parameters are only defined for destination nodes that participate in the network. The iptables rules that prevent encrypted overlay networks from accepting unencrypted packets are not created until a peer is available with which to communicate.\n\n## Impact\nEncrypted overlay networks silently accept cleartext VXLAN datagrams that are tagged with the VNI of an encrypted overlay network. As a result, it is possible to inject arbitrary Ethernet frames into the encrypted overlay network by encapsulating them in VXLAN datagrams. The implications of this can be quite dire, and [GHSA-vwm3-crmr-xfxw](https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw) should be referenced for a deeper exploration.\n\n## Patches\nPatches are available in Moby releases 23.0.3, and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16.\n\n## Workarounds\n* In multi-node clusters, deploy a global ‘pause’ container for each encrypted overlay network, on every node. For example, use the `registry.k8s.io/pause` image and a `--mode global` service.\n* For a single-node cluster, do not use overlay networks of any sort. Bridge networks provide the same connectivity on a single node and have no multi-node features.\nThe Swarm ingress feature is implemented using an overlay network, but can be disabled by publishing ports in `host` mode instead of `ingress` mode (allowing the use of an external load balancer), and removing the `ingress` network.\n* If encrypted overlay networks are in exclusive use, block UDP port 4789 from traffic that has not been validated by IPSec. For example, `iptables -A INPUT -m udp —-dport 4789 -m policy --dir in --pol none -j DROP`.\n\n## Background\n* This issue was discovered while characterizing and mitigating [CVE-2023-28840](https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp) and [CVE-2023-28841](https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237).\n\n## Related\n* [CVE-2023-28841: Encrypted overlay network traffic may be unencrypted](https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237)\n* [CVE-2023-28840: Encrypted overlay network may be unauthenticated](https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp)\n* [GHSA-vwm3-crmr-xfxw: The Swarm VXLAN port may be exposed to attack due to ambiguous documentation](https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw)\n* [GHSA-gvm4-2qqg-m333: Security issues in encrypted overlay networks](https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333) (libnetwork)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28842.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28842.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28842", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.006", "scoring_system": "epss", "scoring_elements": "0.69414", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.006", "scoring_system": "epss", "scoring_elements": "0.69398", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.705", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70458", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70472", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70487", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70488", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70508", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70463", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70447", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70402", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00863", "scoring_system": "epss", "scoring_elements": "0.75148", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28842" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28842", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28842" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:48Z/" } ], "url": "https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333" }, { "reference_url": "https://github.com/moby/moby", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby" }, { "reference_url": "https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:48Z/" } ], "url": "https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp" }, { "reference_url": "https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:48Z/" } ], "url": "https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237" }, { "reference_url": "https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:48Z/" } ], "url": "https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p" }, { "reference_url": "https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:48Z/" } ], "url": "https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28842", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28842" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184688", "reference_id": "2184688", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184688" }, { "reference_url": "https://security.gentoo.org/glsa/202409-29", "reference_id": "GLSA-202409-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-29" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/", "reference_id": "LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:48Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/" }, { "reference_url": "https://usn.ubuntu.com/7474-1/", "reference_id": "USN-7474-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7474-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/", "reference_id": "XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:48Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/", "reference_id": "ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:48Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/921997?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-28842", "GHSA-6wrf-mxfj-pf5p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e82r-vc77-f7bz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14446?format=api", "vulnerability_id": "VCID-e9ng-x516-53cf", "summary": "Moby (Docker Engine) Insufficiently restricted permissions on data directory\n## Impact\n\nA bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files.\n\n## Patches\n\nThis bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed.\n\n## Workarounds\n\nLimit access to the host to trusted users. Limit access to host volumes to trusted containers.\n\n## Credits\n\nThe Moby project would like to thank Joan Bruguera for responsibly disclosing this issue in accordance with the [Moby security policy](https://github.com/moby/moby/blob/master/SECURITY.md).\n\n## For more information\n\nIf you have any questions or comments about this advisory:\n\n* [Open an issue](https://github.com/moby/moby/issues/new)\n* Email us at security@docker.com if you think you’ve found a security bug", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41091.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41091.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41091", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04746", "scoring_system": "epss", "scoring_elements": "0.89454", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.04746", "scoring_system": "epss", "scoring_elements": "0.89438", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.04746", "scoring_system": "epss", "scoring_elements": "0.89441", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.04746", "scoring_system": "epss", "scoring_elements": "0.8944", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.04746", "scoring_system": "epss", "scoring_elements": "0.89424", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04746", "scoring_system": "epss", "scoring_elements": "0.89429", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04746", "scoring_system": "epss", "scoring_elements": "0.8943", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0558", "scoring_system": "epss", "scoring_elements": "0.90256", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0558", "scoring_system": "epss", "scoring_elements": "0.90259", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0558", "scoring_system": "epss", "scoring_elements": "0.90272", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0558", "scoring_system": "epss", "scoring_elements": "0.90276", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0558", "scoring_system": "epss", "scoring_elements": "0.90291", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0558", "scoring_system": "epss", "scoring_elements": "0.90298", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41091" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41091", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41091" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/moby/moby", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby" }, { "reference_url": "https://github.com/moby/moby/commit/f0ab919f518c47240ea0e72d0999576bb8008e64", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/commit/f0ab919f518c47240ea0e72d0999576bb8008e64" }, { "reference_url": "https://github.com/moby/moby/security/advisories/GHSA-3fwx-pjgw-3558", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/security/advisories/GHSA-3fwx-pjgw-3558" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41091", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41091" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023448", "reference_id": "2023448", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023448" }, { "reference_url": "https://security.archlinux.org/AVG-2440", "reference_id": "AVG-2440", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2440" }, { "reference_url": "https://security.gentoo.org/glsa/202409-29", "reference_id": "GLSA-202409-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-29" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583680?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583681?format=api", "purl": "pkg:deb/debian/docker.io@20.10.10%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.10%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-41091", "GHSA-3fwx-pjgw-3558" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e9ng-x516-53cf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55500?format=api", "vulnerability_id": "VCID-eb24-pguf-ryg1", "summary": "tar-split memory exhaustion\nLack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14992.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14992.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14992", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56077", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56162", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56151", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56182", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.5601", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.5618", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.5612", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.5614", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56119", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.5617", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56175", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56186", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56146", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14992" }, { "reference_url": "https://blog.cloudpassage.com/2017/10/13/discovering-docker-cve-2017-14992/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blog.cloudpassage.com/2017/10/13/discovering-docker-cve-2017-14992/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14992", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14992" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:N/I:N/A:C" }, { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/moby/moby/issues/35075", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/issues/35075" }, { "reference_url": "https://github.com/vbatts/tar-split", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vbatts/tar-split" }, { "reference_url": "https://github.com/vbatts/tar-split/pull/42", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vbatts/tar-split/pull/42" }, { "reference_url": "https://github.com/vbatts/tar-split/releases/tag/v0.10.