Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1037874?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1037874?format=api", "purl": "pkg:deb/debian/docker.io@1.6.2~dfsg1-1~bpo8%2B1", "type": "deb", "namespace": "debian", "name": "docker.io", "version": "1.6.2~dfsg1-1~bpo8+1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "20.10.24+dfsg1-1", "latest_non_vulnerable_version": "26.1.5+dfsg1-9", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36505?format=api", "vulnerability_id": "VCID-165g-hgmx-nybk", "summary": "Information Exposure in RunC\nRunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0116.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0116.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0123.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0123.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0127.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0127.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9962.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9962.json" }, { "reference_url": "https://access.redhat.com/security/vulnerabilities/cve-2016-9962", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/vulnerabilities/cve-2016-9962" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9962", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22986", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22894", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22928", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.2291", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.3177", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32078", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32205", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32242", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32067", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32117", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32144", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32149", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.3211", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32079", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32112", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.3209", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32063", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31897", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31688", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31541", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31612", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9962" }, { "reference_url": "https://bugzilla.suse.com/show_bug.cgi?id=1012568#c6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1012568#c6" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9962", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9962" }, { "reference_url": "http://seclists.org/fulldisclosure/2017/Jan/21", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2017/Jan/21" }, { "reference_url": "http://seclists.org/fulldisclosure/2017/Jan/29", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2017/Jan/29" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:S/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/docker/docker/releases/tag/v1.12.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/docker/docker/releases/tag/v1.12.6" }, { "reference_url": "https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5" }, { "reference_url": "https://github.com/opencontainers/runc/commit/5d93fed3d27f1e2bab58bad13b180a7a81d0b378", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/opencontainers/runc/commit/5d93fed3d27f1e2bab58bad13b180a7a81d0b378" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQAXJMMLRU7DD2IMG47SR2K4BOFFG7FZ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQAXJMMLRU7DD2IMG47SR2K4BOFFG7FZ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FINGBFMIXBG6B6ZWYH3TMRP5V3PDBNXR", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FINGBFMIXBG6B6ZWYH3TMRP5V3PDBNXR" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVM7FCOQMPKOFLDTUYSS4ES76DDM56VP", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVM7FCOQMPKOFLDTUYSS4ES76DDM56VP" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WUQ3MQNEL5IBZZLMLR72Q4YDCL2SCKRK", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WUQ3MQNEL5IBZZLMLR72Q4YDCL2SCKRK" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9962", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9962" }, { "reference_url": "https://security.gentoo.org/glsa/201701-34", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201701-34" }, { "reference_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9962", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9962" }, { "reference_url": "http://www.securityfocus.com/archive/1/540001/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/archive/1/540001/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/95361", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/95361" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1409531", "reference_id": "1409531", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1409531" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850951", "reference_id": "850951", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850951" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850952", "reference_id": "850952", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850952" }, { "reference_url": "https://security.archlinux.org/ASA-201701-19", "reference_id": "ASA-201701-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-19" }, { "reference_url": "https://security.archlinux.org/ASA-201805-11", "reference_id": "ASA-201805-11", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201805-11" }, { "reference_url": "https://security.archlinux.org/AVG-133", "reference_id": "AVG-133", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-133" }, { "reference_url": "https://security.archlinux.org/AVG-134", "reference_id": "AVG-134", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-134" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0116", "reference_id": "RHSA-2017:0116", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0116" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0123", "reference_id": "RHSA-2017:0123", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0123" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0127", "reference_id": "RHSA-2017:0127", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0127" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037875?format=api", "purl": "pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3eju-5upk-auhy" }, { "vulnerability": "VCID-41ft-14gt-bbbq" }, { "vulnerability": "VCID-6vru-hsfs-rufg" }, { "vulnerability": "VCID-bhju-575k-ebh3" }, { "vulnerability": "VCID-e9ng-x516-53cf" }, { "vulnerability": "VCID-gbw6-3a59-mbhu" }, { "vulnerability": "VCID-gund-83cy-9fap" }, { "vulnerability": "VCID-h83p-v26k-s7fa" }, { "vulnerability": "VCID-pevy-d197-zydv" }, { "vulnerability": "VCID-u44m-mgza-nfcx" }, { "vulnerability": "VCID-uckr-kzdf-7ydj" }, { "vulnerability": "VCID-yt33-nmzd-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3" } ], "aliases": [ "CVE-2016-9962", "GHSA-gp4j-w3vj-7299" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-165g-hgmx-nybk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18277?format=api", "vulnerability_id": "VCID-3eju-5upk-auhy", "summary": "`docker cp` allows unexpected chmod of host files in Moby Docker Engine\n## Impact\nA bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process.\n\n## Patches\nThis bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted.\n\n## Workarounds\nEnsure you only run trusted containers.\n\n## Credits\nThe Moby project would like to thank Lei Wang and Ruizhi Xiao for responsibly disclosing this issue in accordance with the [Moby security policy](https://github.com/moby/moby/blob/master/SECURITY.md).\n\n## For more information\nIf you have any questions or comments about this advisory:\n\n* [Open an issue](https://github.com/moby/moby/issues/new)\n* Email us at security@docker.com if you think you’ve found a security bug", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41089.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41089.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41089", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.0892", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08727", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08651", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08728", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08752", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08753", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.0873", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08715", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08605", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08592", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08744", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08756", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.0871", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08714", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08644", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08786", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08871", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08836", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08863", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08652", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08679", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41089" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41089", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41089" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/moby/moby", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby" }, { "reference_url": "https://github.com/moby/moby/commit/bce32e5c93be4caf1a592582155b9cb837fc129a", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/commit/bce32e5c93be4caf1a592582155b9cb837fc129a" }, { "reference_url": "https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41089", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41089" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2024-2913", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pkg.go.dev/vuln/GO-2024-2913" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2008592", "reference_id": "2008592", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2008592" }, { "reference_url": "https://security.archlinux.org/AVG-2440", "reference_id": "AVG-2440", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2440" }, { "reference_url": "https://security.gentoo.org/glsa/202409-29", "reference_id": "GLSA-202409-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-29" }, { "reference_url": "https://usn.ubuntu.com/5103-1/", "reference_id": "USN-5103-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5103-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582636?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-41ft-14gt-bbbq" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-41089", "GHSA-v994-f8vw-g7j4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3eju-5upk-auhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18133?format=api", "vulnerability_id": "VCID-41ft-14gt-bbbq", "summary": "Authz zero length regression\nA security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass [authorization plugins (AuthZ)](https://docs.docker.com/engine/extend/plugins_authorization/) under specific circumstances. The base likelihood of this being exploited is low. This advisory outlines the issue, identifies the affected versions, and provides remediation steps for impacted users.\n\n### Impact\n\nUsing a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an [authorization plugin](https://docs.docker.com/engine/extend/plugins_authorization/) without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it.\n\n\nA security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine [v18.09.1](https://docs.docker.com/engine/release-notes/18.09/#security-fixes-1) in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted.\n\nDocker EE v19.03.x and all versions of Mirantis Container Runtime **are not vulnerable.**\n\n### Vulnerability details\n\n- **AuthZ bypass and privilege escalation:** An attacker could exploit a bypass using an API request with Content-Length set to 0, causing the Docker daemon to forward the request without the body to the AuthZ plugin, which might approve the request incorrectly.\n- **Initial fix:** The issue was fixed in Docker Engine [v18.09.1](https://docs.docker.com/engine/release-notes/18.09/#security-fixes-1) January 2019..