VulnerableCode Package Details - pkg:rpm/redhat/docker@1.6.2-14?arch=el7

Search for packages

Vulnerability	Summary	Fixed by
VCID-4mf3-mmz6-2kfs Aliases: CVE-2015-3630 GHSA-8fvr-5rqf-3wwh	Information Exposure in Docker Engine Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image.	There are no reported fixed by versions.
VCID-6gxe-db4h-93ex Aliases: CVE-2015-3627 GHSA-g7v2-2qxx-wjrw	Symlink Attack in Libcontainer and Docker Engine Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.	There are no reported fixed by versions.
VCID-ksbt-33eq-93c9 Aliases: CVE-2015-3629 GHSA-g44j-7vp3-68cv	Arbitrary File Write in Libcontainer Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.	There are no reported fixed by versions.
VCID-nkhu-t2nh-s7b2 Aliases: CVE-2015-3631 GHSA-v4h8-794j-g8mm	Arbitrary File Override in Docker Engine Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-4mf3-mmz6-2kfs
Aliases:
CVE-2015-3630
GHSA-8fvr-5rqf-3wwh

Information Exposure in Docker Engine Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image.

There are no reported fixed by versions.

VCID-6gxe-db4h-93ex
Aliases:
CVE-2015-3627
GHSA-g7v2-2qxx-wjrw

Symlink Attack in Libcontainer and Docker Engine Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.

There are no reported fixed by versions.

VCID-ksbt-33eq-93c9
Aliases:
CVE-2015-3629
GHSA-g44j-7vp3-68cv

Arbitrary File Write in Libcontainer Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.

There are no reported fixed by versions.

VCID-nkhu-t2nh-s7b2
Aliases:
CVE-2015-3631
GHSA-v4h8-794j-g8mm

Arbitrary File Override in Docker Engine Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:41:09.424878+00:00	RedHat Importer	Affected by	VCID-nkhu-t2nh-s7b2	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3631.json	38.0.0
2026-04-01T14:41:09.402208+00:00	RedHat Importer	Affected by	VCID-4mf3-mmz6-2kfs	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3630.json	38.0.0
2026-04-01T14:41:09.380750+00:00	RedHat Importer	Affected by	VCID-6gxe-db4h-93ex	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3627.json	38.0.0
2026-04-01T14:41:09.359099+00:00	RedHat Importer	Affected by	VCID-ksbt-33eq-93c9	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3629.json	38.0.0