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vbatts/tar-split/releases/tag/v0.10.2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14992", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14992" }, { "reference_url": "https://web.archive.org/web/20171119174639/https://blog.cloudpassage.com/2017/10/13/discovering-docker-cve-2017-14992", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20171119174639/https://blog.cloudpassage.com/2017/10/13/discovering-docker-cve-2017-14992" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1510348", "reference_id": "1510348", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1510348" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908055", "reference_id": "908055", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908055" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908056", "reference_id": "908056", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908056" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:1.12.6-0:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:docker:docker:1.12.6-0:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:1.12.6-0:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.03.0:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:docker:docker:17.03.0:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.03.0:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.03.1:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:docker:docker:17.03.1:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.03.1:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.03.2:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:docker:docker:17.03.2:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.03.2:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.06.0:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:docker:docker:17.06.0:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.06.0:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.06.1:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:docker:docker:17.06.1:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.06.1:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.06.2:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:docker:docker:17.06.2:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.06.2:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.09.0:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:docker:docker:17.09.0:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.09.0:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:docker:docker:*:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:community:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586173?format=api", "purl": "pkg:deb/debian/docker.io@18.03.1%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.03.1%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-14992", "GHSA-hqwh-8xv9-42hw" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eb24-pguf-ryg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17474?format=api", "vulnerability_id": "VCID-evqv-4z17-kkcz", "summary": "NULL Pointer Dereference on moby image history\nmoby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36620.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36620.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36620", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.1913", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.19078", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28422", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28445", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28429", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28478", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28518", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28246", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28371", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28477", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.2841", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28521", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36620" }, { "reference_url": "https://gist.github.com/1047524396/f08816669701ab478a265a811d2c89b2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T17:14:00Z/" } ], "url": "https://gist.github.com/1047524396/f08816669701ab478a265a811d2c89b2" }, { "reference_url": "https://github.com/moby/moby", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby" }, { "reference_url": "https://github.com/moby/moby/blob/v26.0.2/daemon/images/image_history.go#L48", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T17:14:00Z/" } ], "url": "https://github.com/moby/moby/blob/v26.0.2/daemon/images/image_history.go#L48" }, { "reference_url": "https://github.com/moby/moby/commit/ab570ab3d62038b3d26f96a9bb585d0b6095b9b4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T17:14:00Z/" } ], "url": "https://github.com/moby/moby/commit/ab570ab3d62038b3d26f96a9bb585d0b6095b9b4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36620", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36620" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2024-3311", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pkg.go.dev/vuln/GO-2024-3311" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2329534", "reference_id": "2329534", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2329534" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1703", "reference_id": "RHSA-2025:1703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1703" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582262?format=api", "purl": "pkg:deb/debian/docker.io@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-36620", "GHSA-q59j-vv4j-v33c" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-evqv-4z17-kkcz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53007?format=api", "vulnerability_id": "VCID-f31s-pxtj-6uej", "summary": "Access Restriction Bypass in Docker\nDocker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145154.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145154.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00009.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00009.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6408.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6408.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-6408", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0163", "scoring_system": "epss", "scoring_elements": "0.81941", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0163", "scoring_system": "epss", "scoring_elements": "0.81825", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0163", "scoring_system": "epss", "scoring_elements": "0.81848", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0163", "scoring_system": "epss", "scoring_elements": "0.81845", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0163", "scoring_system": "epss", "scoring_elements": "0.81871", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0163", "scoring_system": "epss", "scoring_elements": "0.81878", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0163", "scoring_system": "epss", "scoring_elements": "0.81897", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0163", "scoring_system": "epss", "scoring_elements": "0.81886", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0163", "scoring_system": "epss", "scoring_elements": "0.81881", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0163", "scoring_system": "epss", "scoring_elements": "0.81917", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0163", "scoring_system": "epss", "scoring_elements": "0.81919", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0163", "scoring_system": "epss", "scoring_elements": "0.81815", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-6408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6408" }, { "reference_url": "https://docs.docker.com/v1.3/release-notes", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.docker.com/v1.3/release-notes" }, { "reference_url": "https://docs.docker.com/v1.3/release-notes/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.docker.com/v1.3/release-notes/" }, { "reference_url": "http://secunia.com/advisories/60171", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/60171" }, { "reference_url": "http://secunia.com/advisories/60241", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/60241" }, { "reference_url": "https://github.com/docker/docker/commit/c9379eb3fbbc484c056f5a5e49d8d0b755a29c45", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/docker/docker/commit/c9379eb3fbbc484c056f5a5e49d8d0b755a29c45" }, { "reference_url": "https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145154.html" }, { "reference_url": "https://lists.opensuse.org/opensuse-security-announce/2014-12/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.opensuse.org/opensuse-security-announce/2014-12/msg00009.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6408", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6408" }, { "reference_url": "https://secunia.com/advisories/60171", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://secunia.com/advisories/60171" }, { "reference_url": "https://secunia.com/advisories/60241", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://secunia.com/advisories/60241" }, { "reference_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6408", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6408" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2014/11/24/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2014/11/24/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/11/24/5", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2014/11/24/5" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1167506", "reference_id": "1167506", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1167506" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:1.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:docker:docker:1.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:1.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:1.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:docker:docker:1.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:1.3.1:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583196?format=api", "purl": "pkg:deb/debian/docker.io@1.3.2~dfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@1.3.2~dfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-6408", "GHSA-44gg-pmqr-4669" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f31s-pxtj-6uej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83099?format=api", "vulnerability_id": "VCID-f6d3-yyvz-xqgs", "summary": "docker: Memory exhaustion via large integer used with --cpuset-mems or --cpuset-cpus", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20699.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20699.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20699", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22812", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22673", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22882", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22876", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22837", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22981", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.23025", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22816", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.2289", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22942", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22961", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22924", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22867", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20699" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/docker/engine/pull/70", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/docker/engine/pull/70" }, { "reference_url": "https://github.com/moby/moby/pull/37967", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moby/moby/pull/37967" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666565", "reference_id": "1666565", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666565" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:engine:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:docker:engine:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:engine:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20699", "reference_id": "CVE-2018-20699", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:N/A:P" }, { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0487", "reference_id": "RHSA-2019:0487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0487" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584620?format=api", "purl": "pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-20699" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f6d3-yyvz-xqgs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53011?format=api", "vulnerability_id": "VCID-gbw6-3a59-mbhu", "summary": "containerd v1.2.x can be coerced into leaking credentials during image pull\n## Impact\n\nIf a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a “foreign layer”), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers.\n\nIf an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user's username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account.\n\nThe default containerd resolver is used by the cri-containerd plugin (which can be used by Kubernetes), the ctr development tool, and other client programs that have explicitly linked against it.\n\nThis vulnerability has been rated by the containerd maintainers as medium, with a CVSS score of 6.1 and a vector string of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N.\n\n## Patches\n\nThis vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and later are not affected.\n\n## Workarounds\n\nIf you are using containerd 1.3 or later, you are not affected. If you are using cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources. Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected.\n\n## Credits\n\nThe containerd maintainers would like to thank Brad Geesaman, Josh Larsen, Ian Coldwater, Duffie Cooley, and Rory McCune for responsibly disclosing this issue in accordance with the [containerd security policy](https://github.com/containerd/project/blob/master/SECURITY.md).