\n- **Regression:** The fix was not included in Docker Engine v19.03 or newer versions. This was identified in April 2024 and patches were released for the affected versions on July 23, 2024. The issue was assigned [CVE-2024-41110](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41110).\n\n### Patches\n\n- docker-ce v27.1.1 containes patches to fix the vulnerability.\n- Patches have also been merged into the master, 19.0, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches.\n\n### Remediation steps\n\n- If you are running an affected version, update to the most recent patched version.\n- Mitigation if unable to update immediately:\n - Avoid using AuthZ plugins.\n - Restrict access to the Docker API to trusted parties, following the principle of least privilege.\n\n\n### References\n\n- https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb\n- https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1\n- https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41110.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41110.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41110", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03033", "scoring_system": "epss", "scoring_elements": "0.8669", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.03417", "scoring_system": "epss", "scoring_elements": "0.87459", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.04028", "scoring_system": "epss", "scoring_elements": "0.88494", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04028", "scoring_system": "epss", "scoring_elements": "0.8844", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04028", "scoring_system": "epss", "scoring_elements": "0.88455", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04028", "scoring_system": "epss", "scoring_elements": "0.88459", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04028", "scoring_system": "epss", "scoring_elements": "0.88478", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04028", "scoring_system": "epss", "scoring_elements": "0.88484", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04028", "scoring_system": "epss", "scoring_elements": "0.88517", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.04028", "scoring_system": "epss", "scoring_elements": "0.88497", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.04028", "scoring_system": "epss", "scoring_elements": "0.88501", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.04028", "scoring_system": "epss", "scoring_elements": "0.88486", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04028", "scoring_system": "epss", "scoring_elements": "0.88487", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04128", "scoring_system": "epss", "scoring_elements": "0.88707", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.04128", "scoring_system": "epss", "scoring_elements": "0.88742", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.04128", "scoring_system": "epss", "scoring_elements": "0.88718", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.04128", "scoring_system": "epss", "scoring_elements": "0.88682", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.04128", "scoring_system": "epss", "scoring_elements": "0.8871", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.04128", "scoring_system": "epss", "scoring_elements": "0.88698", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41110" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41110", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41110" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/moby/moby", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby" }, { "reference_url": "https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/" } ], "url": "https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191" }, { "reference_url": "https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/" } ], "url": "https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76" }, { "reference_url": "https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/" } ], "url": "https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919" }, { "reference_url": "https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/" } ], "url": "https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b" }, { "reference_url": "https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/" } ], "url": "https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0" }, { "reference_url": "https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/" } ], "url": "https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1" }, { "reference_url": "https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/" } ], "url": "https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00" }, { "reference_url": "https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/" } ], "url": "https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f" }, { "reference_url": "https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/" } ], "url": "https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801" }, { "reference_url": "https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/" } ], "url": "https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb" }, { "reference_url": "https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/" } ], "url": "https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41110", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41110" }, { "reference_url": "https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/" } ], "url": "https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2299720", "reference_id": "2299720", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2299720" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3714", "reference_id": "RHSA-2025:3714", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3714" }, { "reference_url": "https://usn.ubuntu.com/7161-1/", "reference_id": "USN-7161-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7161-1/" }, { "reference_url": "https://usn.ubuntu.com/7161-2/", "reference_id": "USN-7161-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7161-2/" }, { "reference_url": "https://usn.ubuntu.com/7161-3/", "reference_id": "USN-7161-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7161-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582637?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1" } ], "aliases": [ "CVE-2024-41110", "GHSA-v23v-6jw2-98fq" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-41ft-14gt-bbbq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83350?format=api", "vulnerability_id": "VCID-43es-2d6x-jba8", "summary": "docker: container breakout without selinux in enforcing mode", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html" }, { "reference_url": "https://access.redhat.com/errata/RHBA-2018:2796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHBA-2018:2796" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10892.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10892.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10892", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30061", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29622", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29583", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29597", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29521", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29542", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30098", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30147", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.2996", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.3002", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30056", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.3006", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30016", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29967", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29982", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29962", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29916", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29842", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29729", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29665", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29522", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10892" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10892", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10892" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10892", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10892" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/moby/moby/pull/37404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moby/moby/pull/37404" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1598581", "reference_id": "1598581", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1598581" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908057", "reference_id": "908057", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908057" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:community_edition:*:*:*", "reference_id": "cpe:2.3:a:docker:docker:*:*:*:*:community_edition:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:community_edition:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:enterprise_edition:*:*:*", "reference_id": "cpe:2.3:a:docker:docker:*:*:*:*:enterprise_edition:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:enterprise_edition:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10892", "reference_id": "CVE-2018-10892", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10892" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2482", "reference_id": "RHSA-2018:2482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2482" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037875?format=api", "purl": "pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3eju-5upk-auhy" }, { "vulnerability": "VCID-41ft-14gt-bbbq" }, { "vulnerability": "VCID-6vru-hsfs-rufg" }, { "vulnerability": "VCID-bhju-575k-ebh3" }, { "vulnerability": "VCID-e9ng-x516-53cf" }, { "vulnerability": "VCID-gbw6-3a59-mbhu" }, { "vulnerability": "VCID-gund-83cy-9fap" }, { "vulnerability": "VCID-h83p-v26k-s7fa" }, { "vulnerability": "VCID-pevy-d197-zydv" }, { "vulnerability": "VCID-u44m-mgza-nfcx" }, { "vulnerability": "VCID-uckr-kzdf-7ydj" }, { "vulnerability": "VCID-yt33-nmzd-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3" } ], "aliases": [ "CVE-2018-10892" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-43es-2d6x-jba8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39463?format=api", "vulnerability_id": "VCID-6vru-hsfs-rufg", "summary": "Multiple vulnerabilities have been found in containerd, the worst\n of which could result in privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15257.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15257.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15257", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11147", "scoring_system": "epss", "scoring_elements": "0.93557", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.11147", "scoring_system": "epss", "scoring_elements": "0.93514", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.11147", "scoring_system": "epss", "scoring_elements": "0.93544", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.11147", "scoring_system": "epss", "scoring_elements": "0.93538", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.11147", "scoring_system": "epss", "scoring_elements": "0.93442", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.11147", "scoring_system": "epss", "scoring_elements": "0.93539", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.11147", "scoring_system": "epss", "scoring_elements": "0.9345", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.11147", "scoring_system": "epss", "scoring_elements": "0.93458", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.11147", "scoring_system": "epss", "scoring_elements": "0.93466", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.11147", "scoring_system": "epss", "scoring_elements": "0.9347", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.11147", "scoring_system": "epss", "scoring_elements": "0.93475", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.11147", "scoring_system": "epss", "scoring_elements": "0.93495", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.11147", "scoring_system": "epss", "scoring_elements": "0.93501", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.11147", "scoring_system": "epss", "scoring_elements": "0.93506", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.11147", "scoring_system": "epss", "scoring_elements": "0.93528", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.11997", "scoring_system": "epss", "scoring_elements": "0.93802", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.11997", "scoring_system": "epss", "scoring_elements": "0.93806", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.11997", "scoring_system": "epss", "scoring_elements": "0.93803", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15257" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/containerd/containerd/commit/4a4bb851f5da563ff6e68a83dc837c7699c469ad", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/containerd/containerd/commit/4a4bb851f5da563ff6e68a83dc837c7699c469ad" }, { "reference_url": "https://github.com/containerd/containerd/releases/tag/v1.4.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/containerd/containerd/releases/tag/v1.4.3" }, { "reference_url": "https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNKXLOLZWO5FMAPX63ZL7JNKTNNT5NQD", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNKXLOLZWO5FMAPX63ZL7JNKTNNT5NQD" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15257", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15257" }, { "reference_url": "https://research.nccgroup.com/2020/12/10/abstract-shimmer-cve-2020-15257-host-networking-is-root-equivalent-again", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://research.nccgroup.com/2020/12/10/abstract-shimmer-cve-2020-15257-host-networking-is-root-equivalent-again" }, { "reference_url": "https://security.gentoo.org/glsa/202105-33", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202105-33" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4865", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4865" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1899487", "reference_id": "1899487", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1899487" }, { "reference_url": "https://security.archlinux.org/ASA-202012-8", "reference_id": "ASA-202012-8", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202012-8" }, { "reference_url": "https://security.archlinux.org/AVG-1309", "reference_id": "AVG-1309", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1309" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:2183", "reference_id": "RHSA-2022:2183", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:2183" }, { "reference_url": "https://usn.ubuntu.com/4653-1/", "reference_id": "USN-4653-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4653-1/" }, { "reference_url": "https://usn.ubuntu.com/4653-2/", "reference_id": "USN-4653-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4653-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037875?format=api", "purl": "pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3eju-5upk-auhy" }, { "vulnerability": "VCID-41ft-14gt-bbbq" }, { "vulnerability": "VCID-6vru-hsfs-rufg" }, { "vulnerability": "VCID-bhju-575k-ebh3" }, { "vulnerability": "VCID-e9ng-x516-53cf" }, { "vulnerability": "VCID-gbw6-3a59-mbhu" }, { "vulnerability": "VCID-gund-83cy-9fap" }, { "vulnerability": "VCID-h83p-v26k-s7fa" }, { "vulnerability": "VCID-pevy-d197-zydv" }, { "vulnerability": "VCID-u44m-mgza-nfcx" }, { "vulnerability": "VCID-uckr-kzdf-7ydj" }, { "vulnerability": "VCID-yt33-nmzd-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1052484?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3eju-5upk-auhy" }, { "vulnerability": "VCID-41ft-14gt-bbbq" }, { "vulnerability": "VCID-bhju-575k-ebh3" }, { "vulnerability": "VCID-e9ng-x516-53cf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1" } ], "aliases": [ "CVE-2020-15257", "GHSA-36xw-fx78-c5r4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6vru-hsfs-rufg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55518?format=api", "vulnerability_id": "VCID-ahbf-gwnw-nufp", "summary": "Docker Moby /proc/scsi Path Exposure Allows Host Data Loss (SCSI MICDROP)\nThe DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a \"scsi remove-single-device\" line to /proc/scsi/scsi, aka SCSI MICDROP.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16539.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16539.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16539", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63545", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63493", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63466", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63501", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63351", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63359", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63438", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63421", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63403", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63386", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63448", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63404", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63432", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63436", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63424", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63406", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63298", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63427", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.6342", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63385", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16539" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16539", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16539" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:N/I:P/A:P" }, { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/moby/moby", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby" }, { "reference_url": "https://github.com/moby/moby/commit/a21ecdf3c8a343a7c94e4c4d01b178c87ca7aaa1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/commit/a21ecdf3c8a343a7c94e4c4d01b178c87ca7aaa1" }, { "reference_url": "https://github.com/moby/moby/pull/35399", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T15:10:20Z/" } ], "url": "https://github.com/moby/moby/pull/35399" }, { "reference_url": "https://github.com/moby/moby/pull/35399/commits/a21ecdf3c8a343a7c94e4c4d01b178c87ca7aaa1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T15:10:20Z/" } ], "url": "https://github.com/moby/moby/pull/35399/commits/a21ecdf3c8a343a7c94e4c4d01b178c87ca7aaa1" }, { "reference_url": "https://marc.info/?l=linux-scsi&m=150985062200941&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T15:10:20Z/" } ], "url": "https://marc.info/?l=linux-scsi&m=150985062200941&w=2" }, { "reference_url": "https://marc.info/?l=linux-scsi&m=150985455801444&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T15:10:20Z/" } ], "url": "https://marc.info/?l=linux-scsi&m=150985455801444&w=2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16539", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16539" }, { "reference_url": "https://twitter.com/ewindisch/status/926443521820774401", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T15:10:20Z/" } ], "url": "https://twitter.com/ewindisch/status/926443521820774401" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1516205", "reference_id": "1516205", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1516205" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900140", "reference_id": "900140", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900140" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037875?format=api", "purl": "pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3eju-5upk-auhy" }, { "vulnerability": "VCID-41ft-14gt-bbbq" }, { "vulnerability": "VCID-6vru-hsfs-rufg" }, { "vulnerability": "VCID-bhju-575k-ebh3" }, { "vulnerability": "VCID-e9ng-x516-53cf" }, { "vulnerability": "VCID-gbw6-3a59-mbhu" }, { "vulnerability": "VCID-gund-83cy-9fap" }, { "vulnerability": "VCID-h83p-v26k-s7fa" }, { "vulnerability": "VCID-pevy-d197-zydv" }, { "vulnerability": "VCID-u44m-mgza-nfcx" }, { "vulnerability": "VCID-uckr-kzdf-7ydj" }, { "vulnerability": "VCID-yt33-nmzd-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3" } ], "aliases": [ "CVE-2017-16539", "GHSA-vfjc-2qcw-j95j" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ahbf-gwnw-nufp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18958?format=api", "vulnerability_id": "VCID-bhju-575k-ebh3", "summary": "Docker CLI leaks private registry credentials to registry-1.docker.io\n## Impact\n\nA bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry.\n\n## Patches\n\nThis bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible.\n\n## Workarounds\n\nEnsure that any configured `credsStore` or `credHelpers` entries in the configuration file reference an installed credential helper that is executable and on the `PATH`.\n\n## For more information\n\nIf you have any questions or comments about this advisory:\n\n* [Open an issue](https://github.com/docker/cli/issues/new/choose)\n* Email us at security@docker.com if you think you’ve found a security bug", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41092.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41092.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41092", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22885", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.2307", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23034", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22977", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22991", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22984", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22948", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22778", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22772", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22766", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22666", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22751", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22827", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22792", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22807", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22923", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23089", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23134", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22925", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22998", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.2305", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41092" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41092", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41092" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/docker/cli/commit/893e52cf4ba4b048d72e99748e0f86b2767c6c6b", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/docker/cli/commit/893e52cf4ba4b048d72e99748e0f86b2767c6c6b" }, { "reference_url": "https://github.com/docker/cli/security/advisories/GHSA-99pg-grm5-qq3v", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/docker/cli/security/advisories/GHSA-99pg-grm5-qq3v" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41092", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41092" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023449", "reference_id": "2023449", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023449" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998292", "reference_id": "998292", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998292" }, { "reference_url": "https://security.archlinux.org/AVG-2440", "reference_id": "AVG-2440", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2440" }, { "reference_url": "https://usn.ubuntu.com/5134-1/", "reference_id": "USN-5134-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5134-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582636?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-41ft-14gt-bbbq" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-41092", "GHSA-99pg-grm5-qq3v" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bhju-575k-ebh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85495?format=api", "vulnerability_id": "VCID-e6sp-khpk-r3d8", "summary": "docker: Manifest validation and parsing logic errors allow pull-by-digest validation bypass", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8179.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8179.