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15157.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15157.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15157", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00777", "scoring_system": "epss", "scoring_elements": "0.73678", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00777", "scoring_system": "epss", "scoring_elements": "0.73575", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00777", "scoring_system": "epss", "scoring_elements": "0.73584", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00777", "scoring_system": "epss", "scoring_elements": "0.73608", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00777", "scoring_system": "epss", "scoring_elements": "0.7358", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00777", "scoring_system": "epss", "scoring_elements": "0.73617", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00777", "scoring_system": "epss", "scoring_elements": "0.73629", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00777", "scoring_system": "epss", "scoring_elements": "0.73652", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00777", "scoring_system": "epss", "scoring_elements": "0.73634", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00777", "scoring_system": "epss", "scoring_elements": "0.73625", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00777", "scoring_system": "epss", "scoring_elements": "0.73669", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00846", "scoring_system": "epss", "scoring_elements": "0.74887", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00846", "scoring_system": "epss", "scoring_elements": "0.74851", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285" }, { "reference_url": "https://darkbit.io/blog/cve-2020-15157-containerdrip", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://darkbit.io/blog/cve-2020-15157-containerdrip" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/containerd/containerd", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/containerd/containerd" }, { "reference_url": "https://github.com/containerd/containerd/commit/1ead8d9deb3b175bf40413b8c47b3d19c2262726", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/containerd/containerd/commit/1ead8d9deb3b175bf40413b8c47b3d19c2262726" }, { "reference_url": "https://github.com/containerd/containerd/releases/tag/v1.2.14", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/containerd/containerd/releases/tag/v1.2.14" }, { "reference_url": "https://github.com/containerd/containerd/security/advisories/GHSA-742w-89gc-8m9c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/containerd/containerd/security/advisories/GHSA-742w-89gc-8m9c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15157", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15157" }, { "reference_url": "https://usn.ubuntu.com/4589-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4589-1" }, { "reference_url": "https://usn.ubuntu.com/4589-2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4589-2" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4865", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4865" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1888248", "reference_id": "1888248", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1888248" }, { "reference_url": "https://usn.ubuntu.com/4589-1/", "reference_id": "USN-4589-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4589-1/" }, { "reference_url": "https://usn.ubuntu.com/4589-2/", "reference_id": "USN-4589-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4589-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586403?format=api", "purl": "pkg:deb/debian/docker.io@19.03.13%2Bdfsg2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@19.03.13%252Bdfsg2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-15157", "GHSA-742w-89gc-8m9c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gbw6-3a59-mbhu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52923?format=api", "vulnerability_id": "VCID-gsez-t7u3-dubr", "summary": "Directory Traversal in Docker\nDocker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) \"docker load\" operation or (2) \"registry communications.\"", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9358.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9358.json" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2014-9358", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/cve-2014-9358" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9358", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57606", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57627", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57631", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57595", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57564", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.5757", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57602", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57623", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57643", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57628", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.5749", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57624", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57574", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9358" }, { "reference_url": "https://groups.google.com/forum/#%21msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#%21msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ" }, { "reference_url": "https://groups.google.com/forum/#!msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9358", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9358" }, { "reference_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9358", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9358" }, { "reference_url": "http://www.securityfocus.com/archive/1/534215/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/archive/1/534215/100/0/threaded" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1172787", "reference_id": "1172787", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1172787" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772909", "reference_id": "772909", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772909" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583203?format=api", "purl": "pkg:deb/debian/docker.io@1.3.3~dfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@1.3.3~dfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-9358", "GHSA-qmmc-jppf-32wv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gsez-t7u3-dubr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14284?format=api", "vulnerability_id": "VCID-gund-83cy-9fap", "summary": "moby Access to remapped root allows privilege escalation to real root\n### Impact\n\nWhen using `--userns-remap`, if the root user in the remapped namespace has access to the host filesystem they can modify files under `/var/lib/docker/<remapping>` that cause writing files with extended privileges.\n\n### Patches\n\nVersions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.\n\n### Credits\n\nMaintainers would like to thank Alex Chapman for discovering the vulnerability; @awprice, @nathanburrell, @raulgomis, @chris-walz, @erin-jensby, @bassmatt, @mark-adams, @dbaxa for working on it and Zac Ellis for responsibly disclosing it to security@docker.com", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21284.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21284.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21284", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05555", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05518", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05357", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05401", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05409", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05422", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05448", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05426", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05392", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05384", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05354", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05312", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21284" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285" }, { "reference_url": "https://docs.docker.com/engine/release-notes/#20103", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.docker.com/engine/release-notes/#20103" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/moby/moby/commit/64bd4485b3a66a597c02c95f5776395e540b2c7c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/commit/64bd4485b3a66a597c02c95f5776395e540b2c7c" }, { "reference_url": "https://github.com/moby/moby/releases/tag/v19.03.15", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/releases/tag/v19.03.15" }, { "reference_url": "https://github.com/moby/moby/releases/tag/v20.10.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/releases/tag/v20.10.3" }, { "reference_url": "https://github.com/moby/moby/security/advisories/GHSA-7452-xqpj-6rpc", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/security/advisories/GHSA-7452-xqpj-6rpc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21284", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21284" }, { "reference_url": "https://security.gentoo.org/glsa/202107-23", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202107-23" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210226-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210226-0005" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4865", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4865" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924740", "reference_id": "1924740", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924740" }, { "reference_url": "https://security.archlinux.org/ASA-202102-12", "reference_id": "ASA-202102-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202102-12" }, { "reference_url": "https://security.archlinux.org/AVG-1528", "reference_id": "AVG-1528", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1528" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582752?format=api", "purl": "pkg:deb/debian/docker.io@20.10.3%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.3%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-21284", "GHSA-7452-xqpj-6rpc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gund-83cy-9fap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49948?format=api", "vulnerability_id": "VCID-h83p-v26k-s7fa", "summary": "A flaw in Docker allowed possible information leakage.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00040.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00040.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13401.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13401.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13401", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.1287", "scoring_system": "epss", "scoring_elements": "0.94069", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.1287", "scoring_system": "epss", "scoring_elements": "0.94007", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.1287", "scoring_system": "epss", "scoring_elements": "0.94017", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.1287", "scoring_system": "epss", "scoring_elements": "0.94027", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.1287", "scoring_system": "epss", "scoring_elements": "0.9403", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.1287", "scoring_system": "epss", "scoring_elements": "0.94039", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.1287", "scoring_system": "epss", "scoring_elements": "0.94043", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.1287", "scoring_system": "epss", "scoring_elements": "0.94047", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.1287", "scoring_system": "epss", "scoring_elements": "0.94063", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.1287", "scoring_system": "epss", "scoring_elements": "0.94068", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.1287", "scoring_system": "epss", "scoring_elements": "0.94067", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13401" }, { "reference_url": "https://docs.docker.com/engine/release-notes", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.docker.com/engine/release-notes" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/docker/docker-ce/releases/tag/v19.03.11", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/docker/docker-ce/releases/tag/v19.03.11" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DN4JQAOXBE3XUNK3FD423LHE3K74EMJT", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DN4JQAOXBE3XUNK3FD423LHE3K74EMJT" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJZLKRCOJMOGUIJI2AS27BOZS3RBEF3K", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJZLKRCOJMOGUIJI2AS27BOZS3RBEF3K" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13401", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13401" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200717-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200717-0002" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4716", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2020/dsa-4716" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/06/01/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2020/06/01/5" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1833233", "reference_id": "1833233", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1833233" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962141", "reference_id": "962141", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962141" }, { "reference_url": "https://security.gentoo.org/glsa/202008-15", "reference_id": "GLSA-202008-15", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202008-15" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585627?format=api", "purl": "pkg:deb/debian/docker.io@19.03.11%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@19.03.11%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-13401", "GHSA-qrrc-ww9x-r43g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h83p-v26k-s7fa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/29859?format=api", "vulnerability_id": "VCID-jgyp-7k51-1uda", "summary": "Moby firewalld reload makes published container ports accessible from remote hosts\nMoby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (dockerd), which is developed as [moby/moby](https://github.com/moby/moby) is commonly referred to as Docker, or Docker Engine.