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8179", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.8161", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.81622", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.81643", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.8164", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.81668", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.81672", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.81692", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.8168", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.81673", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.81712", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.81715", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.8174", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.81749", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.81755", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.81773", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.81794", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.81819", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.81815", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.81832", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.01596", "scoring_system": "epss", "scoring_elements": "0.81873", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8179" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8179", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8179" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271256", "reference_id": "1271256", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271256" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037875?format=api", "purl": "pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3eju-5upk-auhy" }, { "vulnerability": "VCID-41ft-14gt-bbbq" }, { "vulnerability": "VCID-6vru-hsfs-rufg" }, { "vulnerability": "VCID-bhju-575k-ebh3" }, { "vulnerability": "VCID-e9ng-x516-53cf" }, { "vulnerability": "VCID-gbw6-3a59-mbhu" }, { "vulnerability": "VCID-gund-83cy-9fap" }, { "vulnerability": "VCID-h83p-v26k-s7fa" }, { "vulnerability": "VCID-pevy-d197-zydv" }, { "vulnerability": "VCID-u44m-mgza-nfcx" }, { "vulnerability": "VCID-uckr-kzdf-7ydj" }, { "vulnerability": "VCID-yt33-nmzd-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3" } ], "aliases": [ "CVE-2014-8179" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e6sp-khpk-r3d8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14446?format=api", "vulnerability_id": "VCID-e9ng-x516-53cf", "summary": "Moby (Docker Engine) Insufficiently restricted permissions on data directory\n## Impact\n\nA bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files.\n\n## Patches\n\nThis bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed.\n\n## Workarounds\n\nLimit access to the host to trusted users. Limit access to host volumes to trusted containers.\n\n## Credits\n\nThe Moby project would like to thank Joan Bruguera for responsibly disclosing this issue in accordance with the [Moby security policy](https://github.com/moby/moby/blob/master/SECURITY.md).\n\n## For more information\n\nIf you have any questions or comments about this advisory:\n\n* [Open an issue](https://github.com/moby/moby/issues/new)\n* Email us at security@docker.com if you think you’ve found a security bug", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41091.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41091.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41091", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04746", "scoring_system": "epss", "scoring_elements": "0.8943", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04746", "scoring_system": "epss", "scoring_elements": "0.8951", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.04746", "scoring_system": "epss", "scoring_elements": "0.895", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.04746", "scoring_system": "epss", "scoring_elements": "0.89501", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.04746", "scoring_system": "epss", "scoring_elements": "0.89486", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.04746", "scoring_system": "epss", "scoring_elements": "0.89467", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.04746", "scoring_system": "epss", "scoring_elements": "0.89459", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.04746", "scoring_system": "epss", "scoring_elements": "0.89458", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.04746", "scoring_system": "epss", "scoring_elements": "0.89454", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.04746", "scoring_system": "epss", "scoring_elements": "0.89438", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.04746", "scoring_system": "epss", "scoring_elements": "0.89441", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.04746", "scoring_system": "epss", "scoring_elements": "0.8944", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.04746", "scoring_system": "epss", "scoring_elements": "0.89424", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04746", "scoring_system": "epss", "scoring_elements": "0.89429", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04746", "scoring_system": "epss", "scoring_elements": "0.8953", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0558", "scoring_system": "epss", "scoring_elements": "0.90272", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0558", "scoring_system": "epss", "scoring_elements": "0.90256", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0558", "scoring_system": "epss", "scoring_elements": "0.90259", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0558", "scoring_system": "epss", "scoring_elements": "0.90276", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0558", "scoring_system": "epss", "scoring_elements": "0.90291", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0558", "scoring_system": "epss", "scoring_elements": "0.90298", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41091" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41091", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41091" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/moby/moby", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby" }, { "reference_url": "https://github.com/moby/moby/commit/f0ab919f518c47240ea0e72d0999576bb8008e64", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/commit/f0ab919f518c47240ea0e72d0999576bb8008e64" }, { "reference_url": "https://github.com/moby/moby/security/advisories/GHSA-3fwx-pjgw-3558", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/security/advisories/GHSA-3fwx-pjgw-3558" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41091", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41091" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023448", "reference_id": "2023448", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023448" }, { "reference_url": "https://security.archlinux.org/AVG-2440", "reference_id": "AVG-2440", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2440" }, { "reference_url": "https://security.gentoo.org/glsa/202409-29", "reference_id": "GLSA-202409-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-29" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582636?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-41ft-14gt-bbbq" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2" } ], "aliases": [ "CVE-2021-41091", "GHSA-3fwx-pjgw-3558" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e9ng-x516-53cf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55500?format=api", "vulnerability_id": "VCID-eb24-pguf-ryg1", "summary": "tar-split memory exhaustion\nLack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14992.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14992.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14992", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56169", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.5617", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56175", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56186", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56162", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56146", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.5618", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56182", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56151", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56077", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56098", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56074", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56028", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56076", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56137", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56087", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.5611", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.5601", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.5612", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.5614", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56119", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14992" }, { "reference_url": "https://blog.cloudpassage.com/2017/10/13/discovering-docker-cve-2017-14992/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blog.cloudpassage.com/2017/10/13/discovering-docker-cve-2017-14992/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14992", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14992" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:N/I:N/A:C" }, { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/moby/moby/issues/35075", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/issues/35075" }, { "reference_url": "https://github.com/vbatts/tar-split", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vbatts/tar-split" }, { "reference_url": "https://github.com/vbatts/tar-split/pull/42", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vbatts/tar-split/pull/42" }, { "reference_url": "https://github.com/vbatts/tar-split/releases/tag/v0.10.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vbatts/tar-split/releases/tag/v0.10.2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14992", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14992" }, { "reference_url": "https://web.archive.org/web/20171119174639/https://blog.cloudpassage.com/2017/10/13/discovering-docker-cve-2017-14992", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20171119174639/https://blog.cloudpassage.com/2017/10/13/discovering-docker-cve-2017-14992" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1510348", "reference_id": "1510348", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1510348" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908055", "reference_id": "908055", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908055" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908056", "reference_id": "908056", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908056" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:1.12.6-0:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:docker:docker:1.12.6-0:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:1.12.6-0:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.03.0:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:docker:docker:17.03.0:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.03.0:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.03.1:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:docker:docker:17.03.1:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.03.1:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.03.2:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:docker:docker:17.03.2:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.03.2:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.06.0:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:docker:docker:17.06.0:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.06.0:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.06.1:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:docker:docker:17.06.1:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.06.1:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.06.2:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:docker:docker:17.06.2:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.06.2:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.09.0:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:docker:docker:17.09.0:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.09.0:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:docker:docker:*:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:community:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037875?format=api", "purl": "pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3eju-5upk-auhy" }, { "vulnerability": "VCID-41ft-14gt-bbbq" }, { "vulnerability": "VCID-6vru-hsfs-rufg" }, { "vulnerability": "VCID-bhju-575k-ebh3" }, { "vulnerability": "VCID-e9ng-x516-53cf" }, { "vulnerability": "VCID-gbw6-3a59-mbhu" }, { "vulnerability": "VCID-gund-83cy-9fap" }, { "vulnerability": "VCID-h83p-v26k-s7fa" }, { "vulnerability": "VCID-pevy-d197-zydv" }, { "vulnerability": "VCID-u44m-mgza-nfcx" }, { "vulnerability": "VCID-uckr-kzdf-7ydj" }, { "vulnerability": "VCID-yt33-nmzd-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3" } ], "aliases": [ "CVE-2017-14992", "GHSA-hqwh-8xv9-42hw" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eb24-pguf-ryg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83099?format=api", "vulnerability_id": "VCID-f6d3-yyvz-xqgs", "summary": "docker: Memory exhaustion via large integer used with --cpuset-mems or --cpuset-cpus", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20699.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20699.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20699", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22812", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22867", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22942", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22961", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22924", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22882", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22876", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22837", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22673", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22666", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22661", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22981", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.23025", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22816", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.2289", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23605", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23554", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23506", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23522", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23405", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23486", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20699" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20699" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/docker/engine/pull/70", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/docker/engine/pull/70" }, { "reference_url": "https://github.com/moby/moby/pull/37967", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moby/moby/pull/37967" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666565", "reference_id": "1666565", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666565" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:engine:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:docker:engine:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:engine:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20699", "reference_id": "CVE-2018-20699", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:N/A:P" }, { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0487", "reference_id": "RHSA-2019:0487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0487" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037875?format=api", "purl": "pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3eju-5upk-auhy" }, { "vulnerability": "VCID-41ft-14gt-bbbq" }, { "vulnerability": "VCID-6vru-hsfs-rufg" }, { "vulnerability": "VCID-bhju-575k-ebh3" }, { "vulnerability": "VCID-e9ng-x516-53cf" }, { "vulnerability": "VCID-gbw6-3a59-mbhu" }, { "vulnerability": "VCID-gund-83cy-9fap" }, { "vulnerability": "VCID-h83p-v26k-s7fa" }, { "vulnerability": "VCID-pevy-d197-zydv" }, { "vulnerability": "VCID-u44m-mgza-nfcx" }, { "vulnerability": "VCID-uckr-kzdf-7ydj" }, { "vulnerability": "VCID-yt33-nmzd-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3" } ], "aliases": [ "CVE-2018-20699" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f6d3-yyvz-xqgs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53011?format=api", "vulnerability_id": "VCID-gbw6-3a59-mbhu", "summary": "containerd v1.2.x can be coerced into leaking credentials during image pull\n## Impact\n\nIf a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a “foreign layer”), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers.\n\nIf an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user's username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account.\n\nThe default containerd resolver is used by the cri-containerd plugin (which can be used by Kubernetes), the ctr development tool, and other client programs that have explicitly linked against it.\n\nThis vulnerability has been rated by the containerd maintainers as medium, with a CVSS score of 6.1 and a vector string of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N.\n\n## Patches\n\nThis vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and later are not affected.\n\n## Workarounds\n\nIf you are using containerd 1.3 or later, you are not affected. If you are using cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources. Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected.\n\n## Credits\n\nThe containerd maintainers would like to thank Brad Geesaman, Josh Larsen, Ian Coldwater, Duffie Cooley, and Rory McCune for responsibly disclosing this issue in accordance with the [containerd security policy](https://github.com/containerd/project/blob/master/SECURITY.md).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15157.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15157.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15157", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00777", "scoring_system": "epss", "scoring_elements": "0.73797", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00777", "scoring_system": "epss", "scoring_elements": "0.73739", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00777", "scoring_system": "epss", "scoring_elements": "0.73716", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00777", "scoring_system": "epss", "scoring_elements": "0.73754", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00777", "scoring_system": "epss", "scoring_elements": "0.7373", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00777", "scoring_system": "epss", "scoring_elements": "0.73705", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00777", "scoring_system": "epss", "scoring_elements": "0.73712", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00777", "scoring_system": "epss", "scoring_elements": "0.73617", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00777", "scoring_system": "epss", "scoring_elements": "0.73575", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00777", "scoring_system": "epss", "scoring_elements": "0.73629", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00777", "scoring_system": "epss", "scoring_elements": "0.73584", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00777", "scoring_system": "epss", "scoring_elements": "0.73608", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00777", "scoring_system": "epss", "scoring_elements": "0.7358", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00777", "scoring_system": "epss", "scoring_elements": "0.73678", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00777", "scoring_system": "epss", "scoring_elements": "0.73669", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00777", "scoring_system": "epss", "scoring_elements": "0.73625", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00777", "scoring_system": "epss", "scoring_elements": "0.73634", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00777", "scoring_system": "epss", "scoring_elements": "0.73652", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00846", "scoring_system": "epss", "scoring_elements": "0.74894", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00846", "scoring_system": "epss", "scoring_elements": "0.74887", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00846", "scoring_system": "epss", "scoring_elements": "0.74851", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285" }, { "reference_url": "https://darkbit.io/blog/cve-2020-15157-containerdrip", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://darkbit.io/blog/cve-2020-15157-containerdrip" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/containerd/containerd", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/containerd/containerd" }, { "reference_url": "https://github.com/containerd/containerd/commit/1ead8d9deb3b175bf40413b8c47b3d19c2262726", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/containerd/containerd/commit/1ead8d9deb3b175bf40413b8c47b3d19c2262726" }, { "reference_url": "https://github.com/containerd/containerd/releases/tag/v1.2.14", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/containerd/containerd/releases/tag/v1.2.14" }, { "reference_url": "https://github.com/containerd/containerd/security/advisories/GHSA-742w-89gc-8m9c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/containerd/containerd/security/advisories/GHSA-742w-89gc-8m9c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15157", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15157" }, { "reference_url": "https://usn.ubuntu.com/4589-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4589-1" }, { "reference_url": "https://usn.ubuntu.com/4589-2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4589-2" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4865", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4865" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1888248", "reference_id": "1888248", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1888248" }, { "reference_url": "https://usn.ubuntu.com/4589-1/", "reference_id": "USN-4589-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4589-1/" }, { "reference_url": "https://usn.ubuntu.com/4589-2/", "reference_id": "USN-4589-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4589-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037875?format=api", "purl": "pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3eju-5upk-auhy" }, { "vulnerability": "VCID-41ft-14gt-bbbq" }, { "vulnerability": "VCID-6vru-hsfs-rufg" }, { "vulnerability": "VCID-bhju-575k-ebh3" }, { "vulnerability": "VCID-e9ng-x516-53cf" }, { "vulnerability": "VCID-gbw6-3a59-mbhu" }, { "vulnerability": "VCID-gund-83cy-9fap" }, { "vulnerability": "VCID-h83p-v26k-s7fa" }, { "vulnerability": "VCID-pevy-d197-zydv" }, { "vulnerability": "VCID-u44m-mgza-nfcx" }, { "vulnerability": "VCID-uckr-kzdf-7ydj" }, { "vulnerability": "VCID-yt33-nmzd-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1052484?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3eju-5upk-auhy" }, { "vulnerability": "VCID-41ft-14gt-bbbq" }, { "vulnerability": "VCID-bhju-575k-ebh3" }, { "vulnerability": "VCID-e9ng-x516-53cf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1" } ], "aliases": [ "CVE-2020-15157", "GHSA-742w-89gc-8m9c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gbw6-3a59-mbhu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14284?format=api", "vulnerability_id": "VCID-gund-83cy-9fap", "summary": "moby Access to remapped root allows privilege escalation to real root\n### Impact\n\nWhen using `--userns-remap`, if the root user in the remapped namespace has access to the host filesystem they can modify files under `/var/lib/docker/<remapping>` that cause writing files with extended privileges.\n\n### Patches\n\nVersions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.\n\n### Credits\n\nMaintainers would like to thank Alex Chapman for discovering the vulnerability; @awprice, @nathanburrell, @raulgomis, @chris-walz, @erin-jensby, @bassmatt, @mark-adams, @dbaxa for working on it and Zac Ellis for responsibly disclosing it to security@docker.com", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21284.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21284.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21284", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05759", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05753", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05748", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05737", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.0565", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05595", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.0559", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05592", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05555", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05518", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05392", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05426", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05354", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05384", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05357", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05401", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05409", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05422", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05448", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05312", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21284" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285" }, { "reference_url": "https://docs.docker.com/engine/release-notes/#20103", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.docker.com/engine/release-notes/#20103" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/moby/moby/commit/64bd4485b3a66a597c02c95f5776395e540b2c7c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/commit/64bd4485b3a66a597c02c95f5776395e540b2c7c" }, { "reference_url": "https://github.com/moby/moby/releases/tag/v19.03.15", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/releases/tag/v19.03.15" }, { "reference_url": "https://github.com/moby/moby/releases/tag/v20.10.