\n\nFirewalld is a daemon used by some Linux distributions to provide a dynamically managed firewall. When Firewalld is running, Docker uses its iptables backend to create rules, including rules to isolate containers in one bridge network from containers in other bridge networks.\n\n### Impact\n\nThe iptables rules created by Docker are removed when firewalld is reloaded using, for example \"firewall-cmd --reload\", \"killall -HUP firewalld\", or \"systemctl reload firewalld\".\n\nWhen that happens, Docker must re-create the rules. However, in affected versions of Docker, the iptables rules that prevent packets arriving on a host interface from reaching container addresses are not re-created.\n\nOnce these rules have been removed, a remote host configured with a route to a Docker bridge network can access published ports, even when those ports were only published to a loopback address. Unpublished ports remain inaccessible.\n\nFor example, following a firewalld reload on a Docker host with address `192.168.0.10` and a bridge network with subnet `172.17.0.0/16`, running the following command on another host in the local network will give it access to published ports on container addresses in that network: `ip route add 172.17.0.0/16 via 192.168.0.10`.\n\nContainers running in networks created with `--internal` or equivalent have no access to other networks. Containers that are only connected to these networks remain isolated after a firewalld reload.\n\nWhere Docker Engine is not running in the host's network namespace, it is unaffected. Including, for example, Rootless Mode, and Docker Desktop.\n\n### Patches\n\nMoby releases older than 28.2.0 are not affected. A fix is available in moby release 28.3.3.\n\n### Workarounds\nAfter reloading firewalld, either:\n- Restart the docker daemon,\n- Re-create bridge networks, or\n- Use rootless mode.\n\n### References\nhttps://firewalld.org/\nhttps://firewalld.org/documentation/howto/reload-firewalld.html", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54388.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54388.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54388", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01069", "published_at": "2026-04-21T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00402", "published_at": "2026-04-02T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00476", "published_at": "2026-04-12T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00479", "published_at": "2026-04-11T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00481", "published_at": "2026-04-08T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00484", "published_at": "2026-04-07T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00486", "published_at": "2026-04-04T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00478", "published_at": "2026-04-13T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00915", "published_at": "2026-04-24T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00857", "published_at": "2026-04-16T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00863", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54388" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/moby/moby", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby" }, { "reference_url": "https://github.com/moby/moby/commit/bea959c7b793b32a893820b97c4eadc7c87fabb0", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-30T13:36:54Z/" } ], "url": "https://github.com/moby/moby/commit/bea959c7b793b32a893820b97c4eadc7c87fabb0" }, { "reference_url": "https://github.com/moby/moby/pull/50506", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-30T13:36:54Z/" } ], "url": "https://github.com/moby/moby/pull/50506" }, { "reference_url": "https://github.com/moby/moby/security/advisories/GHSA-x4rx-4gw3-53p4", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-30T13:36:54Z/" } ], "url": "https://github.com/moby/moby/security/advisories/GHSA-x4rx-4gw3-53p4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54388", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54388" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2384954", "reference_id": "2384954", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2384954" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582262?format=api", "purl": "pkg:deb/debian/docker.io@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-54388", "GHSA-x4rx-4gw3-53p4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jgyp-7k51-1uda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92626?format=api", "vulnerability_id": "VCID-k8uy-g29x-hkht", "summary": "A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5278", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53276", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.62936", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.62965", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.62929", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.6298", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.62996", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.62877", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.62977", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63016", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63023", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63002", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63014", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5278" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5278", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5278" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584396?format=api", "purl": "pkg:deb/debian/docker.io@1.2.0~dfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@1.2.0~dfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-5278" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k8uy-g29x-hkht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53087?format=api", "vulnerability_id": "VCID-ksbt-33eq-93c9", "summary": "Arbitrary File Write in Libcontainer\nLibcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization (\"mount namespace breakout\") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html" }, { "reference_url": "http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3629.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3629.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3629", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39476", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39425", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39442", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.3948", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39469", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39454", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.3946", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.3917", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39362", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39448", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39299", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39398", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39484", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3629" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3629", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3629" }, { "reference_url": "http://seclists.org/fulldisclosure/2015/May/28", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2015/May/28" }, { "reference_url": "https://github.com/docker/docker/commit/d5ebb60bddbabea0439213501f4f6ed494b23cba", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/docker/docker/commit/d5ebb60bddbabea0439213501f4f6ed494b23cba" }, { "reference_url": "https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ" }, { "reference_url": "https://groups.google.com/forum/#!searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3629", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3629" }, { "reference_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3629", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3629" }, { "reference_url": "http://www.securityfocus.com/bid/74558", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/74558" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1219058", "reference_id": "1219058", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1219058" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784726", "reference_id": "784726", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784726" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583905?format=api", "purl": "pkg:deb/debian/docker.io@1.6.1%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@1.6.1%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-3629", "GHSA-g44j-7vp3-68cv" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ksbt-33eq-93c9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85744?format=api", "vulnerability_id": "VCID-m45k-qc4s-dycq", "summary": "Docker: multiple files downloaded over HTTP and executed or used unsafely", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0048.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0048.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0048", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03303", "scoring_system": "epss", "scoring_elements": "0.87265", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.03322", "scoring_system": "epss", "scoring_elements": "0.8723", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03322", "scoring_system": "epss", "scoring_elements": "0.87246", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03322", "scoring_system": "epss", "scoring_elements": "0.87243", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03322", "scoring_system": "epss", "scoring_elements": "0.87262", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03322", "scoring_system": "epss", "scoring_elements": "0.8727", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03322", "scoring_system": "epss", "scoring_elements": "0.8722", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03322", "scoring_system": "epss", "scoring_elements": "0.87277", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03322", "scoring_system": "epss", "scoring_elements": "0.87273", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03322", "scoring_system": "epss", "scoring_elements": "0.87287", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03322", "scoring_system": "epss", "scoring_elements": "0.87292", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03322", "scoring_system": "epss", "scoring_elements": "0.87286", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.03322", "scoring_system": "epss", "scoring_elements": "0.87283", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0048" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0048", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0048" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1063550", "reference_id": "1063550", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1063550" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584474?format=api", "purl": "pkg:deb/debian/docker.io@1.6.0%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@1.6.0%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-0048" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m45k-qc4s-dycq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52959?format=api", "vulnerability_id": "VCID-nkhu-t2nh-s7b2", "summary": "Arbitrary File Override in Docker Engine\nDocker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html" }, { "reference_url": "http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3631.