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/releases/tag/v20.10.3" }, { "reference_url": "https://github.com/moby/moby/security/advisories/GHSA-7452-xqpj-6rpc", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/security/advisories/GHSA-7452-xqpj-6rpc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21284", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21284" }, { "reference_url": "https://security.gentoo.org/glsa/202107-23", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202107-23" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210226-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210226-0005" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4865", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4865" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924740", "reference_id": "1924740", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924740" }, { "reference_url": "https://security.archlinux.org/ASA-202102-12", "reference_id": "ASA-202102-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202102-12" }, { "reference_url": "https://security.archlinux.org/AVG-1528", "reference_id": "AVG-1528", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1528" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037875?format=api", "purl": "pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3eju-5upk-auhy" }, { "vulnerability": "VCID-41ft-14gt-bbbq" }, { "vulnerability": "VCID-6vru-hsfs-rufg" }, { "vulnerability": "VCID-bhju-575k-ebh3" }, { "vulnerability": "VCID-e9ng-x516-53cf" }, { "vulnerability": "VCID-gbw6-3a59-mbhu" }, { "vulnerability": "VCID-gund-83cy-9fap" }, { "vulnerability": "VCID-h83p-v26k-s7fa" }, { "vulnerability": "VCID-pevy-d197-zydv" }, { "vulnerability": "VCID-u44m-mgza-nfcx" }, { "vulnerability": "VCID-uckr-kzdf-7ydj" }, { "vulnerability": "VCID-yt33-nmzd-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1052484?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3eju-5upk-auhy" }, { "vulnerability": "VCID-41ft-14gt-bbbq" }, { "vulnerability": "VCID-bhju-575k-ebh3" }, { "vulnerability": "VCID-e9ng-x516-53cf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1" } ], "aliases": [ "CVE-2021-21284", "GHSA-7452-xqpj-6rpc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gund-83cy-9fap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49948?format=api", "vulnerability_id": "VCID-h83p-v26k-s7fa", "summary": "A flaw in Docker allowed possible information leakage.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00040.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00040.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13401.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13401.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13401", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.1287", "scoring_system": "epss", "scoring_elements": "0.94047", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.1287", "scoring_system": "epss", "scoring_elements": "0.94119", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.1287", "scoring_system": "epss", "scoring_elements": "0.94067", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.1287", "scoring_system": "epss", "scoring_elements": "0.94068", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.1287", "scoring_system": "epss", "scoring_elements": "0.94007", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.1287", "scoring_system": "epss", "scoring_elements": "0.94017", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.1287", "scoring_system": "epss", "scoring_elements": "0.94027", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.1287", "scoring_system": "epss", "scoring_elements": "0.9403", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.1287", "scoring_system": "epss", "scoring_elements": "0.94039", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.1287", "scoring_system": "epss", "scoring_elements": "0.94043", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.1287", "scoring_system": "epss", "scoring_elements": "0.94063", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.1287", "scoring_system": "epss", "scoring_elements": "0.94107", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.1287", "scoring_system": "epss", "scoring_elements": "0.94103", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.1287", "scoring_system": "epss", "scoring_elements": "0.94098", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.1287", "scoring_system": "epss", "scoring_elements": "0.94088", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.1287", "scoring_system": "epss", "scoring_elements": "0.94076", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.1287", "scoring_system": "epss", "scoring_elements": "0.94069", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13401" }, { "reference_url": "https://docs.docker.com/engine/release-notes", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.docker.com/engine/release-notes" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/docker/docker-ce/releases/tag/v19.03.11", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/docker/docker-ce/releases/tag/v19.03.11" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DN4JQAOXBE3XUNK3FD423LHE3K74EMJT", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DN4JQAOXBE3XUNK3FD423LHE3K74EMJT" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJZLKRCOJMOGUIJI2AS27BOZS3RBEF3K", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJZLKRCOJMOGUIJI2AS27BOZS3RBEF3K" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13401", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13401" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200717-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200717-0002" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4716", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2020/dsa-4716" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/06/01/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2020/06/01/5" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1833233", "reference_id": "1833233", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1833233" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962141", "reference_id": "962141", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962141" }, { "reference_url": "https://security.gentoo.org/glsa/202008-15", "reference_id": "GLSA-202008-15", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202008-15" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037875?format=api", "purl": "pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3eju-5upk-auhy" }, { "vulnerability": "VCID-41ft-14gt-bbbq" }, { "vulnerability": "VCID-6vru-hsfs-rufg" }, { "vulnerability": "VCID-bhju-575k-ebh3" }, { "vulnerability": "VCID-e9ng-x516-53cf" }, { "vulnerability": "VCID-gbw6-3a59-mbhu" }, { "vulnerability": "VCID-gund-83cy-9fap" }, { "vulnerability": "VCID-h83p-v26k-s7fa" }, { "vulnerability": "VCID-pevy-d197-zydv" }, { "vulnerability": "VCID-u44m-mgza-nfcx" }, { "vulnerability": "VCID-uckr-kzdf-7ydj" }, { "vulnerability": "VCID-yt33-nmzd-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1052484?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3eju-5upk-auhy" }, { "vulnerability": "VCID-41ft-14gt-bbbq" }, { "vulnerability": "VCID-bhju-575k-ebh3" }, { "vulnerability": "VCID-e9ng-x516-53cf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1" } ], "aliases": [ "CVE-2020-13401", "GHSA-qrrc-ww9x-r43g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h83p-v26k-s7fa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54421?format=api", "vulnerability_id": "VCID-pevy-d197-zydv", "summary": "Moby Docker cp broken with debian containers\nIn Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14271.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14271.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14271", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.71918", "scoring_system": "epss", "scoring_elements": "0.98767", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.72198", "scoring_system": "epss", "scoring_elements": "0.98771", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.72198", "scoring_system": "epss", "scoring_elements": "0.98769", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.72198", "scoring_system": "epss", "scoring_elements": "0.98764", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.72198", "scoring_system": "epss", "scoring_elements": "0.98756", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.72198", "scoring_system": "epss", "scoring_elements": "0.98754", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.72198", "scoring_system": "epss", "scoring_elements": "0.98752", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.72198", "scoring_system": "epss", "scoring_elements": "0.98777", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.72198", "scoring_system": "epss", "scoring_elements": "0.98748", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.72198", "scoring_system": "epss", "scoring_elements": "0.98749", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.72198", "scoring_system": "epss", "scoring_elements": "0.98775", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.72198", "scoring_system": "epss", "scoring_elements": "0.98774", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.72198", "scoring_system": "epss", "scoring_elements": "0.98745", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.72198", "scoring_system": "epss", "scoring_elements": "0.98742", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.72198", "scoring_system": "epss", "scoring_elements": "0.98741", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.72589", "scoring_system": "epss", "scoring_elements": "0.98774", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.72589", "scoring_system": "epss", "scoring_elements": "0.98777", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.72589", "scoring_system": "epss", "scoring_elements": "0.98779", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14271" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13139", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13139" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271" }, { "reference_url": "https://docs.docker.com/engine/release-notes", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.docker.com/engine/release-notes" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/moby/moby", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby" }, { "reference_url": "https://github.com/moby/moby/commit/11e48badcb67554b3d795241855028f28d244545", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/commit/11e48badcb67554b3d795241855028f28d244545" }, { "reference_url": "https://github.com/moby/moby/commit/fa8dd90ceb7bcb9d554d27e0b9087ab83e54bd2b", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/commit/fa8dd90ceb7bcb9d554d27e0b9087ab83e54bd2b" }, { "reference_url": "https://github.com/moby/moby/issues/39449", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/issues/39449" }, { "reference_url": "https://github.com/moby/moby/pull/39612", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/pull/39612" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14271", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14271" }, { "reference_url": "https://seclists.org/bugtraq/2019/Sep/21", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Sep/21" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190828-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190828-0003" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4521", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4521" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1747222", "reference_id": "1747222", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1747222" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037875?format=api", "purl": "pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3eju-5upk-auhy" }, { "vulnerability": "VCID-41ft-14gt-bbbq" }, { "vulnerability": "VCID-6vru-hsfs-rufg" }, { "vulnerability": "VCID-bhju-575k-ebh3" }, { "vulnerability": "VCID-e9ng-x516-53cf" }, { "vulnerability": "VCID-gbw6-3a59-mbhu" }, { "vulnerability": "VCID-gund-83cy-9fap" }, { "vulnerability": "VCID-h83p-v26k-s7fa" }, { "vulnerability": "VCID-pevy-d197-zydv" }, { "vulnerability": "VCID-u44m-mgza-nfcx" }, { "vulnerability": "VCID-uckr-kzdf-7ydj" }, { "vulnerability": "VCID-yt33-nmzd-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1052484?