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3631.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3631", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34345", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.3447", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34689", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34715", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34584", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34627", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34656", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34659", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.3462", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34596", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34635", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34581", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3631" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3631", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3631" }, { "reference_url": "http://seclists.org/fulldisclosure/2015/May/28", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2015/May/28" }, { "reference_url": "https://github.com/moby/moby", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby" }, { "reference_url": "https://github.com/moby/moby/compare/769acfec2928c47a35da5357d854145b1036448d...b6a9dc399be31c531e3753104e10d74760ed75a2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/compare/769acfec2928c47a35da5357d854145b1036448d...b6a9dc399be31c531e3753104e10d74760ed75a2" }, { "reference_url": "https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ" }, { "reference_url": "https://groups.google.com/forum/#!searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3631", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3631" }, { "reference_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3631", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3631" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1219065", "reference_id": "1219065", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1219065" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784726", "reference_id": "784726", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784726" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583905?format=api", "purl": "pkg:deb/debian/docker.io@1.6.1%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@1.6.1%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-3631", "GHSA-v4h8-794j-g8mm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nkhu-t2nh-s7b2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54421?format=api", "vulnerability_id": "VCID-pevy-d197-zydv", "summary": "Moby Docker cp broken with debian containers\nIn Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14271.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14271.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14271", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.72198", "scoring_system": "epss", "scoring_elements": "0.98749", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.72198", "scoring_system": "epss", "scoring_elements": "0.98748", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.72198", "scoring_system": "epss", "scoring_elements": "0.98742", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.72198", "scoring_system": "epss", "scoring_elements": "0.98745", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.72198", "scoring_system": "epss", "scoring_elements": "0.98756", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.72198", "scoring_system": "epss", "scoring_elements": "0.98754", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.72198", "scoring_system": "epss", "scoring_elements": "0.98752", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.72198", "scoring_system": "epss", "scoring_elements": "0.98741", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.72589", "scoring_system": "epss", "scoring_elements": "0.98777", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.72589", "scoring_system": "epss", "scoring_elements": "0.98774", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14271" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13139", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13139" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271" }, { "reference_url": "https://docs.docker.com/engine/release-notes", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.docker.com/engine/release-notes" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/moby/moby", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby" }, { "reference_url": "https://github.com/moby/moby/commit/11e48badcb67554b3d795241855028f28d244545", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/commit/11e48badcb67554b3d795241855028f28d244545" }, { "reference_url": "https://github.com/moby/moby/commit/fa8dd90ceb7bcb9d554d27e0b9087ab83e54bd2b", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/commit/fa8dd90ceb7bcb9d554d27e0b9087ab83e54bd2b" }, { "reference_url": "https://github.com/moby/moby/issues/39449", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/issues/39449" }, { "reference_url": "https://github.com/moby/moby/pull/39612", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/pull/39612" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14271", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14271" }, { "reference_url": "https://seclists.org/bugtraq/2019/Sep/21", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Sep/21" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190828-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190828-0003" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4521", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4521" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1747222", "reference_id": "1747222", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1747222" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585461?format=api", "purl": "pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-14271", "GHSA-v2cv-wwxq-qq97" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pevy-d197-zydv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5451?format=api", "vulnerability_id": "VCID-pnva-j5xs-7udv", "summary": "Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00048.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00048.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5277.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5277.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00675", "scoring_system": "epss", "scoring_elements": "0.71467", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00675", "scoring_system": "epss", "scoring_elements": "0.7153", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00675", "scoring_system": "epss", "scoring_elements": "0.7148", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00675", "scoring_system": "epss", "scoring_elements": "0.715", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00675", "scoring_system": "epss", "scoring_elements": "0.71495", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00675", "scoring_system": "epss", "scoring_elements": "0.71449", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00675", "scoring_system": "epss", "scoring_elements": "0.71406", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00675", "scoring_system": "epss", "scoring_elements": "0.71414", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00675", "scoring_system": "epss", "scoring_elements": "0.71431", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00675", "scoring_system": "epss", "scoring_elements": "0.71407", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00675", "scoring_system": "epss", "scoring_elements": "0.71448", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00675", "scoring_system": "epss", "scoring_elements": "0.7146", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00675", "scoring_system": "epss", "scoring_elements": "0.71483", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5277" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5277" }, { "reference_url": "https://github.com/docker/docker", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/docker/docker" }, { "reference_url": "https://github.com/docker/docker/commit/8caacb18f8019dfda30d79c327397e5f5783c068", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/docker/docker/commit/8caacb18f8019dfda30d79c327397e5f5783c068" }, { "reference_url": "https://groups.google.com/forum/#%21topic/docker-user/oYm0i3xShJU", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#%21topic/docker-user/oYm0i3xShJU" }, { "reference_url": "https://groups.google.com/forum/#!topic/docker-user/oYm0i3xShJU", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/docker-user/oYm0i3xShJU" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-5277", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-5277" }, { "reference_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5277", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5277" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1164849", "reference_id": "1164849", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1164849" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker-py:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:docker:docker-py:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker-py:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582859?format=api", "purl": "pkg:deb/debian/docker.io@1.3.1~dfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@1.3.1~dfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-5277", "GHSA-8w94-cf6g-c8mg", "GO-2022-0636", "PYSEC-2014-80" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pnva-j5xs-7udv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/30534?format=api", "vulnerability_id": "VCID-quyf-eq2s-dbda", "summary": "Docker Swarm encrypted overlay network traffic may be unencrypted\n[Moby](https://mobyproject.org/) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as [moby/moby](https://github.com/moby/moby) is commonly referred to as *Docker*.\n\nSwarm Mode, which is compiled in and delivered by default in `dockerd` and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of [SwarmKit](https://github.com/moby/swarmkit) and supporting network code.\n\nThe `overlay` network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of [VXLAN](https://en.wikipedia.org/wiki/Virtual_Extensible_LAN), which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes.\n\nEncrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the [IPsec Encapsulating Security Payload](https://en.wikipedia.org/wiki/IPsec#Encapsulating_Security_Payload) protocol in [Transport mode](https://en.wikipedia.org/wiki/IPsec#Transport_mode). By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption.\n\nWhen setting an endpoint up on an encrypted overlay network, Moby installs three [iptables](https://www.netfilter.org/projects/iptables/index.html) (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the `u32` iptables extension provided by the `xt_u32` kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN.\n\nAn [iptables rule](https://github.com/moby/libnetwork/blob/d9fae4c73daf76c3b0f77e14b45b8bf612ba764d/drivers/overlay/encryption.go#L205-L207) designates outgoing VXLAN datagrams with a VNI that corresponds to an encrypted overlay network for IPsec encapsulation.\n\nOn Red Hat Enterprise Linux and derivatives such as CentOS and Rocky, the `xt_u32` module has been:\n* [moved to the kernel-modules-extra package and no longer installed by default in RHEL 8.3](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/rhel-8-3-0-release#technology-preview_networking)\n* [officially deprecated in RHEL 8.6](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/deprecated_functionality#deprecated-functionality_networking)\n* [removed completely in RHEL 9](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/considerations_in_adopting_rhel_9/assembly_networking_considerations-in-adopting-rhel-9#ref_firewall-networking_assembly_networking)\n\nThis rule is not created when `xt_u32` is unavailable, even though the container is still attached to the network.\n\n## Impact\nEncrypted overlay networks on affected platforms silently transmit unencrypted data. As a result, `overlay` networks may appear to be functional, passing traffic as expected, but without any of the expected confidentiality or data integrity guarantees.\n\nIt is possible for an attacker sitting in a trusted position on the network to read all of the application traffic that is moving across the overlay network, resulting in unexpected secrets or user data disclosure. Thus, because many database protocols, internal APIs, etc. are not protected by a second layer of encryption, a user may rely on Swarm encrypted overlay networks to provide confidentiality, which due to this vulnerability is no longer guaranteed.\n\n## Patches\nPatches are available in Moby releases 23.0.3, and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16.