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3eju-5upk-auhy" }, { "vulnerability": "VCID-41ft-14gt-bbbq" }, { "vulnerability": "VCID-bhju-575k-ebh3" }, { "vulnerability": "VCID-e9ng-x516-53cf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1" } ], "aliases": [ "CVE-2019-14271", "GHSA-v2cv-wwxq-qq97" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pevy-d197-zydv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14199?format=api", "vulnerability_id": "VCID-qwqe-27yu-8kds", "summary": "Docker Authentication Bypass\nAn issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root CA (as opposed to one signed by the configured CA root certificate) to authenticate.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12608.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12608.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12608", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63793", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63627", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63664", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63673", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63657", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63688", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63683", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.637", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63751", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63715", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63741", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63547", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63607", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63634", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63593", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63645", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63661", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63676", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12608" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12608", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12608" }, { "reference_url": "https://github.com/moby/moby", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby" }, { "reference_url": "https://github.com/moby/moby/commit/190c6e8cf8b893874a33d83f78307f1bed0bfbcd", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/commit/190c6e8cf8b893874a33d83f78307f1bed0bfbcd" }, { "reference_url": "https://github.com/moby/moby/issues/33173", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/issues/33173" }, { "reference_url": "https://github.com/moby/moby/pull/33182", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/pull/33182" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12608", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12608" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275812", "reference_id": "2275812", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275812" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5094", "reference_id": "RHSA-2024:5094", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5094" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037875?format=api", "purl": "pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3eju-5upk-auhy" }, { "vulnerability": "VCID-41ft-14gt-bbbq" }, { "vulnerability": "VCID-6vru-hsfs-rufg" }, { "vulnerability": "VCID-bhju-575k-ebh3" }, { "vulnerability": "VCID-e9ng-x516-53cf" }, { "vulnerability": "VCID-gbw6-3a59-mbhu" }, { "vulnerability": "VCID-gund-83cy-9fap" }, { "vulnerability": "VCID-h83p-v26k-s7fa" }, { "vulnerability": "VCID-pevy-d197-zydv" }, { "vulnerability": "VCID-u44m-mgza-nfcx" }, { "vulnerability": "VCID-uckr-kzdf-7ydj" }, { "vulnerability": "VCID-yt33-nmzd-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3" } ], "aliases": [ "CVE-2018-12608", "GHSA-qrqr-3x5j-2xw9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qwqe-27yu-8kds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82519?format=api", "vulnerability_id": "VCID-sh5d-p485-6qh4", "summary": "docker: symlink-exchange race attacks in docker cp", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15664.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15664.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-15664", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06205", "scoring_system": "epss", "scoring_elements": "0.90965", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.06205", "scoring_system": "epss", "scoring_elements": "0.90906", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.06205", "scoring_system": "epss", "scoring_elements": "0.90905", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.06205", "scoring_system": "epss", "scoring_elements": "0.90903", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.06205", "scoring_system": "epss", "scoring_elements": "0.90919", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.06205", "scoring_system": "epss", "scoring_elements": "0.90937", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.06205", "scoring_system": "epss", "scoring_elements": "0.90949", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.06205", "scoring_system": "epss", "scoring_elements": "0.90946", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.06205", "scoring_system": "epss", "scoring_elements": "0.90955", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.06925", "scoring_system": "epss", "scoring_elements": "0.91414", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.06925", "scoring_system": "epss", "scoring_elements": "0.91413", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06925", "scoring_system": "epss", "scoring_elements": "0.91437", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.06925", "scoring_system": "epss", "scoring_elements": "0.91433", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.06925", "scoring_system": "epss", "scoring_elements": "0.91434", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.06925", "scoring_system": "epss", "scoring_elements": "0.91363", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.06925", "scoring_system": "epss", "scoring_elements": "0.91405", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.06925", "scoring_system": "epss", "scoring_elements": "0.91411", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.06925", "scoring_system": "epss", "scoring_elements": "0.91368", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.06925", "scoring_system": "epss", "scoring_elements": "0.91379", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.06925", "scoring_system": "epss", "scoring_elements": "0.91386", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.06925", "scoring_system": "epss", "scoring_elements": "0.91398", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-15664" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15664", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15664" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1714722", "reference_id": "1714722", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1714722" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929662", "reference_id": "929662", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929662" }, { "reference_url": "https://security.archlinux.org/AVG-968", "reference_id": "AVG-968", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-968" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1910", "reference_id": "RHSA-2019:1910", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1910" }, { "reference_url": "https://usn.ubuntu.com/4048-1/", "reference_id": "USN-4048-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4048-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037875?format=api", "purl": "pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3eju-5upk-auhy" }, { "vulnerability": "VCID-41ft-14gt-bbbq" }, { "vulnerability": "VCID-6vru-hsfs-rufg" }, { "vulnerability": "VCID-bhju-575k-ebh3" }, { "vulnerability": "VCID-e9ng-x516-53cf" }, { "vulnerability": "VCID-gbw6-3a59-mbhu" }, { "vulnerability": "VCID-gund-83cy-9fap" }, { "vulnerability": "VCID-h83p-v26k-s7fa" }, { "vulnerability": "VCID-pevy-d197-zydv" }, { "vulnerability": "VCID-u44m-mgza-nfcx" }, { "vulnerability": "VCID-uckr-kzdf-7ydj" }, { "vulnerability": "VCID-yt33-nmzd-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3" } ], "aliases": [ "CVE-2018-15664" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sh5d-p485-6qh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85494?format=api", "vulnerability_id": "VCID-su25-rgw1-xkg6", "summary": "docker: Attacker controlled layer IDs lead to local graph content poisoning", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8178.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8178.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8178", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50045", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50079", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50107", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50057", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50111", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50105", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50122", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50096", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50093", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50137", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50138", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.5011", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50102", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50056", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.49974", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50028", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50008", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50038", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8178" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8178", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8178" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271253", "reference_id": "1271253", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271253" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037875?format=api", "purl": "pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3eju-5upk-auhy" }, { "vulnerability": "VCID-41ft-14gt-bbbq" }, { "vulnerability": "VCID-6vru-hsfs-rufg" }, { "vulnerability": "VCID-bhju-575k-ebh3" }, { "vulnerability": "VCID-e9ng-x516-53cf" }, { "vulnerability": "VCID-gbw6-3a59-mbhu" }, { "vulnerability": "VCID-gund-83cy-9fap" }, { "vulnerability": "VCID-h83p-v26k-s7fa" }, { "vulnerability": "VCID-pevy-d197-zydv" }, { "vulnerability": "VCID-u44m-mgza-nfcx" }, { "vulnerability": "VCID-uckr-kzdf-7ydj" }, { "vulnerability": "VCID-yt33-nmzd-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3" } ], "aliases": [ "CVE-2014-8178" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-su25-rgw1-xkg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56740?format=api", "vulnerability_id": "VCID-u44m-mgza-nfcx", "summary": "Secret insertion into debug log in Docker\nIn Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13509.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13509.