\n\n## Workarounds\n* Close the VXLAN port (by default, UDP port 4789) to outgoing traffic at the Internet boundary (see [GHSA-vwm3-crmr-xfxw](https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw)) in order to prevent unintentionally leaking unencrypted traffic over the Internet.\n* Ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.\n\n## Background\n* [#43382 ](https://github.com/moby/moby/issues/43382)partially discussed this concern, but did not consider the security implications.\n* Mirantis FIELD-5788 essentially duplicates [#43382](https://github.com/moby/moby/issues/43382), and was created six months earlier; it similarly overlooked the security implications.\n* [#45118](https://github.com/moby/moby/pull/45118) is the ancestor of the final patches, and was where the security implications were discovered.\n\n## Related\n* [CVE-2023-28840: Encrypted overlay network may be unauthenticated](https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp)\n* [CVE-2023-28842: Encrypted overlay network with a single endpoint is unauthenticated](https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p)\n* [GHSA-vwm3-crmr-xfxw: The Swarm VXLAN port may be exposed to attack due to ambiguous documentation](https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw)\n* [GHSA-gvm4-2qqg-m333: Security issues in encrypted overlay networks](https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333) (libnetwork)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28841.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28841.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28841", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02956", "scoring_system": "epss", "scoring_elements": "0.86417", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02956", "scoring_system": "epss", "scoring_elements": "0.86435", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03129", "scoring_system": "epss", "scoring_elements": "0.86871", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03129", "scoring_system": "epss", "scoring_elements": "0.86854", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03129", "scoring_system": "epss", "scoring_elements": "0.86859", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03129", "scoring_system": "epss", "scoring_elements": "0.8685", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03129", "scoring_system": "epss", "scoring_elements": "0.86841", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03129", "scoring_system": "epss", "scoring_elements": "0.86821", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03129", "scoring_system": "epss", "scoring_elements": "0.86863", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03129", "scoring_system": "epss", "scoring_elements": "0.86877", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.03129", "scoring_system": "epss", "scoring_elements": "0.86876", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.04189", "scoring_system": "epss", "scoring_elements": "0.88745", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28841" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28841", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28841" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/moby/libnetwork/blob/d9fae4c73daf76c3b0f77e14b45b8bf612ba764d/drivers/overlay/encryption.go#L205-L207", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:19Z/" } ], "url": "https://github.com/moby/libnetwork/blob/d9fae4c73daf76c3b0f77e14b45b8bf612ba764d/drivers/overlay/encryption.go#L205-L207" }, { "reference_url": "https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:19Z/" } ], "url": "https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333" }, { "reference_url": "https://github.com/moby/moby", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby" }, { "reference_url": "https://github.com/moby/moby/issues/43382", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:19Z/" } ], "url": "https://github.com/moby/moby/issues/43382" }, { "reference_url": "https://github.com/moby/moby/pull/45118", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:19Z/" } ], "url": "https://github.com/moby/moby/pull/45118" }, { "reference_url": "https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:19Z/" } ], "url": "https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp" }, { "reference_url": "https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:19Z/" } ], "url": "https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237" }, { "reference_url": "https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:19Z/" } ], "url": "https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p" }, { "reference_url": "https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:19Z/" } ], "url": "https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28841", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28841" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184685", "reference_id": "2184685", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184685" }, { "reference_url": "https://security.gentoo.org/glsa/202409-29", "reference_id": "GLSA-202409-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-29" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/", "reference_id": "LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:19Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/" }, { "reference_url": "https://usn.ubuntu.com/7474-1/", "reference_id": "USN-7474-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7474-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/", "reference_id": "XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:19Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/", "reference_id": "ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:19Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/921997?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-28841", "GHSA-33pg-m6jh-5237" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-quyf-eq2s-dbda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14199?format=api", "vulnerability_id": "VCID-qwqe-27yu-8kds", "summary": "Docker Authentication Bypass\nAn issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root CA (as opposed to one signed by the configured CA root certificate) to authenticate.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12608.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12608.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12608", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63657", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63547", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63607", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63634", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63593", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63645", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63661", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63676", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63627", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63664", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63673", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12608" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12608", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12608" }, { "reference_url": "https://github.com/moby/moby", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby" }, { "reference_url": "https://github.com/moby/moby/commit/190c6e8cf8b893874a33d83f78307f1bed0bfbcd", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/commit/190c6e8cf8b893874a33d83f78307f1bed0bfbcd" }, { "reference_url": "https://github.com/moby/moby/issues/33173", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/issues/33173" }, { "reference_url": "https://github.com/moby/moby/pull/33182", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/pull/33182" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12608", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12608" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275812", "reference_id": "2275812", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275812" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5094", "reference_id": "RHSA-2024:5094", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5094" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586173?format=api", "purl": "pkg:deb/debian/docker.io@18.03.1%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.03.1%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-12608", "GHSA-qrqr-3x5j-2xw9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qwqe-27yu-8kds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85743?format=api", "vulnerability_id": "VCID-qxhd-hnja-2qad", "summary": "Docker: multiple temporary file creation vulnerabilities", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0047.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0047.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0047", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28469", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28582", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28684", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28766", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28814", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.2862", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28685", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28724", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28729", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28637", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28657", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28632", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0047" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0047", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0047" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/03/24/23", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2015/03/24/23" }, { "reference_url": "http://www.securityfocus.com/bid/73315", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/73315" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1063549", "reference_id": "1063549", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1063549" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0047", "reference_id": "CVE-2014-0047", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0047" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584474?format=api", "purl": "pkg:deb/debian/docker.io@1.6.0%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@1.6.0%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-0047" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qxhd-hnja-2qad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82519?format=api", "vulnerability_id": "VCID-sh5d-p485-6qh4", "summary": "docker: symlink-exchange race attacks in docker cp", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15664.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15664.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-15664", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06205", "scoring_system": "epss", "scoring_elements": "0.90906", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.06925", "scoring_system": "epss", "scoring_elements": "0.91363", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.06925", "scoring_system": "epss", "scoring_elements": "0.91433", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.06925", "scoring_system": "epss", "scoring_elements": "0.91434", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.06925", "scoring_system": "epss", "scoring_elements": "0.91368", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.06925", "scoring_system": "epss", "scoring_elements": "0.91379", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.06925", "scoring_system": "epss", "scoring_elements": "0.91386", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.06925", "scoring_system": "epss", "scoring_elements": "0.91398", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.06925", "scoring_system": "epss", "scoring_elements": "0.91405", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.06925", "scoring_system": "epss", "scoring_elements": "0.91411", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.06925", "scoring_system": "epss", "scoring_elements": "0.91414", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.06925", "scoring_system": "epss", "scoring_elements": "0.91413", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06925", "scoring_system": "epss", "scoring_elements": "0.91437", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-15664" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15664", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15664" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1714722", "reference_id": "1714722", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1714722" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929662", "reference_id": "929662", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929662" }, { "reference_url": "https://security.archlinux.org/AVG-968", "reference_id": "AVG-968", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-968" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1910", "reference_id": "RHSA-2019:1910", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1910" }, { "reference_url": "https://usn.ubuntu.com/4048-1/", "reference_id": "USN-4048-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4048-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585761?format=api", "purl": "pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-15664" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sh5d-p485-6qh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53106?format=api", "vulnerability_id": "VCID-smxj-2zhy-yycc", "summary": "Arbitrary Code Execution in Docker\nDocker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145154.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145154.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00009.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00009.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6407.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6407.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-6407", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05856", "scoring_system": "epss", "scoring_elements": "0.90519", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05856", "scoring_system": "epss", "scoring_elements": "0.90587", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.05856", "scoring_system": "epss", "scoring_elements": "0.90572", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.05856", "scoring_system": "epss", "scoring_elements": "0.90574", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.05856", "scoring_system": "epss", "scoring_elements": "0.90556", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05856", "scoring_system": "epss", "scoring_elements": "0.90563", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05856", "scoring_system": "epss", "scoring_elements": "0.90555", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05856", "scoring_system": "epss", "scoring_elements": "0.90548", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05856", "scoring_system": "epss", "scoring_elements": "0.90536", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05856", "scoring_system": "epss", "scoring_elements": "0.9053", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05856", "scoring_system": "epss", "scoring_elements": "0.90515", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-6407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6407" }, { "reference_url": "https://docs.docker.com/v1.3/release-notes", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.docker.com/v1.3/release-notes" }, { "reference_url": "https://docs.docker.com/v1.3/release-notes/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.docker.com/v1.3/release-notes/" }, { "reference_url": "http://secunia.com/advisories/60171", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/60171" }, { "reference_url": "http://secunia.com/advisories/60241", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/60241" }, { "reference_url": "https://github.com/docker/docker/commit/3ac6394b8082d4700483d52fbfe54914be537d9e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/docker/docker/commit/3ac6394b8082d4700483d52fbfe54914be537d9e" }, { "reference_url": "https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145154.html" }, { "reference_url": "https://lists.opensuse.org/opensuse-security-announce/2014-12/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.opensuse.org/opensuse-security-announce/2014-12/msg00009.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6407", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6407" }, { "reference_url": "https://secunia.com/advisories/60171", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://secunia.com/advisories/60171" }, { "reference_url": "https://secunia.com/advisories/60241", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://secunia.com/advisories/60241" }, { "reference_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6407", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6407" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2014/11/24/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2014/11/24/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/11/24/5", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2014/11/24/5" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1167505", "reference_id": "1167505", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1167505" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:1.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:docker:docker:1.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:1.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:1.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:docker:docker:1.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:1.3.0:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583196?format=api", "purl": "pkg:deb/debian/docker.io@1.3.2~dfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@1.3.2~dfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-6407", "GHSA-5qgp-p5jc-w2rm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-smxj-2zhy-yycc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85494?format=api", "vulnerability_id": "VCID-su25-rgw1-xkg6", "summary": "docker: Attacker controlled layer IDs lead to local graph content poisoning", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8178.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8178.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8178", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50045", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50079", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50107", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50057", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50111", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50105", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50122", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50096", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50093", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50137", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50138", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.5011", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8178" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8178", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8178" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271253", "reference_id": "1271253", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271253" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583969?format=api", "purl": "pkg:deb/debian/docker.io@1.8.3~ds1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@1.8.3~ds1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-8178" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-su25-rgw1-xkg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56740?format=api", "vulnerability_id": "VCID-u44m-mgza-nfcx", "summary": "Secret insertion into debug log in Docker\nIn Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13509.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13509.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13509", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0155", "scoring_system": "epss", "scoring_elements": "0.81473", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0155", "scoring_system": "epss", "scoring_elements": "0.81419", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0155", "scoring_system": "epss", "scoring_elements": "0.81412", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0155", "scoring_system": "epss", "scoring_elements": "0.81449", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0155", "scoring_system": "epss", "scoring_elements": "0.8145", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0155", "scoring_system": "epss", "scoring_elements": "0.81451", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0155", "scoring_system": "epss", "scoring_elements": "0.81348", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0155", "scoring_system": "epss", "scoring_elements": "0.81357", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0155", "scoring_system": "epss", "scoring_elements": "0.81379", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0155", "scoring_system": "epss", "scoring_elements": "0.81377", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0155", "scoring_system": "epss", "scoring_elements": "0.81405", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0155", "scoring_system": "epss", "scoring_elements": "0.8141", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0155", "scoring_system": "epss", "scoring_elements": "0.81432", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13509" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13139", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13139" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271" }, { "reference_url": "https://docs.docker.com/engine/release-notes/18.09", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.docker.com/engine/release-notes/18.09" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13509", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13509" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1732418", "reference_id": "1732418", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1732418" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932673", "reference_id": "932673", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932673" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584397?format=api", "purl": "pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-8%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-13509", "GHSA-j249-ghv5-7mxv" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u44m-mgza-nfcx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14025?format=api", "vulnerability_id": "VCID-uckr-kzdf-7ydj", "summary": "moby docker daemon crash during image pull of malicious image\n### Impact\n\nPulling an intentionally malformed Docker image manifest crashes the `dockerd` daemon.\n\n### Patches\n\nVersions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.\n\n### Credits\n\nMaintainers would like to thank Josh Larsen, Ian Coldwater, Duffie Cooley, Rory McCune for working on the vulnerability and Brad Geesaman for responsibly disclosing it to security@docker.com.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21285.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21285.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21285", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57504", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57546", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57569", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57515", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57536", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57568", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57563", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57583", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57431", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57512", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57565", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57541", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21285" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285" }, { "reference_url": "https://docs.docker.com/engine/release-notes/#20103", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.docker.com/engine/release-notes/#20103" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/moby/moby/commit/8d3179546e79065adefa67cc697c09d0ab137d30", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/commit/8d3179546e79065adefa67cc697c09d0ab137d30" }, { "reference_url": "https://github.com/moby/moby/releases/tag/v19.03.15", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/releases/tag/v19.03.15" }, { "reference_url": "https://github.com/moby/moby/releases/tag/v20.10.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/releases/tag/v20.10.3" }, { "reference_url": "https://github.com/moby/moby/security/advisories/GHSA-6fj5-m822-rqx8", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/security/advisories/GHSA-6fj5-m822-rqx8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21285", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21285" }, { "reference_url": "https://security.gentoo.org/glsa/202107-23", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202107-23" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210226-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210226-0005" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4865", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4865" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924742", "reference_id": "1924742", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924742" }, { "reference_url": "https://security.archlinux.org/ASA-202102-12", "reference_id": "ASA-202102-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202102-12" }, { "reference_url": "https://security.archlinux.org/AVG-1528", "reference_id": "AVG-1528", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1528" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582752?format=api", "purl": "pkg:deb/debian/docker.io@20.10.3%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.3%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-21285", "GHSA-6fj5-m822-rqx8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uckr-kzdf-7ydj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36786?format=api", "vulnerability_id": "VCID-vkba-amt4-m7e6", "summary": "Privilege Elevation in runc\nlibcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00111.