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13509", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0152", "scoring_system": "epss", "scoring_elements": "0.81434", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0152", "scoring_system": "epss", "scoring_elements": "0.81379", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0152", "scoring_system": "epss", "scoring_elements": "0.81393", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0152", "scoring_system": "epss", "scoring_elements": "0.81357", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0152", "scoring_system": "epss", "scoring_elements": "0.81376", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0152", "scoring_system": "epss", "scoring_elements": "0.81338", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0155", "scoring_system": "epss", "scoring_elements": "0.81432", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0155", "scoring_system": "epss", "scoring_elements": "0.81412", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0155", "scoring_system": "epss", "scoring_elements": "0.81449", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0155", "scoring_system": "epss", "scoring_elements": "0.8145", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0155", "scoring_system": "epss", "scoring_elements": "0.81451", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0155", "scoring_system": "epss", "scoring_elements": "0.81473", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0155", "scoring_system": "epss", "scoring_elements": "0.8148", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0155", "scoring_system": "epss", "scoring_elements": "0.81485", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0155", "scoring_system": "epss", "scoring_elements": "0.81419", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0155", "scoring_system": "epss", "scoring_elements": "0.81348", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0155", "scoring_system": "epss", "scoring_elements": "0.81357", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0155", "scoring_system": "epss", "scoring_elements": "0.81379", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0155", "scoring_system": "epss", "scoring_elements": "0.81377", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0155", "scoring_system": "epss", "scoring_elements": "0.81405", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0155", "scoring_system": "epss", "scoring_elements": "0.8141", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13509" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13139", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13139" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271" }, { "reference_url": "https://docs.docker.com/engine/release-notes/18.09", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.docker.com/engine/release-notes/18.09" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13509", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13509" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1732418", "reference_id": "1732418", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1732418" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932673", "reference_id": "932673", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932673" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037875?format=api", "purl": "pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3eju-5upk-auhy" }, { "vulnerability": "VCID-41ft-14gt-bbbq" }, { "vulnerability": "VCID-6vru-hsfs-rufg" }, { "vulnerability": "VCID-bhju-575k-ebh3" }, { "vulnerability": "VCID-e9ng-x516-53cf" }, { "vulnerability": "VCID-gbw6-3a59-mbhu" }, { "vulnerability": "VCID-gund-83cy-9fap" }, { "vulnerability": "VCID-h83p-v26k-s7fa" }, { "vulnerability": "VCID-pevy-d197-zydv" }, { "vulnerability": "VCID-u44m-mgza-nfcx" }, { "vulnerability": "VCID-uckr-kzdf-7ydj" }, { "vulnerability": "VCID-yt33-nmzd-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1052484?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3eju-5upk-auhy" }, { "vulnerability": "VCID-41ft-14gt-bbbq" }, { "vulnerability": "VCID-bhju-575k-ebh3" }, { "vulnerability": "VCID-e9ng-x516-53cf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1" } ], "aliases": [ "CVE-2019-13509", "GHSA-j249-ghv5-7mxv" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u44m-mgza-nfcx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14025?format=api", "vulnerability_id": "VCID-uckr-kzdf-7ydj", "summary": "moby docker daemon crash during image pull of malicious image\n### Impact\n\nPulling an intentionally malformed Docker image manifest crashes the `dockerd` daemon.\n\n### Patches\n\nVersions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.\n\n### Credits\n\nMaintainers would like to thank Josh Larsen, Ian Coldwater, Duffie Cooley, Rory McCune for working on the vulnerability and Brad Geesaman for responsibly disclosing it to security@docker.com.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21285.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21285.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21285", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57603", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57537", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57511", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57583", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57541", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57515", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57536", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57512", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57565", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57568", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57563", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57562", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57499", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57454", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57503", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57524", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57504", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57546", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57569", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57431", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21285" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285" }, { "reference_url": "https://docs.docker.com/engine/release-notes/#20103", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.docker.com/engine/release-notes/#20103" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/moby/moby/commit/8d3179546e79065adefa67cc697c09d0ab137d30", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/commit/8d3179546e79065adefa67cc697c09d0ab137d30" }, { "reference_url": "https://github.com/moby/moby/releases/tag/v19.03.15", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/releases/tag/v19.03.15" }, { "reference_url": "https://github.com/moby/moby/releases/tag/v20.10.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/releases/tag/v20.10.3" }, { "reference_url": "https://github.com/moby/moby/security/advisories/GHSA-6fj5-m822-rqx8", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/security/advisories/GHSA-6fj5-m822-rqx8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21285", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21285" }, { "reference_url": "https://security.gentoo.org/glsa/202107-23", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202107-23" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210226-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210226-0005" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4865", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4865" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924742", "reference_id": "1924742", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924742" }, { "reference_url": "https://security.archlinux.org/ASA-202102-12", "reference_id": "ASA-202102-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202102-12" }, { "reference_url": "https://security.archlinux.org/AVG-1528", "reference_id": "AVG-1528", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1528" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037875?format=api", "purl": "pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3eju-5upk-auhy" }, { "vulnerability": "VCID-41ft-14gt-bbbq" }, { "vulnerability": "VCID-6vru-hsfs-rufg" }, { "vulnerability": "VCID-bhju-575k-ebh3" }, { "vulnerability": "VCID-e9ng-x516-53cf" }, { "vulnerability": "VCID-gbw6-3a59-mbhu" }, { "vulnerability": "VCID-gund-83cy-9fap" }, { "vulnerability": "VCID-h83p-v26k-s7fa" }, { "vulnerability": "VCID-pevy-d197-zydv" }, { "vulnerability": "VCID-u44m-mgza-nfcx" }, { "vulnerability": "VCID-uckr-kzdf-7ydj" }, { "vulnerability": "VCID-yt33-nmzd-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1052484?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3eju-5upk-auhy" }, { "vulnerability": "VCID-41ft-14gt-bbbq" }, { "vulnerability": "VCID-bhju-575k-ebh3" }, { "vulnerability": "VCID-e9ng-x516-53cf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1" } ], "aliases": [ "CVE-2021-21285", "GHSA-6fj5-m822-rqx8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uckr-kzdf-7ydj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82693?format=api", "vulnerability_id": "VCID-yt33-nmzd-r3cs", "summary": "docker: command injection due to a missing validation of the git ref command", "references": [ { "reference_url": "https://access.redhat.com/errata/RHBA-2019:3092", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHBA-2019:3092" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13139.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13139.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13139", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.67846", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.68108", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.68058", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.68025", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.68051", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.67869", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.67888", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.6792", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.67933", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.67957", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.67943", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.67907", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.67945", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.67958", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.67939", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.67985", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.67993", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.67999", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.67974", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.68016", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13139" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13139", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13139" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271" }, { "reference_url": "https://docs.docker.com/engine/release-notes/#18094", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.docker.com/engine/release-notes/#18094" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/moby/moby/pull/38944", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moby/moby/pull/38944" }, { "reference_url": "https://seclists.org/bugtraq/2019/Sep/21", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/bugtraq/2019/Sep/21" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190910-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190910-0001/" }, { "reference_url": "https://staaldraad.github.io/post/2019-07-16-cve-2019-13139-docker-build/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://staaldraad.github.io/post/2019-07-16-cve-2019-13139-docker-build/" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2019/dsa-4521" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1732627", "reference_id": "1732627", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1732627" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933002", "reference_id": "933002", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933002" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:enterprise:*:*:*", "reference_id": "cpe:2.3:a:docker:docker:*:*:*:*:enterprise:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:enterprise:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13139", "reference_id": "CVE-2019-13139", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "8.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13139" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037875?format=api", "purl": "pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3eju-5upk-auhy" }, { "vulnerability": "VCID-41ft-14gt-bbbq" }, { "vulnerability": "VCID-6vru-hsfs-rufg" }, { "vulnerability": "VCID-bhju-575k-ebh3" }, { "vulnerability": "VCID-e9ng-x516-53cf" }, { "vulnerability": "VCID-gbw6-3a59-mbhu" }, { "vulnerability": "VCID-gund-83cy-9fap" }, { "vulnerability": "VCID-h83p-v26k-s7fa" }, { "vulnerability": "VCID-pevy-d197-zydv" }, { "vulnerability": "VCID-u44m-mgza-nfcx" }, { "vulnerability": "VCID-uckr-kzdf-7ydj" }, { "vulnerability": "VCID-yt33-nmzd-r3cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1052484?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3eju-5upk-auhy" }, { "vulnerability": "VCID-41ft-14gt-bbbq" }, { "vulnerability": "VCID-bhju-575k-ebh3" }, { "vulnerability": "VCID-e9ng-x516-53cf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1" } ], "aliases": [ "CVE-2019-13139" ], "risk_score": 3.8, "exploitability": "0.5", "weighted_severity": "7.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yt33-nmzd-r3cs" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@1.6.2~dfsg1-1~bpo8%252B1" }