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00111.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1034.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-1034.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-2634.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2634.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3697.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3697.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3697", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17796", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17976", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17916", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17828", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18127", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18073", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17912", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17888", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17852", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17842", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.179", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17949", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17993", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3697" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3697", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3697" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/docker/docker/issues/21436", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/docker/docker/issues/21436" }, { "reference_url": "https://github.com/opencontainers/runc", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/opencontainers/runc" }, { "reference_url": "https://github.com/opencontainers/runc/commit/69af385de62ea68e2e608335cffbb0f4aa3db091", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/opencontainers/runc/commit/69af385de62ea68e2e608335cffbb0f4aa3db091" }, { "reference_url": "https://github.com/opencontainers/runc/pull/708", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/opencontainers/runc/pull/708" }, { "reference_url": "https://github.com/opencontainers/runc/releases/tag/v0.1.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/opencontainers/runc/releases/tag/v0.1.0" }, { "reference_url": "https://lists.opensuse.org/opensuse-updates/2016-05/msg00111.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.opensuse.org/opensuse-updates/2016-05/msg00111.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3697", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3697" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2021-0070", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pkg.go.dev/vuln/GO-2021-0070" }, { "reference_url": "https://rhn.redhat.com/errata/RHSA-2016-1034.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rhn.redhat.com/errata/RHSA-2016-1034.html" }, { "reference_url": "https://rhn.redhat.com/errata/RHSA-2016-2634.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rhn.redhat.com/errata/RHSA-2016-2634.html" }, { "reference_url": "https://security.gentoo.org/glsa/201612-28", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201612-28" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329450", "reference_id": "1329450", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329450" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:runc:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:linuxfoundation:runc:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:runc:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1034", "reference_id": "RHSA-2016:1034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2634", "reference_id": "RHSA-2016:2634", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2634" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582262?format=api", "purl": "pkg:deb/debian/docker.io@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-3697", "GHSA-q3j5-32m5-58c2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vkba-amt4-m7e6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/196754?format=api", "vulnerability_id": "VCID-w4uc-6mvs-u3g7", "summary": "Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\\DockerDesktop\\version-bin\\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/157404/Docker-Credential-Wincred.exe-Privilege-Escalation.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:14:21Z/" } ], "url": "http://packetstormsecurity.com/files/157404/Docker-Credential-Wincred.exe-Privilege-Escalation.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15752", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.49322", "scoring_system": "epss", "scoring_elements": "0.97763", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.49322", "scoring_system": "epss", "scoring_elements": "0.97769", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.49322", "scoring_system": "epss", "scoring_elements": "0.97781", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.49322", "scoring_system": "epss", "scoring_elements": "0.97783", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.49322", "scoring_system": "epss", "scoring_elements": "0.97785", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.49322", "scoring_system": "epss", "scoring_elements": "0.97787", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.49322", "scoring_system": "epss", "scoring_elements": "0.97793", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.49322", "scoring_system": "epss", "scoring_elements": "0.97796", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.49322", "scoring_system": "epss", "scoring_elements": "0.9777", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.49322", "scoring_system": "epss", "scoring_elements": "0.97772", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.49322", "scoring_system": "epss", "scoring_elements": "0.97778", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15752" }, { "reference_url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:14:21Z/" } ], "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E" }, { "reference_url": "https://medium.com/%40morgan.henry.roman/elevation-of-privilege-in-docker-for-windows-2fd8450b478e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:14:21Z/" } ], "url": "https://medium.com/%40morgan.henry.roman/elevation-of-privilege-in-docker-for-windows-2fd8450b478e" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-15752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-15752" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:geode:1.12.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:geode:1.12.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:geode:1.12.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:docker:docker:*:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/48388.rb", "reference_id": "CVE-2019-15752", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/48388.rb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15752", "reference_id": "CVE-2019-15752", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:C/I:C/A:C" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15752" }, { "reference_url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/local/docker_credential_wincred.rb", "reference_id": "CVE-2019-15752", "reference_type": "exploit", "scores": [], "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/local/docker_credential_wincred.rb" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582262?format=api", "purl": "pkg:deb/debian/docker.io@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-15752" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w4uc-6mvs-u3g7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84822?format=api", "vulnerability_id": "VCID-y6tt-h3zz-ukev", "summary": "docker: Ambient capability usage in containers", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8867.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8867.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8867", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60214", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.6029", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60315", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60283", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60333", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60348", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60369", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60356", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60337", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60378", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60386", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60375", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60346", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8867" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390163", "reference_id": "1390163", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390163" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2653", "reference_id": "RHSA-2020:2653", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2653" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582262?format=api", "purl": "pkg:deb/debian/docker.io@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-8867" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y6tt-h3zz-ukev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82693?format=api", "vulnerability_id": "VCID-yt33-nmzd-r3cs", "summary": "docker: command injection due to a missing validation of the git ref command", "references": [ { "reference_url": "https://access.redhat.com/errata/RHBA-2019:3092", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHBA-2019:3092" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13139.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13139.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13139", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.67846", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.67985", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.67945", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.67958", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.67939", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.67869", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.67888", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.6792", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.67933", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.67957", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.67943", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.67907", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13139" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13139", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13139" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271" }, { "reference_url": "https://docs.docker.com/engine/release-notes/#18094", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.docker.com/engine/release-notes/#18094" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/moby/moby/pull/38944", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moby/moby/pull/38944" }, { "reference_url": "https://seclists.org/bugtraq/2019/Sep/21", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/bugtraq/2019/Sep/21" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190910-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190910-0001/" }, { "reference_url": "https://staaldraad.github.io/post/2019-07-16-cve-2019-13139-docker-build/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://staaldraad.github.io/post/2019-07-16-cve-2019-13139-docker-build/" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2019/dsa-4521" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1732627", "reference_id": "1732627", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1732627" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933002", "reference_id": "933002", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933002" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:docker:docker:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13139", "reference_id": "CVE-2019-13139", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "8.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13139" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584397?format=api", "purl": "pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-8%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-13139" ], "risk_score": 3.8, "exploitability": "0.5", "weighted_severity": "7.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yt33-nmzd-r3cs" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }