{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","type":"deb","namespace":"debian","name":"docker.io","version":"26.1.5+dfsg1-9","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"28.5.2+dfsg3-2","latest_non_vulnerable_version":"28.5.2+dfsg4-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81130?format=json","vulnerability_id":"VCID-14uu-1w2t-ekh2","summary":"docker: Security regression of CVE-2016-9962 due to inclusion of vulnerable runc","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14300.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14300.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14300","reference_id":"","reference_type":"","scores":[{"value":"0.00267","scoring_system":"epss","scoring_elements":"0.50168","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00267","scoring_system":"epss","scoring_elements":"0.50213","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00267","scoring_system":"epss","scoring_elements":"0.50242","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00267","scoring_system":"epss","scoring_elements":"0.50191","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00267","scoring_system":"epss","scoring_elements":"0.50245","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00267","scoring_system":"epss","scoring_elements":"0.50237","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00267","scoring_system":"epss","scoring_elements":"0.50265","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00267","scoring_system":"epss","scoring_elements":"0.50238","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00267","scoring_system":"epss","scoring_elements":"0.50227","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00267","scoring_system":"epss","scoring_elements":"0.50272","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00267","scoring_system":"epss","scoring_elements":"0.50273","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00267","scoring_system":"epss","scoring_elements":"0.50247","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00267","scoring_system":"epss","scoring_elements":"0.5022","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00267","scoring_system":"epss","scoring_elements":"0.50225","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00267","scoring_system":"epss","scoring_elements":"0.5018","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00267","scoring_system":"epss","scoring_elements":"0.50097","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00267","scoring_system":"epss","scoring_elements":"0.50151","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00267","scoring_system":"epss","scoring_elements":"0.50179","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14300"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1848829","reference_id":"1848829","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1848829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2653","reference_id":"RHSA-2020:2653","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2653"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582262?format=json","purl":"pkg:deb/debian/docker.io@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2020-14300"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-14uu-1w2t-ekh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36505?format=json","vulnerability_id":"VCID-165g-hgmx-nybk","summary":"Information Exposure in RunC\nRunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container.  This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0116.html","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0116.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0123.html","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0123.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0127.html","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0127.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9962.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9962.json"},{"reference_url":"https://access.redhat.com/security/vulnerabilities/cve-2016-9962","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/vulnerabilities/cve-2016-9962"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9962","reference_id":"","reference_type":"","scores":[{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22928","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32205","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.31541","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.31688","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.3177","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.31897","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32063","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.3209","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32112","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32079","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.3211","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32149","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32144","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32117","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32067","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32078","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32242","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.31612","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9962"},{"reference_url":"https://bugzilla.suse.com/show_bug.cgi?id=1012568#c6","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.suse.com/show_bug.cgi?id=1012568#c6"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9962","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9962"},{"reference_url":"http://seclists.org/fulldisclosure/2017/Jan/21","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2017/Jan/21"},{"reference_url":"http://seclists.org/fulldisclosure/2017/Jan/29","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2017/Jan/29"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:S/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/docker/docker/releases/tag/v1.12.6","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/docker/docker/releases/tag/v1.12.6"},{"reference_url":"https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5"},{"reference_url":"https://github.com/opencontainers/runc/commit/5d93fed3d27f1e2bab58bad13b180a7a81d0b378","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencontainers/runc/commit/5d93fed3d27f1e2bab58bad13b180a7a81d0b378"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQAXJMMLRU7DD2IMG47SR2K4BOFFG7FZ","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQAXJMMLRU7DD2IMG47SR2K4BOFFG7FZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FINGBFMIXBG6B6ZWYH3TMRP5V3PDBNXR","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FINGBFMIXBG6B6ZWYH3TMRP5V3PDBNXR"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVM7FCOQMPKOFLDTUYSS4ES76DDM56VP","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVM7FCOQMPKOFLDTUYSS4ES76DDM56VP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WUQ3MQNEL5IBZZLMLR72Q4YDCL2SCKRK","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WUQ3MQNEL5IBZZLMLR72Q4YDCL2SCKRK"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9962","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9962"},{"reference_url":"https://security.gentoo.org/glsa/201701-34","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-34"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9962","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9962"},{"reference_url":"http://www.securityfocus.com/archive/1/540001/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/540001/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/95361","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/95361"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1409531","reference_id":"1409531","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1409531"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850951","reference_id":"850951","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850951"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850952","reference_id":"850952","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850952"},{"reference_url":"https://security.archlinux.org/ASA-201701-19","reference_id":"ASA-201701-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-19"},{"reference_url":"https://security.archlinux.org/ASA-201805-11","reference_id":"ASA-201805-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201805-11"},{"reference_url":"https://security.archlinux.org/AVG-133","reference_id":"AVG-133","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-133"},{"reference_url":"https://security.archlinux.org/AVG-134","reference_id":"AVG-134","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-134"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0116","reference_id":"RHSA-2017:0116","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0116"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0123","reference_id":"RHSA-2017:0123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0127","reference_id":"RHSA-2017:0127","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0127"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/585480?format=json","purl":"pkg:deb/debian/docker.io@1.13.1~ds1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@1.13.1~ds1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2016-9962","GHSA-gp4j-w3vj-7299"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-165g-hgmx-nybk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16303?format=json","vulnerability_id":"VCID-1sky-21r5-3qcu","summary":"Moby's external DNS requests from 'internal' networks could lead to data exfiltration\nMoby is an open source container framework originally developed by Docker Inc. as Docker. It is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. As a batteries-included container runtime, Moby comes with a built-in networking implementation that enables communication between containers, and between containers and external resources.\n\nMoby's networking implementation allows for creating and using many networks, each with their own subnet and gateway. This feature is frequently referred to as custom networks, as each network can have a different driver, set of parameters, and thus behaviors. When creating a network, the `--internal` flag is used to designate a network as _internal_. The `internal` attribute in a docker-compose.yml file may also be used to mark a network _internal_, and other API clients may specify the `internal` parameter as well.\n\nWhen containers with networking are created, they are assigned unique network interfaces and IP addresses (typically from a non-routable [RFC 1918](https://datatracker.ietf.org/doc/html/rfc1918) subnet). The root network namespace (hereafter referred to as the 'host') serves as a router for non-internal networks, with a gateway IP that provides SNAT/DNAT to/from container IPs.\n\nContainers on an _internal_ network may communicate between each other, but are precluded from communicating with any networks the host has access to (LAN or WAN) as no default route is configured, and firewall rules are set up to drop all outgoing traffic. Communication with the gateway IP address (and thus appropriately configured host services) is possible, and the host may communicate with any container IP directly.\n\nIn addition to configuring the Linux kernel's various networking features to enable container networking, `dockerd` directly provides some services to container networks. Principal among these is serving as a resolver, enabling service discovery (looking up other containers on the network by name), and resolution of names from an upstream resolver.\n\nWhen a DNS request for a name that does not correspond to a container is received, the request is forwarded to the configured upstream resolver (by default, the host's configured resolver). This request is made from the container network namespace: the level of access and routing of traffic is the same as if the request was made by the container itself.\n\nAs a consequence of this design, containers solely attached to _internal_ network(s) will be unable to resolve names using the upstream resolver, as the container itself is unable to communicate with that nameserver. Only the names of containers also attached to the internal network are able to be resolved.\n\nMany systems will run a local forwarding DNS resolver, typically present on a loopback address (`127.0.0.0/8`), such as systemd-resolved or dnsmasq. Common loopback address examples include `127.0.0.1` or `127.0.0.53`. As the host and any containers have separate loopback devices, a consequence of the design described above is that containers are unable to resolve names from the host's configured resolver, as they cannot reach these addresses on the host loopback device.\n\nTo bridge this gap, and to allow containers to properly resolve names even when a local forwarding resolver is used on a loopback address, `dockerd` will detect this scenario and instead forward DNS requests from the host/root network namespace. The loopback resolver will then forward the requests to its configured upstream resolvers, as expected.\n\n## Impact\n\nBecause `dockerd` will forward DNS requests to the host loopback device, bypassing the container network namespace's normal routing semantics entirely, _internal_ networks can unexpectedly forward DNS requests to an external nameserver.\n\nBy registering a domain for which they control the authoritative nameservers, an attacker could arrange for a compromised container to exfiltrate data by encoding it in DNS queries that will eventually be answered by their nameservers. For example, if the domain `evil.example` was registered, the authoritative nameserver(s) for that domain could (eventually and indirectly) receive a request for `this-is-a-secret.evil.example`.\n\nDocker Desktop is not affected, as Docker Desktop always runs an internal resolver on a RFC 1918 address.\n\n## Patches\n\nMoby releases 26.0.0-rc3, 25.0.5 (released) and 23.0.11 (to be released) are patched to prevent forwarding DNS requests from internal networks.\n\n## Workarounds\n\n-   Run containers intended to be solely attached to _internal_ networks with a custom upstream address (`--dns` argument to `docker run`, or API equivalent), which will force all upstream DNS queries to be resolved from the container network namespace.\n\n## Background\n\n- yair zak originally reported this issue to the Docker security team.\n-  PR <https://github.com/moby/moby/pull/46609> was opened in public to fix this issue, as it was not originally considered to have a security implication.\n- [The official documentation](https://docs.docker.com/network/drivers/ipvlan/#:~:text=If%20the%20parent,the%20network%20completely) claims that \"the `--internal` flag that will completely isolate containers on a network from any communications external to that network,\" which necessitated this advisory and CVE.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29018.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29018.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29018","reference_id":"","reference_type":"","scores":[{"value":"0.00264","scoring_system":"epss","scoring_elements":"0.49702","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00264","scoring_system":"epss","scoring_elements":"0.4975","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00264","scoring_system":"epss","scoring_elements":"0.49723","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.58029","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.58018","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.57998","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.58028","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.58027","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.58004","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.57968","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.57983","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.57967","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.57924","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.58021","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.58023","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.5804","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29018"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29018","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29018"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/moby","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby"},{"reference_url":"https://github.com/moby/moby/pull/46609","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-28T19:09:14Z/"}],"url":"https://github.com/moby/moby/pull/46609"},{"reference_url":"https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-28T19:09:14Z/"}],"url":"https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068460","reference_id":"1068460","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068460"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2270591","reference_id":"2270591","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2270591"},{"reference_url":"https://usn.ubuntu.com/7161-1/","reference_id":"USN-7161-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7161-1/"},{"reference_url":"https://usn.ubuntu.com/7161-2/","reference_id":"USN-7161-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7161-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/921998?format=json","purl":"pkg:deb/debian/docker.io@26.1.4%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.4%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2024-29018","GHSA-mq39-4gv4-mvpx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1sky-21r5-3qcu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52965?format=json","vulnerability_id":"VCID-2hy3-uwad-mydt","summary":"Privilege Escalation in Docker\nDocker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0820.html","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0820.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3499.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3499.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3499","reference_id":"","reference_type":"","scores":[{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.0952","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09401","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09372","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09357","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.0925","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09248","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.094","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09452","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09409","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.0937","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09282","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09447","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.093","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09302","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09352","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09264","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09341","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09389","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3499"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1111687","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1111687"},{"reference_url":"https://github.com/docker/docker/commit/707ef9618b3b26a0534a0af732a22f159eccfaa5","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/docker/docker/commit/707ef9618b3b26a0534a0af732a22f159eccfaa5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3499","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:C/I:C/A:C"},{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3499"},{"reference_url":"https://rhn.redhat.com/errata/RHSA-2014-0820.html","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rhn.redhat.com/errata/RHSA-2014-0820.html"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3499","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3499"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:1.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:docker:docker:1.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:1.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0820","reference_id":"RHSA-2014:0820","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0820"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582262?format=json","purl":"pkg:deb/debian/docker.io@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2014-3499","GHSA-wxj3-qwv4-cvfm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2hy3-uwad-mydt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14029?format=json","vulnerability_id":"VCID-2ttv-me4k-z7hx","summary":"Path Traversal in Moby builder\nutil/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27534.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27534.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27534","reference_id":"","reference_type":"","scores":[{"value":"0.0077","scoring_system":"epss","scoring_elements":"0.73649","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0077","scoring_system":"epss","scoring_elements":"0.73545","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0077","scoring_system":"epss","scoring_elements":"0.73526","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0077","scoring_system":"epss","scoring_elements":"0.73519","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0077","scoring_system":"epss","scoring_elements":"0.73562","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0077","scoring_system":"epss","scoring_elements":"0.73572","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0077","scoring_system":"epss","scoring_elements":"0.73565","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0077","scoring_system":"epss","scoring_elements":"0.73597","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0077","scoring_system":"epss","scoring_elements":"0.73609","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0077","scoring_system":"epss","scoring_elements":"0.73607","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0077","scoring_system":"epss","scoring_elements":"0.736","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0077","scoring_system":"epss","scoring_elements":"0.73625","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0077","scoring_system":"epss","scoring_elements":"0.73469","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0077","scoring_system":"epss","scoring_elements":"0.73478","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0077","scoring_system":"epss","scoring_elements":"0.735","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0077","scoring_system":"epss","scoring_elements":"0.73472","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0077","scoring_system":"epss","scoring_elements":"0.73508","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0077","scoring_system":"epss","scoring_elements":"0.73522","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27534"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1921154","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1921154"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/buildkit/pull/1462","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/buildkit/pull/1462"},{"reference_url":"https://github.com/moby/moby/pull/40877","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/pull/40877"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-27534","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-27534"},{"reference_url":"http://web.archive.org/web/20200530054359/https://docs.docker.com/engine/release-notes","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://web.archive.org/web/20200530054359/https://docs.docker.com/engine/release-notes"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582262?format=json","purl":"pkg:deb/debian/docker.io@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2020-27534","GHSA-6hwg-w5jg-9c6x"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2ttv-me4k-z7hx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18277?format=json","vulnerability_id":"VCID-3eju-5upk-auhy","summary":"`docker cp` allows unexpected chmod of host files in Moby Docker Engine\n## Impact\nA bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process.\n\n## Patches\nThis bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted.\n\n## Workarounds\nEnsure you only run trusted containers.\n\n## Credits\nThe Moby project would like to thank Lei Wang and Ruizhi Xiao for responsibly disclosing this issue in accordance with the [Moby security policy](https://github.com/moby/moby/blob/master/SECURITY.md).\n\n## For more information\nIf you have any questions or comments about this advisory:\n\n* [Open an issue](https://github.com/moby/moby/issues/new)\n* Email us at  security@docker.com  if you think you’ve found a security bug","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41089.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41089.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41089","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08871","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08786","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08644","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08753","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08715","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08679","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08727","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08651","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08728","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08752","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.0873","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08714","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.0871","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08756","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08744","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08592","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08605","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08652","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41089"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41089","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41089"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/moby","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby"},{"reference_url":"https://github.com/moby/moby/commit/bce32e5c93be4caf1a592582155b9cb837fc129a","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/commit/bce32e5c93be4caf1a592582155b9cb837fc129a"},{"reference_url":"https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41089","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41089"},{"reference_url":"https://pkg.go.dev/vuln/GO-2024-2913","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2024-2913"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2008592","reference_id":"2008592","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2008592"},{"reference_url":"https://security.archlinux.org/AVG-2440","reference_id":"AVG-2440","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2440"},{"reference_url":"https://security.gentoo.org/glsa/202409-29","reference_id":"GLSA-202409-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-29"},{"reference_url":"https://usn.ubuntu.com/5103-1/","reference_id":"USN-5103-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5103-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583680?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583681?format=json","purl":"pkg:deb/debian/docker.io@20.10.10%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.10%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2021-41089","GHSA-v994-f8vw-g7j4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3eju-5upk-auhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18133?format=json","vulnerability_id":"VCID-41ft-14gt-bbbq","summary":"Authz zero length regression\nA security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass [authorization plugins (AuthZ)](https://docs.docker.com/engine/extend/plugins_authorization/) under specific circumstances. The base likelihood of this being exploited is low. This advisory outlines the issue, identifies the affected versions, and provides remediation steps for impacted users.\n\n### Impact\n\nUsing a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an [authorization plugin](https://docs.docker.com/engine/extend/plugins_authorization/) without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it.\n\n\nA security issue was discovered In 2018,  where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine [v18.09.1](https://docs.docker.com/engine/release-notes/18.09/#security-fixes-1) in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted.\n\nDocker EE v19.03.x and all versions of Mirantis Container Runtime **are not vulnerable.**\n\n### Vulnerability details\n\n- **AuthZ bypass and privilege escalation:** An attacker could exploit a bypass using an API request with Content-Length set to 0, causing the Docker daemon to forward the request without the body to the AuthZ plugin, which might approve the request incorrectly.\n- **Initial fix:** The issue was fixed in Docker Engine [v18.09.1](https://docs.docker.com/engine/release-notes/18.09/#security-fixes-1) January 2019..\n- **Regression:** The fix was not included in Docker Engine v19.03 or newer versions. This was identified in April 2024 and patches were released for the affected versions on July 23, 2024. The issue was assigned [CVE-2024-41110](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41110).\n\n### Patches\n\n- docker-ce v27.1.1 containes patches to fix the vulnerability.\n- Patches have also been merged into the master, 19.0, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches.\n\n### Remediation steps\n\n- If you are running an affected version, update to the most recent patched version.\n- Mitigation if unable to update immediately:\n    - Avoid using AuthZ plugins.\n    - Restrict access to the Docker API to trusted parties, following the principle of least privilege.\n\n\n### References\n\n- https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb\n- https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1\n- https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41110.json","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41110.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41110","reference_id":"","reference_type":"","scores":[{"value":"0.03033","scoring_system":"epss","scoring_elements":"0.8669","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03417","scoring_system":"epss","scoring_elements":"0.87459","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04028","scoring_system":"epss","scoring_elements":"0.88501","published_at":"2026-04-16T12:55:00Z"},{"value":"0.04028","scoring_system":"epss","scoring_elements":"0.88517","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04028","scoring_system":"epss","scoring_elements":"0.88497","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04028","scoring_system":"epss","scoring_elements":"0.88486","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04028","scoring_system":"epss","scoring_elements":"0.88487","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04028","scoring_system":"epss","scoring_elements":"0.88494","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04028","scoring_system":"epss","scoring_elements":"0.88484","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04028","scoring_system":"epss","scoring_elements":"0.88478","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04028","scoring_system":"epss","scoring_elements":"0.88459","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04028","scoring_system":"epss","scoring_elements":"0.88455","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04028","scoring_system":"epss","scoring_elements":"0.8844","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04128","scoring_system":"epss","scoring_elements":"0.88698","published_at":"2026-05-07T12:55:00Z"},{"value":"0.04128","scoring_system":"epss","scoring_elements":"0.8871","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04128","scoring_system":"epss","scoring_elements":"0.88682","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41110"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41110","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41110"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/moby","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby"},{"reference_url":"https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/"}],"url":"https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191"},{"reference_url":"https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/"}],"url":"https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76"},{"reference_url":"https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/"}],"url":"https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919"},{"reference_url":"https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/"}],"url":"https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b"},{"reference_url":"https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/"}],"url":"https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0"},{"reference_url":"https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/"}],"url":"https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1"},{"reference_url":"https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/"}],"url":"https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00"},{"reference_url":"https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/"}],"url":"https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f"},{"reference_url":"https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/"}],"url":"https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801"},{"reference_url":"https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/"}],"url":"https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb"},{"reference_url":"https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/"}],"url":"https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41110","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41110"},{"reference_url":"https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/"}],"url":"https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2299720","reference_id":"2299720","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2299720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3714","reference_id":"RHSA-2025:3714","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3714"},{"reference_url":"https://usn.ubuntu.com/7161-1/","reference_id":"USN-7161-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7161-1/"},{"reference_url":"https://usn.ubuntu.com/7161-2/","reference_id":"USN-7161-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7161-2/"},{"reference_url":"https://usn.ubuntu.com/7161-3/","reference_id":"USN-7161-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7161-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/584129?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/584130?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2024-41110","GHSA-v23v-6jw2-98fq"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-41ft-14gt-bbbq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83350?format=json","vulnerability_id":"VCID-43es-2d6x-jba8","summary":"docker: container breakout without selinux in enforcing mode","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html"},{"reference_url":"https://access.redhat.com/errata/RHBA-2018:2796","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHBA-2018:2796"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10892.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10892.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10892","reference_id":"","reference_type":"","scores":[{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30061","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29597","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29729","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29665","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29522","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29583","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30098","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30147","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.2996","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.3002","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30056","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.3006","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30016","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29967","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29982","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29962","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29916","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29842","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10892"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10892","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10892"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10892","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10892"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/moby/pull/37404","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moby/moby/pull/37404"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1598581","reference_id":"1598581","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1598581"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908057","reference_id":"908057","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908057"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:community_edition:*:*:*","reference_id":"cpe:2.3:a:docker:docker:*:*:*:*:community_edition:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:community_edition:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:enterprise_edition:*:*:*","reference_id":"cpe:2.3:a:docker:docker:*:*:*:*:enterprise_edition:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:enterprise_edition:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10892","reference_id":"CVE-2018-10892","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2482","reference_id":"RHSA-2018:2482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2482"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/584476?format=json","purl":"pkg:deb/debian/docker.io@18.06.1%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.06.1%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2018-10892"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-43es-2d6x-jba8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53104?format=json","vulnerability_id":"VCID-4mf3-mmz6-2kfs","summary":"Information Exposure in Docker Engine\nDocker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3630.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3630.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3630","reference_id":"","reference_type":"","scores":[{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29405","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28933","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28917","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28856","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29004","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29074","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29186","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29301","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29346","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29471","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29372","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.2935","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29403","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29448","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29443","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29402","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29338","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29519","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3630"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3630","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3630"},{"reference_url":"https://github.com/moby/moby","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby"},{"reference_url":"https://github.com/moby/moby/commit/545b440a80f676a506e5837678dd4c4f65e78660","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/commit/545b440a80f676a506e5837678dd4c4f65e78660"},{"reference_url":"https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ"},{"reference_url":"https://groups.google.com/forum/#!searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ"},{"reference_url":"https://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3630","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3630"},{"reference_url":"https://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html"},{"reference_url":"https://seclists.org/fulldisclosure/2015/May/28","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/fulldisclosure/2015/May/28"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3630","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3630"},{"reference_url":"https://www.securityfocus.com/bid/74566","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.securityfocus.com/bid/74566"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1219063","reference_id":"1219063","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1219063"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784726","reference_id":"784726","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784726"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583905?format=json","purl":"pkg:deb/debian/docker.io@1.6.1%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@1.6.1%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2015-3630","GHSA-8fvr-5rqf-3wwh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4mf3-mmz6-2kfs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81129?format=json","vulnerability_id":"VCID-5syq-v7xj-zqcv","summary":"docker: Security regression of CVE-2019-5736 due to inclusion of vulnerable runc","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14298.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14298.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14298","reference_id":"","reference_type":"","scores":[{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32712","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32843","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32879","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32699","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32747","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32774","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32775","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32738","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32751","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32728","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32697","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32546","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.3243","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32347","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32211","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32275","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32285","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14298"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1848239","reference_id":"1848239","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1848239"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2653","reference_id":"RHSA-2020:2653","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2653"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582262?format=json","purl":"pkg:deb/debian/docker.io@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2020-14298"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5syq-v7xj-zqcv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52953?format=json","vulnerability_id":"VCID-6gxe-db4h-93ex","summary":"Symlink Attack in Libcontainer and Docker Engine\nLibcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3627.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3627.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3627","reference_id":"","reference_type":"","scores":[{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28048","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28503","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.2848","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28432","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28317","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28205","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28128","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.27965","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28024","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28539","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28625","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.2867","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28473","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28538","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28578","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.2858","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28536","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28487","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3627"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3627","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3627"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.2","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/docker/docker/commit/d5ebb60bddbabea0439213501f4f6ed494b23cba","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/docker/docker/commit/d5ebb60bddbabea0439213501f4f6ed494b23cba"},{"reference_url":"https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ"},{"reference_url":"https://groups.google.com/forum/#!searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ"},{"reference_url":"https://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3627","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3627"},{"reference_url":"https://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html"},{"reference_url":"https://seclists.org/fulldisclosure/2015/May/28","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/fulldisclosure/2015/May/28"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1219061","reference_id":"1219061","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1219061"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784726","reference_id":"784726","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784726"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583905?format=json","purl":"pkg:deb/debian/docker.io@1.6.1%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@1.6.1%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2015-3627","GHSA-g7v2-2qxx-wjrw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6gxe-db4h-93ex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17210?format=json","vulnerability_id":"VCID-6tg9-3vhh-muae","summary":"Moby Race Condition vulnerability\nmoby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36621.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36621.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-36621","reference_id":"","reference_type":"","scores":[{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16464","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16358","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16239","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16374","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16418","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16419","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16627","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16524","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16485","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16465","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16528","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16587","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16648","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.1671","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16509","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16594","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-36621"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36621","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36621"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gist.github.com/1047524396/5d44459edab5fafcdf86b43909b81135","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T17:13:03Z/"}],"url":"https://gist.github.com/1047524396/5d44459edab5fafcdf86b43909b81135"},{"reference_url":"https://github.com/advisories/GHSA-2mj3-vfvx-fc43","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2mj3-vfvx-fc43"},{"reference_url":"https://github.com/moby/moby","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby"},{"reference_url":"https://github.com/moby/moby/blob/v25.0.5/builder/builder-next/adapters/snapshot/layer.go#L24","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T17:13:03Z/"}],"url":"https://github.com/moby/moby/blob/v25.0.5/builder/builder-next/adapters/snapshot/layer.go#L24"},{"reference_url":"https://github.com/moby/moby/commit/37545cc644344dcb576cba67eb7b6f51a463d31e","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T17:13:03Z/"}],"url":"https://github.com/moby/moby/commit/37545cc644344dcb576cba67eb7b6f51a463d31e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36621","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36621"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2329522","reference_id":"2329522","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2329522"},{"reference_url":"https://usn.ubuntu.com/7474-1/","reference_id":"USN-7474-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7474-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/921998?format=json","purl":"pkg:deb/debian/docker.io@26.1.4%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.4%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2024-36621","GHSA-2mj3-vfvx-fc43"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6tg9-3vhh-muae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39463?format=json","vulnerability_id":"VCID-6vru-hsfs-rufg","summary":"Multiple vulnerabilities have been found in containerd, the worst\n    of which could result in privilege escalation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15257.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15257.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15257","reference_id":"","reference_type":"","scores":[{"value":"0.11147","scoring_system":"epss","scoring_elements":"0.93539","published_at":"2026-05-09T12:55:00Z"},{"value":"0.11147","scoring_system":"epss","scoring_elements":"0.93442","published_at":"2026-04-01T12:55:00Z"},{"value":"0.11147","scoring_system":"epss","scoring_elements":"0.9345","published_at":"2026-04-02T12:55:00Z"},{"value":"0.11147","scoring_system":"epss","scoring_elements":"0.93458","published_at":"2026-04-07T12:55:00Z"},{"value":"0.11147","scoring_system":"epss","scoring_elements":"0.93466","published_at":"2026-04-08T12:55:00Z"},{"value":"0.11147","scoring_system":"epss","scoring_elements":"0.9347","published_at":"2026-04-09T12:55:00Z"},{"value":"0.11147","scoring_system":"epss","scoring_elements":"0.93475","published_at":"2026-04-13T12:55:00Z"},{"value":"0.11147","scoring_system":"epss","scoring_elements":"0.93495","published_at":"2026-04-16T12:55:00Z"},{"value":"0.11147","scoring_system":"epss","scoring_elements":"0.93501","published_at":"2026-04-18T12:55:00Z"},{"value":"0.11147","scoring_system":"epss","scoring_elements":"0.93506","published_at":"2026-04-29T12:55:00Z"},{"value":"0.11147","scoring_system":"epss","scoring_elements":"0.93514","published_at":"2026-05-05T12:55:00Z"},{"value":"0.11147","scoring_system":"epss","scoring_elements":"0.93528","published_at":"2026-05-07T12:55:00Z"},{"value":"0.11997","scoring_system":"epss","scoring_elements":"0.93802","published_at":"2026-04-21T12:55:00Z"},{"value":"0.11997","scoring_system":"epss","scoring_elements":"0.93803","published_at":"2026-04-26T12:55:00Z"},{"value":"0.11997","scoring_system":"epss","scoring_elements":"0.93806","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15257"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/containerd/containerd/commit/4a4bb851f5da563ff6e68a83dc837c7699c469ad","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd/commit/4a4bb851f5da563ff6e68a83dc837c7699c469ad"},{"reference_url":"https://github.com/containerd/containerd/releases/tag/v1.4.3","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd/releases/tag/v1.4.3"},{"reference_url":"https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNKXLOLZWO5FMAPX63ZL7JNKTNNT5NQD","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNKXLOLZWO5FMAPX63ZL7JNKTNNT5NQD"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15257","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15257"},{"reference_url":"https://research.nccgroup.com/2020/12/10/abstract-shimmer-cve-2020-15257-host-networking-is-root-equivalent-again","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://research.nccgroup.com/2020/12/10/abstract-shimmer-cve-2020-15257-host-networking-is-root-equivalent-again"},{"reference_url":"https://security.gentoo.org/glsa/202105-33","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202105-33"},{"reference_url":"https://www.debian.org/security/2021/dsa-4865","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4865"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1899487","reference_id":"1899487","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1899487"},{"reference_url":"https://security.archlinux.org/ASA-202012-8","reference_id":"ASA-202012-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202012-8"},{"reference_url":"https://security.archlinux.org/AVG-1309","reference_id":"AVG-1309","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1309"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2183","reference_id":"RHSA-2022:2183","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2183"},{"reference_url":"https://usn.ubuntu.com/4653-1/","reference_id":"USN-4653-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4653-1/"},{"reference_url":"https://usn.ubuntu.com/4653-2/","reference_id":"USN-4653-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4653-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586703?format=json","purl":"pkg:deb/debian/docker.io@20.10.0~rc1%2Bdfsg2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.0~rc1%252Bdfsg2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2020-15257","GHSA-36xw-fx78-c5r4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6vru-hsfs-rufg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/86084?format=json","vulnerability_id":"VCID-7z14-w8da-rufv","summary":"docker: tagging image to ID can redirect images on subsequent pulls","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5282.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5282.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5282","reference_id":"","reference_type":"","scores":[{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68837","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68854","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68875","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68856","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68906","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68924","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68947","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68933","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68904","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68944","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68955","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68935","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68986","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68992","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68997","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68977","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.6902","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.69055","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5282"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5282","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5282"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1168436","reference_id":"1168436","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1168436"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/585114?format=json","purl":"pkg:deb/debian/docker.io@1.3.0~dfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@1.3.0~dfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2014-5282"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7z14-w8da-rufv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17543?format=json","vulnerability_id":"VCID-8e1u-z6kg-ryhc","summary":"Moby Race Condition vulnerability\nmoby v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36623.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36623.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-36623","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16942","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16836","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16719","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16854","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16904","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16921","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17017","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.1698","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16976","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17025","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.1704","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17102","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17149","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17174","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17116","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17194","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17245","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-36623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36623"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gist.github.com/1047524396/c192c0159a19bf58a4373b696467dc29","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T17:11:46Z/"}],"url":"https://gist.github.com/1047524396/c192c0159a19bf58a4373b696467dc29"},{"reference_url":"https://github.com/moby/moby","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby"},{"reference_url":"https://github.com/moby/moby/blob/v25.0.3/pkg/streamformatter/streamformatter.go#L115","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T17:11:46Z/"}],"url":"https://github.com/moby/moby/blob/v25.0.3/pkg/streamformatter/streamformatter.go#L115"},{"reference_url":"https://github.com/moby/moby/commit/5689dabfb357b673abdb4391eef426f297d7d1bb","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T17:11:46Z/"}],"url":"https://github.com/moby/moby/commit/5689dabfb357b673abdb4391eef426f297d7d1bb"},{"reference_url":"https://github.com/moby/moby/commit/8e3bcf19748838b30e34d612832d1dc9d90363b8","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T17:11:46Z/"}],"url":"https://github.com/moby/moby/commit/8e3bcf19748838b30e34d612832d1dc9d90363b8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36623","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36623"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2329519","reference_id":"2329519","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2329519"},{"reference_url":"https://usn.ubuntu.com/7474-1/","reference_id":"USN-7474-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7474-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/921998?format=json","purl":"pkg:deb/debian/docker.io@26.1.4%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.4%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2024-36623","GHSA-gh5c-3h97-2f3q"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8e1u-z6kg-ryhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48375?format=json","vulnerability_id":"VCID-8uuk-1592-syg2","summary":"Path Traversal in Docker\nPath traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9356.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9356.json"},{"reference_url":"https://access.redhat.com/security/cve/cve-2014-9356","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/cve-2014-9356"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9356","reference_id":"","reference_type":"","scores":[{"value":"0.01018","scoring_system":"epss","scoring_elements":"0.77335","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01018","scoring_system":"epss","scoring_elements":"0.77189","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01018","scoring_system":"epss","scoring_elements":"0.77216","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01018","scoring_system":"epss","scoring_elements":"0.77195","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01018","scoring_system":"epss","scoring_elements":"0.77192","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01018","scoring_system":"epss","scoring_elements":"0.77232","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01018","scoring_system":"epss","scoring_elements":"0.77233","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01018","scoring_system":"epss","scoring_elements":"0.77225","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01018","scoring_system":"epss","scoring_elements":"0.77259","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01018","scoring_system":"epss","scoring_elements":"0.77264","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01018","scoring_system":"epss","scoring_elements":"0.77279","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01018","scoring_system":"epss","scoring_elements":"0.77285","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01018","scoring_system":"epss","scoring_elements":"0.77313","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01018","scoring_system":"epss","scoring_elements":"0.7713","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01018","scoring_system":"epss","scoring_elements":"0.77136","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01018","scoring_system":"epss","scoring_elements":"0.77165","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01018","scoring_system":"epss","scoring_elements":"0.77147","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01018","scoring_system":"epss","scoring_elements":"0.7718","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9356"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1172761","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1172761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9356"},{"reference_url":"https://github.com/moby/moby","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby"},{"reference_url":"https://groups.google.com/forum/#%21msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#%21msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-9356","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-9356"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9356","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9356"},{"reference_url":"http://www.securityfocus.com/archive/1/archive/1/534215/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/archive/1/534215/100/0/threaded"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772909","reference_id":"772909","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772909"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0623","reference_id":"RHSA-2015:0623","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0623"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583203?format=json","purl":"pkg:deb/debian/docker.io@1.3.3~dfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@1.3.3~dfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2014-9356","GHSA-vj3f-3286-r4pf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8uuk-1592-syg2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85738?format=json","vulnerability_id":"VCID-9zkj-h3wh-afb6","summary":"docker: regression of CVE-2014-5277","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1843.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1843.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1843","reference_id":"","reference_type":"","scores":[{"value":"0.01544","scoring_system":"epss","scoring_elements":"0.81322","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01544","scoring_system":"epss","scoring_elements":"0.81331","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01544","scoring_system":"epss","scoring_elements":"0.81353","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01544","scoring_system":"epss","scoring_elements":"0.81352","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01544","scoring_system":"epss","scoring_elements":"0.8138","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01544","scoring_system":"epss","scoring_elements":"0.81385","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01544","scoring_system":"epss","scoring_elements":"0.81407","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01544","scoring_system":"epss","scoring_elements":"0.81394","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01544","scoring_system":"epss","scoring_elements":"0.81386","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01544","scoring_system":"epss","scoring_elements":"0.81423","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01544","scoring_system":"epss","scoring_elements":"0.81424","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01544","scoring_system":"epss","scoring_elements":"0.81425","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01544","scoring_system":"epss","scoring_elements":"0.81446","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01544","scoring_system":"epss","scoring_elements":"0.81454","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01544","scoring_system":"epss","scoring_elements":"0.81458","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01544","scoring_system":"epss","scoring_elements":"0.81476","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01544","scoring_system":"epss","scoring_elements":"0.81495","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01544","scoring_system":"epss","scoring_elements":"0.81517","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1843"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1206443","reference_id":"1206443","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1206443"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0776","reference_id":"RHSA-2015:0776","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0776"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582262?format=json","purl":"pkg:deb/debian/docker.io@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2015-1843"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9zkj-h3wh-afb6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55518?format=json","vulnerability_id":"VCID-ahbf-gwnw-nufp","summary":"Docker Moby /proc/scsi Path Exposure Allows Host Data Loss (SCSI MICDROP)\nThe DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a \"scsi remove-single-device\" line to /proc/scsi/scsi, aka SCSI MICDROP.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16539.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16539.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16539","reference_id":"","reference_type":"","scores":[{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63501","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63448","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63404","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63432","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63436","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63359","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63421","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63403","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63351","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63386","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63424","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63406","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63427","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.6342","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63385","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63438","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63298","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16539"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:N/I:P/A:P"},{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/moby","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby"},{"reference_url":"https://github.com/moby/moby/commit/a21ecdf3c8a343a7c94e4c4d01b178c87ca7aaa1","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/commit/a21ecdf3c8a343a7c94e4c4d01b178c87ca7aaa1"},{"reference_url":"https://github.com/moby/moby/pull/35399","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T15:10:20Z/"}],"url":"https://github.com/moby/moby/pull/35399"},{"reference_url":"https://github.com/moby/moby/pull/35399/commits/a21ecdf3c8a343a7c94e4c4d01b178c87ca7aaa1","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T15:10:20Z/"}],"url":"https://github.com/moby/moby/pull/35399/commits/a21ecdf3c8a343a7c94e4c4d01b178c87ca7aaa1"},{"reference_url":"https://marc.info/?l=linux-scsi&m=150985062200941&w=2","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T15:10:20Z/"}],"url":"https://marc.info/?l=linux-scsi&m=150985062200941&w=2"},{"reference_url":"https://marc.info/?l=linux-scsi&m=150985455801444&w=2","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T15:10:20Z/"}],"url":"https://marc.info/?l=linux-scsi&m=150985455801444&w=2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16539","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16539"},{"reference_url":"https://twitter.com/ewindisch/status/926443521820774401","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T15:10:20Z/"}],"url":"https://twitter.com/ewindisch/status/926443521820774401"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1516205","reference_id":"1516205","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1516205"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900140","reference_id":"900140","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900140"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583093?format=json","purl":"pkg:deb/debian/docker.io@1.13.1~ds3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@1.13.1~ds3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2017-16539","GHSA-vfjc-2qcw-j95j"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ahbf-gwnw-nufp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84964?format=json","vulnerability_id":"VCID-au62-jayw-u7hx","summary":"docker: DoS via repeatedly joining and quitting swarm cluster as a node","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6595.json","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6595.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6595","reference_id":"","reference_type":"","scores":[{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.7073","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.70745","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.70763","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.70739","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.70784","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.70801","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.70823","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.70807","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.70792","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.70837","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.70843","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.7082","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.70873","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.70882","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.70881","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.70864","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.70905","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.70941","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6595"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1364008","reference_id":"1364008","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1364008"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582262?format=json","purl":"pkg:deb/debian/docker.io@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2016-6595"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-au62-jayw-u7hx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52363?format=json","vulnerability_id":"VCID-avqu-wswg-c3ga","summary":"Docker supplementary group permissions not set up properly, allowing attackers to bypass primary group restrictions\nMoby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container.  This bug is fixed in Moby (Docker Engine) 20.10.18. Users should update to this version when it is available. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade, this problem can be worked around by not using the `\"USER $USERNAME\"` Dockerfile instruction. Instead by calling `ENTRYPOINT [\"su\", \"-\", \"user\"]` the supplementary groups will be set up properly.\n\nThanks to Steven Murdoch for reporting this issue.\n\n----\n\n### Impact\n\nIf an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. \n\n### Patches\n\n This bug is fixed in Moby (Docker Engine) 20.10.18. Users should update to this version when it is available.\n\n### Workarounds\n\nThis problem can be worked around by not using the `\"USER $USERNAME\"` Dockerfile instruction. Instead by calling `ENTRYPOINT [\"su\", \"-\", \"user\"]` the supplementary groups will be set up properly.\n\n### References\n\nhttps://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* [Open an issue](https://github.com/moby/moby/issues/new)\n* Email us at [security@docker.com](mailto:security@docker.com)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36109.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36109.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36109","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12393","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12329","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12193","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.1228","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12392","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12576","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12409","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12449","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12487","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12514","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12464","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12533","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12384","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12425","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12421","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.1231","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12309","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36109"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36109","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36109"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/moby","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby"},{"reference_url":"https://github.com/moby/moby/commit/de7af816e76a7fd3fbf06bffa6832959289fba32","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:05Z/"}],"url":"https://github.com/moby/moby/commit/de7af816e76a7fd3fbf06bffa6832959289fba32"},{"reference_url":"https://github.com/moby/moby/releases/tag/v20.10.18","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:05Z/"}],"url":"https://github.com/moby/moby/releases/tag/v20.10.18"},{"reference_url":"https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:05Z/"}],"url":"https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7JL2QA3RB732MLJ3RMUXB3IB7AA22YU","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7JL2QA3RB732MLJ3RMUXB3IB7AA22YU"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQQ4E3JBXVR3VK5FIZVJ3QS2TAOOXXTQ","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQQ4E3JBXVR3VK5FIZVJ3QS2TAOOXXTQ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7JL2QA3RB732MLJ3RMUXB3IB7AA22YU","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7JL2QA3RB732MLJ3RMUXB3IB7AA22YU"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQQ4E3JBXVR3VK5FIZVJ3QS2TAOOXXTQ","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQQ4E3JBXVR3VK5FIZVJ3QS2TAOOXXTQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36109","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36109"},{"reference_url":"https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:05Z/"}],"url":"https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019601","reference_id":"1019601","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019601"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2127290","reference_id":"2127290","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2127290"},{"reference_url":"https://security.gentoo.org/glsa/202409-29","reference_id":"GLSA-202409-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-29"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/921996?format=json","purl":"pkg:deb/debian/docker.io@20.10.19%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.19%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2022-36109","GHSA-rc4r-wh2q-q6c4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-avqu-wswg-c3ga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12968?format=json","vulnerability_id":"VCID-b2qe-8u58-2qck","summary":"IPv6 enabled on IPv4-only network interfaces\nIn 26.0.0 and 26.0.1, IPv6 is not disabled on network interfaces, including those belonging to networks where `--ipv6=false`.\n\n### Impact\n\nA container with an `ipvlan` or `macvlan` interface will normally be configured to share an external network link with the host machine. Because of this direct access, with IPv6 enabled:\n\n- Containers may be able to communicate with other hosts on the local network over link-local IPv6 addresses.\n- If router advertisements are being broadcast over the local network, containers may get SLAAC-assigned addresses.\n- The interface  will be a member of IPv6 multicast groups.\n\nThis means interfaces in IPv4-only networks present an unexpectedly and unnecessarily increased attack surface.\n\nA container with an unexpected IPv6 address can do anything a container configured with an IPv6 address can do. That is, listen for connections on its IPv6 address, open connections to other nodes on the network over IPv6, or attempt a DoS attack by flooding packets from its IPv6 address. This has CVSS score AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L (2.7).\n\nBecause the container may not be constrained by an IPv6 firewall, there is increased potential for data exfiltration from the container. This has CVSS score AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N (4.7).\n\nA remote attacker could send malicious Router Advertisements to divert traffic to itself, a black-hole, or another device. The same attack is possible today for IPv4 macvlan/ipvlan endpoints with ARP spoofing, TLS is commonly used by Internet APIs to mitigate this risk. The presence of an IPv6 route could impact the container's availability by indirectly abusing the behaviour of software which behaves poorly in a dual-stack environment. For example, it could resolve a name to a DNS AAAA record and keep trying to connect over IPv6 without ever falling back to IPv4, potentially denying service to the container. This has CVSS score AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H (4.5).\n\n### Patches\n\nThe issue is patched in 26.0.2.\n\n### Workarounds\n\nTo completely disable IPv6 in a container, use `--sysctl=net.ipv6.conf.all.disable_ipv6=1` in the `docker create` or `docker run` command. Or, in the service configuration of a `compose` file, the equivalent:\n\n```\n        sysctls:\n            - net.ipv6.conf.all.disable_ipv6=1\n```\n\n### References\n\n- sysctl configuration using `docker run`:\n  - https://docs.docker.com/reference/cli/docker/container/run/#sysctl\n- sysctl configuration using `docker compose`:\n  - https://docs.docker.com/compose/compose-file/compose-file-v3/#sysctls","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32473.json","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32473.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-32473","reference_id":"","reference_type":"","scores":[{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26011","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26128","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26178","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26184","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26254","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.2629","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26317","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26307","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26366","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26412","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26467","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.2651","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26286","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26403","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26353","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29413","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29399","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-32473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32473"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/moby","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby"},{"reference_url":"https://github.com/moby/moby/commit/7cef0d9cd1cf221d8c0b7b7aeda69552649e0642","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T13:58:32Z/"}],"url":"https://github.com/moby/moby/commit/7cef0d9cd1cf221d8c0b7b7aeda69552649e0642"},{"reference_url":"https://github.com/moby/moby/security/advisories/GHSA-x84c-p2g9-rqv9","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T13:58:32Z/"}],"url":"https://github.com/moby/moby/security/advisories/GHSA-x84c-p2g9-rqv9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32473","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32473"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070378","reference_id":"1070378","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070378"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2276026","reference_id":"2276026","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2276026"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/921998?format=json","purl":"pkg:deb/debian/docker.io@26.1.4%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.4%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2024-32473","GHSA-x84c-p2g9-rqv9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b2qe-8u58-2qck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18958?format=json","vulnerability_id":"VCID-bhju-575k-ebh3","summary":"Docker CLI leaks private registry credentials to registry-1.docker.io\n## Impact\n\nA bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry.\n\n## Patches\n\nThis bug has been fixed in Docker CLI 20.10.9.  Users should update to this version as soon as possible.\n\n## Workarounds\n\nEnsure that any configured `credsStore` or `credHelpers` entries in the configuration file reference an installed credential helper that is executable and on the `PATH`.\n\n## For more information\n\nIf you have any questions or comments about this advisory:\n\n* [Open an issue](https://github.com/docker/cli/issues/new/choose)\n* Email us at security@docker.com if you think you’ve found a security bug","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41092.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41092.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41092","reference_id":"","reference_type":"","scores":[{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22827","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22925","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22998","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.2305","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.2307","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23034","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22977","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22991","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22984","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22948","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22778","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22772","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22766","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22666","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22751","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22923","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23089","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23134","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41092"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41092","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41092"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/docker/cli/commit/893e52cf4ba4b048d72e99748e0f86b2767c6c6b","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/docker/cli/commit/893e52cf4ba4b048d72e99748e0f86b2767c6c6b"},{"reference_url":"https://github.com/docker/cli/security/advisories/GHSA-99pg-grm5-qq3v","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/docker/cli/security/advisories/GHSA-99pg-grm5-qq3v"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41092","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41092"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023449","reference_id":"2023449","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023449"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998292","reference_id":"998292","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998292"},{"reference_url":"https://security.archlinux.org/AVG-2440","reference_id":"AVG-2440","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2440"},{"reference_url":"https://usn.ubuntu.com/5134-1/","reference_id":"USN-5134-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5134-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583680?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583681?format=json","purl":"pkg:deb/debian/docker.io@20.10.10%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.10%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2021-41092","GHSA-99pg-grm5-qq3v"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bhju-575k-ebh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30539?format=json","vulnerability_id":"VCID-bzeb-kj67-vfds","summary":"Docker Swarm encrypted overlay network may be unauthenticated\n[Moby](https://mobyproject.org/) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as [moby/moby](https://github.com/moby/moby) is commonly referred to as *Docker*.\n\nSwarm Mode, which is compiled in and delivered by default in `dockerd` and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of [SwarmKit](https://github.com/moby/swarmkit) and supporting network code.\n\nThe `overlay` network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of [VXLAN](https://en.wikipedia.org/wiki/Virtual_Extensible_LAN), which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes.\n\nEncrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the [IPsec Encapsulating Security Payload](https://en.wikipedia.org/wiki/IPsec#Encapsulating_Security_Payload) protocol in [Transport mode](https://en.wikipedia.org/wiki/IPsec#Transport_mode). By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption.\n\nWhen setting an endpoint up on an encrypted overlay network, Moby installs three [iptables](https://www.netfilter.org/projects/iptables/index.html) (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the `u32` iptables extension provided by the `xt_u32` kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN.\n\n[Two iptables rules](https://github.com/moby/libnetwork/blob/d9fae4c73daf76c3b0f77e14b45b8bf612ba764d/drivers/overlay/encryption.go#L230-L234) serve to filter incoming VXLAN datagrams with a VNI that corresponds to an encrypted network and discards unencrypted datagrams. The rules are appended to the end of the `INPUT` filter chain, following any rules that have been previously set by the system administrator. Administrator-set rules take precedence over the rules Moby sets to discard unencrypted VXLAN datagrams, which can potentially admit unencrypted datagrams that should have been discarded.\n\nOn Red Hat Enterprise Linux and derivatives such as CentOS and Rocky, the `xt_u32` module has been:\n* [moved to the kernel-modules-extra package and no longer installed by default in RHEL 8.3](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/rhel-8-3-0-release#technology-preview_networking)\n* [officially deprecated in RHEL 8.6](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/deprecated_functionality#deprecated-functionality_networking)\n* [removed completely in RHEL 9](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/considerations_in_adopting_rhel_9/assembly_networking_considerations-in-adopting-rhel-9#ref_firewall-networking_assembly_networking)\n\nThese rules are not created when `xt_u32` is unavailable, even though the container is still attached to the network.\n\n## Impact\nEncrypted overlay networks on affected configurations silently accept cleartext VXLAN datagrams that are tagged with the VNI of an encrypted overlay network. As a result, it is possible to inject arbitrary Ethernet frames into the encrypted overlay network by encapsulating them in VXLAN datagrams.\n\nThe injection of arbitrary Ethernet frames can enable a Denial of Service attack. A sophisticated attacker may be able to establish a UDP or TCP connection by way of the container’s outbound gateway that would otherwise be blocked by a stateful firewall, or carry out other escalations beyond simple injection by smuggling packets into the overlay network.\n\n## Patches\nPatches are available in Moby releases 23.0.3, and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16.\n\n## Workarounds\n* Close the VXLAN port (by default, UDP port 4789) to incoming traffic at the Internet boundary (see [GHSA-vwm3-crmr-xfxw](https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw)) to prevent all VXLAN packet injection.\n* Ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.\n\n## Background\n* [#43382](https://github.com/moby/moby/issues/43382) partially discussed this concern, but did not consider the security implications.\n* Mirantis FIELD-5788 essentially duplicates [#43382](https://github.com/moby/moby/issues/43382), and was created six months earlier; it similarly overlooked the security implications.\n* [#45118](https://github.com/moby/moby/pull/45118) is the ancestor of the final patches, and was where the security implications were discovered.\n\n## Related\n* [CVE-2023-28841: Encrypted overlay network traffic may be unencrypted](https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237)\n* [CVE-2023-28842: Encrypted overlay network with a single endpoint is unauthenticated](https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p)\n* [GHSA-vwm3-crmr-xfxw: The Swarm VXLAN port may be exposed to attack due to ambiguous documentation](https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw)\n* [GHSA-gvm4-2qqg-m333: Security issues in encrypted overlay networks](https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333) (libnetwork)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28840.json","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28840.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28840","reference_id":"","reference_type":"","scores":[{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.63771","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.63746","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65054","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65127","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65143","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65134","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65098","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65126","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65136","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65117","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65103","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70963","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.7103","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70993","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70954","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70971","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70973","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28840"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28840","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28840"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:31:15Z/"}],"url":"https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333"},{"reference_url":"https://github.com/moby/moby","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby"},{"reference_url":"https://github.com/moby/moby/issues/43382","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:31:15Z/"}],"url":"https://github.com/moby/moby/issues/43382"},{"reference_url":"https://github.com/moby/moby/pull/45118","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:31:15Z/"}],"url":"https://github.com/moby/moby/pull/45118"},{"reference_url":"https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:31:15Z/"}],"url":"https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp"},{"reference_url":"https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:31:15Z/"}],"url":"https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237"},{"reference_url":"https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:31:15Z/"}],"url":"https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p"},{"reference_url":"https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:31:15Z/"}],"url":"https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28840","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28840"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2184683","reference_id":"2184683","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2184683"},{"reference_url":"https://security.gentoo.org/glsa/202409-29","reference_id":"GLSA-202409-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-29"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/","reference_id":"LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:31:15Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/"},{"reference_url":"https://usn.ubuntu.com/7474-1/","reference_id":"USN-7474-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7474-1/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/","reference_id":"XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:31:15Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/","reference_id":"ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:31:15Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/921997?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2023-28840","GHSA-232p-vwff-86mp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bzeb-kj67-vfds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53023?format=json","vulnerability_id":"VCID-cey6-s9jk-s7cf","summary":"Arbitrary Code Execution\nDocker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9357.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9357.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9357","reference_id":"","reference_type":"","scores":[{"value":"0.36182","scoring_system":"epss","scoring_elements":"0.97112","published_at":"2026-04-18T12:55:00Z"},{"value":"0.36182","scoring_system":"epss","scoring_elements":"0.97135","published_at":"2026-05-09T12:55:00Z"},{"value":"0.36182","scoring_system":"epss","scoring_elements":"0.9708","published_at":"2026-04-02T12:55:00Z"},{"value":"0.36182","scoring_system":"epss","scoring_elements":"0.97084","published_at":"2026-04-04T12:55:00Z"},{"value":"0.36182","scoring_system":"epss","scoring_elements":"0.97085","published_at":"2026-04-07T12:55:00Z"},{"value":"0.36182","scoring_system":"epss","scoring_elements":"0.97095","published_at":"2026-04-09T12:55:00Z"},{"value":"0.36182","scoring_system":"epss","scoring_elements":"0.97099","published_at":"2026-04-12T12:55:00Z"},{"value":"0.36182","scoring_system":"epss","scoring_elements":"0.971","published_at":"2026-04-13T12:55:00Z"},{"value":"0.36182","scoring_system":"epss","scoring_elements":"0.97109","published_at":"2026-04-16T12:55:00Z"},{"value":"0.36182","scoring_system":"epss","scoring_elements":"0.97117","published_at":"2026-04-21T12:55:00Z"},{"value":"0.36182","scoring_system":"epss","scoring_elements":"0.97129","published_at":"2026-05-07T12:55:00Z"},{"value":"0.36182","scoring_system":"epss","scoring_elements":"0.97125","published_at":"2026-05-05T12:55:00Z"},{"value":"0.36182","scoring_system":"epss","scoring_elements":"0.97122","published_at":"2026-04-29T12:55:00Z"},{"value":"0.36182","scoring_system":"epss","scoring_elements":"0.97121","published_at":"2026-04-26T12:55:00Z"},{"value":"0.36182","scoring_system":"epss","scoring_elements":"0.97072","published_at":"2026-04-01T12:55:00Z"},{"value":"0.36182","scoring_system":"epss","scoring_elements":"0.97118","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9357"},{"reference_url":"https://github.com/docker/docker/compare/aef842e7dfb534aba22c3c911de525ce9ac12b72...313a1b7620910e47d888f8b0a6a5eb06ad9c1ff2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/docker/docker/compare/aef842e7dfb534aba22c3c911de525ce9ac12b72...313a1b7620910e47d888f8b0a6a5eb06ad9c1ff2"},{"reference_url":"https://github.com/moby/moby/blob/master/CHANGELOG.md#133-2014-12-11","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/blob/master/CHANGELOG.md#133-2014-12-11"},{"reference_url":"https://groups.google.com/forum/#%21msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#%21msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ"},{"reference_url":"https://groups.google.com/forum/#!msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-9357","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:C/I:C/A:C"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-9357"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9357","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9357"},{"reference_url":"http://www.securityfocus.com/archive/1/534215/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/534215/100/0/threaded"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1172782","reference_id":"1172782","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1172782"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772909","reference_id":"772909","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772909"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:1.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:docker:docker:1.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:1.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0623","reference_id":"RHSA-2015:0623","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0623"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583203?format=json","purl":"pkg:deb/debian/docker.io@1.3.3~dfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@1.3.3~dfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2014-9357","GHSA-997c-fj8j-rq5h"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cey6-s9jk-s7cf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85495?format=json","vulnerability_id":"VCID-e6sp-khpk-r3d8","summary":"docker: Manifest validation and parsing logic errors allow pull-by-digest validation bypass","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8179.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8179.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8179","reference_id":"","reference_type":"","scores":[{"value":"0.01596","scoring_system":"epss","scoring_elements":"0.8161","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01596","scoring_system":"epss","scoring_elements":"0.81622","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01596","scoring_system":"epss","scoring_elements":"0.81643","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01596","scoring_system":"epss","scoring_elements":"0.8164","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01596","scoring_system":"epss","scoring_elements":"0.81668","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01596","scoring_system":"epss","scoring_elements":"0.81672","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01596","scoring_system":"epss","scoring_elements":"0.81692","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01596","scoring_system":"epss","scoring_elements":"0.8168","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01596","scoring_system":"epss","scoring_elements":"0.81673","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01596","scoring_system":"epss","scoring_elements":"0.81712","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01596","scoring_system":"epss","scoring_elements":"0.81715","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01596","scoring_system":"epss","scoring_elements":"0.8174","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01596","scoring_system":"epss","scoring_elements":"0.81749","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01596","scoring_system":"epss","scoring_elements":"0.81755","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01596","scoring_system":"epss","scoring_elements":"0.81773","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01596","scoring_system":"epss","scoring_elements":"0.81794","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01596","scoring_system":"epss","scoring_elements":"0.81819","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8179"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8179","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8179"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1271256","reference_id":"1271256","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1271256"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583969?format=json","purl":"pkg:deb/debian/docker.io@1.8.3~ds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@1.8.3~ds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2014-8179"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e6sp-khpk-r3d8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30513?format=json","vulnerability_id":"VCID-e82r-vc77-f7bz","summary":"Docker Swarm encrypted overlay network with a single endpoint is unauthenticated\n[Moby](https://mobyproject.org/) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as [moby/moby](https://github.com/moby/moby) is commonly referred to as *Docker*.\n\nSwarm Mode, which is compiled in and delivered by default in `dockerd` and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of [SwarmKit](https://github.com/moby/swarmkit) and supporting network code.\n\nThe `overlay` network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of [VXLAN](https://en.wikipedia.org/wiki/Virtual_Extensible_LAN), which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes.\n\nEncrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the [IPsec Encapsulating Security Payload](https://en.wikipedia.org/wiki/IPsec#Encapsulating_Security_Payload) protocol in [Transport mode](https://en.wikipedia.org/wiki/IPsec#Transport_mode). By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption.\n\nWhen setting an endpoint up on an encrypted overlay network, Moby installs three [iptables](https://www.netfilter.org/projects/iptables/index.html) (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the `u32` iptables extension provided by the `xt_u32` kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN.\n\nThe `overlay` driver dynamically and lazily defines the kernel configuration for the VXLAN network on each node as containers are attached and detached. Routes and encryption parameters are only defined for destination nodes that participate in the network. The iptables rules that prevent encrypted overlay networks from accepting unencrypted packets are not created until a peer is available with which to communicate.\n\n## Impact\nEncrypted overlay networks silently accept cleartext VXLAN datagrams that are tagged with the VNI of an encrypted overlay network. As a result, it is possible to inject arbitrary Ethernet frames into the encrypted overlay network by encapsulating them in VXLAN datagrams. The implications of this can be quite dire, and [GHSA-vwm3-crmr-xfxw](https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw) should be referenced for a deeper exploration.\n\n## Patches\nPatches are available in Moby releases 23.0.3, and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16.\n\n## Workarounds\n* In multi-node clusters, deploy a global ‘pause’ container for each encrypted overlay network, on every node. For example, use the `registry.k8s.io/pause` image and a `--mode global` service.\n* For a single-node cluster, do not use overlay networks of any sort. Bridge networks provide the same connectivity on a single node and have no multi-node features.\nThe Swarm ingress feature is implemented using an overlay network, but can be disabled by publishing ports in `host` mode instead of `ingress` mode (allowing the use of an external load balancer), and removing the `ingress` network.\n* If encrypted overlay networks are in exclusive use, block UDP port 4789 from traffic that has not been validated by IPSec. For example, `iptables -A INPUT -m udp —-dport 4789 -m policy --dir in --pol none -j DROP`.\n\n## Background\n* This issue was discovered while characterizing and mitigating [CVE-2023-28840](https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp) and [CVE-2023-28841](https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237).\n\n## Related\n* [CVE-2023-28841: Encrypted overlay network traffic may be unencrypted](https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237)\n* [CVE-2023-28840: Encrypted overlay network may be unauthenticated](https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp)\n* [GHSA-vwm3-crmr-xfxw: The Swarm VXLAN port may be exposed to attack due to ambiguous documentation](https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw)\n* [GHSA-gvm4-2qqg-m333: Security issues in encrypted overlay networks](https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333) (libnetwork)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28842.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28842.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28842","reference_id":"","reference_type":"","scores":[{"value":"0.006","scoring_system":"epss","scoring_elements":"0.69414","published_at":"2026-04-04T12:55:00Z"},{"value":"0.006","scoring_system":"epss","scoring_elements":"0.69398","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00636","scoring_system":"epss","scoring_elements":"0.70402","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00636","scoring_system":"epss","scoring_elements":"0.70488","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00636","scoring_system":"epss","scoring_elements":"0.70508","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00636","scoring_system":"epss","scoring_elements":"0.705","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00636","scoring_system":"epss","scoring_elements":"0.70458","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00636","scoring_system":"epss","scoring_elements":"0.70472","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00636","scoring_system":"epss","scoring_elements":"0.70487","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00636","scoring_system":"epss","scoring_elements":"0.70463","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00636","scoring_system":"epss","scoring_elements":"0.70447","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00863","scoring_system":"epss","scoring_elements":"0.75152","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00863","scoring_system":"epss","scoring_elements":"0.75148","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00863","scoring_system":"epss","scoring_elements":"0.75217","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00863","scoring_system":"epss","scoring_elements":"0.75193","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00863","scoring_system":"epss","scoring_elements":"0.75165","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00863","scoring_system":"epss","scoring_elements":"0.75156","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28842"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28842","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28842"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:48Z/"}],"url":"https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333"},{"reference_url":"https://github.com/moby/moby","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby"},{"reference_url":"https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:48Z/"}],"url":"https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp"},{"reference_url":"https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:48Z/"}],"url":"https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237"},{"reference_url":"https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:48Z/"}],"url":"https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p"},{"reference_url":"https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:48Z/"}],"url":"https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28842","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28842"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2184688","reference_id":"2184688","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2184688"},{"reference_url":"https://security.gentoo.org/glsa/202409-29","reference_id":"GLSA-202409-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-29"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/","reference_id":"LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:48Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/"},{"reference_url":"https://usn.ubuntu.com/7474-1/","reference_id":"USN-7474-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7474-1/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/","reference_id":"XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:48Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/","reference_id":"ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:48Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/921997?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2023-28842","GHSA-6wrf-mxfj-pf5p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e82r-vc77-f7bz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14446?format=json","vulnerability_id":"VCID-e9ng-x516-53cf","summary":"Moby (Docker Engine) Insufficiently restricted permissions on data directory\n## Impact\n\nA bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs.  When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs.  When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files.\n\n## Patches\n\nThis bug has been fixed in Moby (Docker Engine) 20.10.9.  Users should update to this version as soon as possible.  Running containers should be stopped and restarted for the permissions to be fixed.\n\n## Workarounds\n\nLimit access to the host to trusted users.  Limit access to host volumes to trusted containers.\n\n## Credits\n\nThe Moby project would like to thank Joan Bruguera for responsibly disclosing this issue in accordance with the [Moby security policy](https://github.com/moby/moby/blob/master/SECURITY.md).\n\n## For more information\n\nIf you have any questions or comments about this advisory:\n\n* [Open an issue](https://github.com/moby/moby/issues/new)\n* Email us at security@docker.com if you think you’ve found a security bug","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41091.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41091.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41091","reference_id":"","reference_type":"","scores":[{"value":"0.04746","scoring_system":"epss","scoring_elements":"0.89501","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04746","scoring_system":"epss","scoring_elements":"0.89486","published_at":"2026-05-07T12:55:00Z"},{"value":"0.04746","scoring_system":"epss","scoring_elements":"0.89467","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04746","scoring_system":"epss","scoring_elements":"0.89459","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04746","scoring_system":"epss","scoring_elements":"0.89458","published_at":"2026-04-26T12:55:00Z"},{"value":"0.04746","scoring_system":"epss","scoring_elements":"0.89454","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04746","scoring_system":"epss","scoring_elements":"0.89438","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04746","scoring_system":"epss","scoring_elements":"0.8943","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04746","scoring_system":"epss","scoring_elements":"0.89441","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04746","scoring_system":"epss","scoring_elements":"0.8944","published_at":"2026-04-16T12:55:00Z"},{"value":"0.04746","scoring_system":"epss","scoring_elements":"0.89429","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04746","scoring_system":"epss","scoring_elements":"0.89424","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0558","scoring_system":"epss","scoring_elements":"0.90276","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0558","scoring_system":"epss","scoring_elements":"0.90272","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0558","scoring_system":"epss","scoring_elements":"0.90291","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0558","scoring_system":"epss","scoring_elements":"0.90256","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0558","scoring_system":"epss","scoring_elements":"0.90298","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0558","scoring_system":"epss","scoring_elements":"0.90259","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41091"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41091","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41091"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/moby","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby"},{"reference_url":"https://github.com/moby/moby/commit/f0ab919f518c47240ea0e72d0999576bb8008e64","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/commit/f0ab919f518c47240ea0e72d0999576bb8008e64"},{"reference_url":"https://github.com/moby/moby/security/advisories/GHSA-3fwx-pjgw-3558","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/security/advisories/GHSA-3fwx-pjgw-3558"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41091","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41091"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023448","reference_id":"2023448","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023448"},{"reference_url":"https://security.archlinux.org/AVG-2440","reference_id":"AVG-2440","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2440"},{"reference_url":"https://security.gentoo.org/glsa/202409-29","reference_id":"GLSA-202409-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-29"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583680?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583681?format=json","purl":"pkg:deb/debian/docker.io@20.10.10%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.10%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2021-41091","GHSA-3fwx-pjgw-3558"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e9ng-x516-53cf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55500?format=json","vulnerability_id":"VCID-eb24-pguf-ryg1","summary":"tar-split memory exhaustion\nLack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14992.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14992.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14992","reference_id":"","reference_type":"","scores":[{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56137","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56076","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56028","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56074","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56098","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56077","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56151","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56182","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.5618","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56146","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56162","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.5601","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56186","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56175","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.5614","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56119","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.5617","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.5612","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14992"},{"reference_url":"https://blog.cloudpassage.com/2017/10/13/discovering-docker-cve-2017-14992/","reference_id":"","reference_type":"","scores":[],"url":"https://blog.cloudpassage.com/2017/10/13/discovering-docker-cve-2017-14992/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14992","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14992"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:N/I:N/A:C"},{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/moby/issues/35075","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/issues/35075"},{"reference_url":"https://github.com/vbatts/tar-split","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vbatts/tar-split"},{"reference_url":"https://github.com/vbatts/tar-split/pull/42","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vbatts/tar-split/pull/42"},{"reference_url":"https://github.com/vbatts/tar-split/releases/tag/v0.10.2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vbatts/tar-split/releases/tag/v0.10.2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14992","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14992"},{"reference_url":"https://web.archive.org/web/20171119174639/https://blog.cloudpassage.com/2017/10/13/discovering-docker-cve-2017-14992","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20171119174639/https://blog.cloudpassage.com/2017/10/13/discovering-docker-cve-2017-14992"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1510348","reference_id":"1510348","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1510348"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908055","reference_id":"908055","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908055"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908056","reference_id":"908056","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908056"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:1.12.6-0:*:*:*:community:*:*:*","reference_id":"cpe:2.3:a:docker:docker:1.12.6-0:*:*:*:community:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:1.12.6-0:*:*:*:community:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.03.0:*:*:*:community:*:*:*","reference_id":"cpe:2.3:a:docker:docker:17.03.0:*:*:*:community:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.03.0:*:*:*:community:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.03.1:*:*:*:community:*:*:*","reference_id":"cpe:2.3:a:docker:docker:17.03.1:*:*:*:community:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.03.1:*:*:*:community:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.03.2:*:*:*:community:*:*:*","reference_id":"cpe:2.3:a:docker:docker:17.03.2:*:*:*:community:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.03.2:*:*:*:community:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.06.0:*:*:*:community:*:*:*","reference_id":"cpe:2.3:a:docker:docker:17.06.0:*:*:*:community:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.06.0:*:*:*:community:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.06.1:*:*:*:community:*:*:*","reference_id":"cpe:2.3:a:docker:docker:17.06.1:*:*:*:community:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.06.1:*:*:*:community:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.06.2:*:*:*:community:*:*:*","reference_id":"cpe:2.3:a:docker:docker:17.06.2:*:*:*:community:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.06.2:*:*:*:community:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.09.0:*:*:*:community:*:*:*","reference_id":"cpe:2.3:a:docker:docker:17.09.0:*:*:*:community:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.09.0:*:*:*:community:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:community:*:*:*","reference_id":"cpe:2.3:a:docker:docker:*:*:*:*:community:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:community:*:*:*"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586173?format=json","purl":"pkg:deb/debian/docker.io@18.03.1%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.03.1%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2017-14992","GHSA-hqwh-8xv9-42hw"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eb24-pguf-ryg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17474?format=json","vulnerability_id":"VCID-evqv-4z17-kkcz","summary":"NULL Pointer Dereference on moby image history\nmoby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36620.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36620.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-36620","reference_id":"","reference_type":"","scores":[{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.1913","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.19078","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27896","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28055","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28134","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28246","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28371","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27984","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27958","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28445","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28429","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28478","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28521","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28518","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28477","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.2841","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28422","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-36620"},{"reference_url":"https://gist.github.com/1047524396/f08816669701ab478a265a811d2c89b2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T17:14:00Z/"}],"url":"https://gist.github.com/1047524396/f08816669701ab478a265a811d2c89b2"},{"reference_url":"https://github.com/moby/moby","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby"},{"reference_url":"https://github.com/moby/moby/blob/v26.0.2/daemon/images/image_history.go#L48","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T17:14:00Z/"}],"url":"https://github.com/moby/moby/blob/v26.0.2/daemon/images/image_history.go#L48"},{"reference_url":"https://github.com/moby/moby/commit/ab570ab3d62038b3d26f96a9bb585d0b6095b9b4","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T17:14:00Z/"}],"url":"https://github.com/moby/moby/commit/ab570ab3d62038b3d26f96a9bb585d0b6095b9b4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36620","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36620"},{"reference_url":"https://pkg.go.dev/vuln/GO-2024-3311","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2024-3311"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2329534","reference_id":"2329534","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2329534"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1703","reference_id":"RHSA-2025:1703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1703"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582262?format=json","purl":"pkg:deb/debian/docker.io@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2024-36620","GHSA-q59j-vv4j-v33c"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-evqv-4z17-kkcz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53007?format=json","vulnerability_id":"VCID-f31s-pxtj-6uej","summary":"Access Restriction Bypass in Docker\nDocker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145154.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145154.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00009.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00009.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6408.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6408.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-6408","reference_id":"","reference_type":"","scores":[{"value":"0.0163","scoring_system":"epss","scoring_elements":"0.82021","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0163","scoring_system":"epss","scoring_elements":"0.81897","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0163","scoring_system":"epss","scoring_elements":"0.81886","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0163","scoring_system":"epss","scoring_elements":"0.81881","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0163","scoring_system":"epss","scoring_elements":"0.81917","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0163","scoring_system":"epss","scoring_elements":"0.81919","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0163","scoring_system":"epss","scoring_elements":"0.81941","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0163","scoring_system":"epss","scoring_elements":"0.81952","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0163","scoring_system":"epss","scoring_elements":"0.81957","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0163","scoring_system":"epss","scoring_elements":"0.81977","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0163","scoring_system":"epss","scoring_elements":"0.81997","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0163","scoring_system":"epss","scoring_elements":"0.81815","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0163","scoring_system":"epss","scoring_elements":"0.81825","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0163","scoring_system":"epss","scoring_elements":"0.81848","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0163","scoring_system":"epss","scoring_elements":"0.81845","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0163","scoring_system":"epss","scoring_elements":"0.81871","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0163","scoring_system":"epss","scoring_elements":"0.81878","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-6408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6408"},{"reference_url":"https://docs.docker.com/v1.3/release-notes","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.docker.com/v1.3/release-notes"},{"reference_url":"https://docs.docker.com/v1.3/release-notes/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.docker.com/v1.3/release-notes/"},{"reference_url":"http://secunia.com/advisories/60171","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/60171"},{"reference_url":"http://secunia.com/advisories/60241","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/60241"},{"reference_url":"https://github.com/docker/docker/commit/c9379eb3fbbc484c056f5a5e49d8d0b755a29c45","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/docker/docker/commit/c9379eb3fbbc484c056f5a5e49d8d0b755a29c45"},{"reference_url":"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145154.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145154.html"},{"reference_url":"https://lists.opensuse.org/opensuse-security-announce/2014-12/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.opensuse.org/opensuse-security-announce/2014-12/msg00009.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-6408","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-6408"},{"reference_url":"https://secunia.com/advisories/60171","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://secunia.com/advisories/60171"},{"reference_url":"https://secunia.com/advisories/60241","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://secunia.com/advisories/60241"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6408","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6408"},{"reference_url":"https://www.openwall.com/lists/oss-security/2014/11/24/5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2014/11/24/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/11/24/5","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2014/11/24/5"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1167506","reference_id":"1167506","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1167506"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:1.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:docker:docker:1.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:1.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:1.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:docker:docker:1.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:1.3.1:*:*:*:*:*:*:*"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583196?format=json","purl":"pkg:deb/debian/docker.io@1.3.2~dfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@1.3.2~dfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2014-6408","GHSA-44gg-pmqr-4669"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f31s-pxtj-6uej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83099?format=json","vulnerability_id":"VCID-f6d3-yyvz-xqgs","summary":"docker: Memory exhaustion via large integer used with --cpuset-mems or --cpuset-cpus","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20699.json","reference_id":"","reference_type":"","scores":[{"value":"4.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20699.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20699","reference_id":"","reference_type":"","scores":[{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22812","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22924","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22882","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22876","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22837","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22673","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22666","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22661","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22981","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.23025","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22816","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.2289","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22942","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22961","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22867","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23405","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23486","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23554","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20699"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/docker/engine/pull/70","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/docker/engine/pull/70"},{"reference_url":"https://github.com/moby/moby/pull/37967","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moby/moby/pull/37967"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1666565","reference_id":"1666565","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1666565"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:engine:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:docker:engine:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:engine:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20699","reference_id":"CVE-2018-20699","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:N/A:P"},{"value":"4.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0487","reference_id":"RHSA-2019:0487","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0487"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/584620?format=json","purl":"pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2018-20699"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f6d3-yyvz-xqgs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53011?format=json","vulnerability_id":"VCID-gbw6-3a59-mbhu","summary":"containerd v1.2.x can be coerced into leaking credentials during image pull\n## Impact\n\nIf a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a “foreign layer”), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers.\n\nIf an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user's username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account.\n\nThe default containerd resolver is used by the cri-containerd plugin (which can be used by Kubernetes), the ctr development tool, and other client programs that have explicitly linked against it.\n\nThis vulnerability has been rated by the containerd maintainers as medium, with a CVSS score of 6.1 and a vector string of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N.\n\n## Patches\n\nThis vulnerability has been fixed in containerd 1.2.14.  containerd 1.3 and later are not affected.\n\n## Workarounds\n\nIf you are using containerd 1.3 or later, you are not affected.  If you are using cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources.  Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected.\n\n## Credits\n\nThe containerd maintainers would like to thank Brad Geesaman, Josh Larsen, Ian Coldwater, Duffie Cooley, and Rory McCune for responsibly disclosing this issue in accordance with the [containerd security policy](https://github.com/containerd/project/blob/master/SECURITY.md).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15157.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15157.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15157","reference_id":"","reference_type":"","scores":[{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73754","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73575","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73584","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73608","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.7358","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73617","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73629","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73652","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73634","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73625","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73669","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73678","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73712","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73705","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.7373","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00846","scoring_system":"epss","scoring_elements":"0.74894","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00846","scoring_system":"epss","scoring_elements":"0.74851","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00846","scoring_system":"epss","scoring_elements":"0.74887","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15157"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285"},{"reference_url":"https://darkbit.io/blog/cve-2020-15157-containerdrip","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://darkbit.io/blog/cve-2020-15157-containerdrip"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/containerd/containerd","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd"},{"reference_url":"https://github.com/containerd/containerd/commit/1ead8d9deb3b175bf40413b8c47b3d19c2262726","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd/commit/1ead8d9deb3b175bf40413b8c47b3d19c2262726"},{"reference_url":"https://github.com/containerd/containerd/releases/tag/v1.2.14","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd/releases/tag/v1.2.14"},{"reference_url":"https://github.com/containerd/containerd/security/advisories/GHSA-742w-89gc-8m9c","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd/security/advisories/GHSA-742w-89gc-8m9c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15157","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15157"},{"reference_url":"https://usn.ubuntu.com/4589-1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4589-1"},{"reference_url":"https://usn.ubuntu.com/4589-2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4589-2"},{"reference_url":"https://www.debian.org/security/2021/dsa-4865","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4865"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1888248","reference_id":"1888248","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1888248"},{"reference_url":"https://usn.ubuntu.com/4589-1/","reference_id":"USN-4589-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4589-1/"},{"reference_url":"https://usn.ubuntu.com/4589-2/","reference_id":"USN-4589-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4589-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586403?format=json","purl":"pkg:deb/debian/docker.io@19.03.13%2Bdfsg2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@19.03.13%252Bdfsg2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2020-15157","GHSA-742w-89gc-8m9c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gbw6-3a59-mbhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52923?format=json","vulnerability_id":"VCID-gsez-t7u3-dubr","summary":"Directory Traversal in Docker\nDocker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) \"docker load\" operation or (2) \"registry communications.\"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9358.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9358.json"},{"reference_url":"https://access.redhat.com/security/cve/cve-2014-9358","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/cve-2014-9358"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9358","reference_id":"","reference_type":"","scores":[{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57622","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57643","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57623","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57602","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57631","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57627","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57606","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57564","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57584","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57563","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57514","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.5756","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.5749","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57574","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57595","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.5757","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57624","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57628","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9358"},{"reference_url":"https://groups.google.com/forum/#%21msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#%21msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ"},{"reference_url":"https://groups.google.com/forum/#!msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-9358","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-9358"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9358","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9358"},{"reference_url":"http://www.securityfocus.com/archive/1/534215/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/archive/1/534215/100/0/threaded"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1172787","reference_id":"1172787","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1172787"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772909","reference_id":"772909","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772909"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583203?format=json","purl":"pkg:deb/debian/docker.io@1.3.3~dfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@1.3.3~dfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2014-9358","GHSA-qmmc-jppf-32wv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gsez-t7u3-dubr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14284?format=json","vulnerability_id":"VCID-gund-83cy-9fap","summary":"moby Access to remapped root allows privilege escalation to real root\n### Impact\n\nWhen using `--userns-remap`, if the root user in the remapped namespace has access to the host filesystem they can modify files under `/var/lib/docker/<remapping>` that cause writing files with extended privileges.\n\n### Patches\n\nVersions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.\n\n### Credits\n\nMaintainers would like to thank Alex Chapman for discovering the vulnerability; @awprice, @nathanburrell, @raulgomis, @chris-walz, @erin-jensby, @bassmatt, @mark-adams, @dbaxa for working on it and Zac Ellis for responsibly disclosing it to security@docker.com","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21284.json","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21284.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21284","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05737","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05312","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05354","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05384","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05392","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05426","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05448","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05422","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05409","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05401","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05357","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05518","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05555","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05592","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.0559","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05595","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.0565","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21284"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285"},{"reference_url":"https://docs.docker.com/engine/release-notes/#20103","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.docker.com/engine/release-notes/#20103"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/moby/commit/64bd4485b3a66a597c02c95f5776395e540b2c7c","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/commit/64bd4485b3a66a597c02c95f5776395e540b2c7c"},{"reference_url":"https://github.com/moby/moby/releases/tag/v19.03.15","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/releases/tag/v19.03.15"},{"reference_url":"https://github.com/moby/moby/releases/tag/v20.10.3","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/releases/tag/v20.10.3"},{"reference_url":"https://github.com/moby/moby/security/advisories/GHSA-7452-xqpj-6rpc","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/security/advisories/GHSA-7452-xqpj-6rpc"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21284","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21284"},{"reference_url":"https://security.gentoo.org/glsa/202107-23","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202107-23"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210226-0005","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210226-0005"},{"reference_url":"https://www.debian.org/security/2021/dsa-4865","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4865"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1924740","reference_id":"1924740","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1924740"},{"reference_url":"https://security.archlinux.org/ASA-202102-12","reference_id":"ASA-202102-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202102-12"},{"reference_url":"https://security.archlinux.org/AVG-1528","reference_id":"AVG-1528","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1528"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582752?format=json","purl":"pkg:deb/debian/docker.io@20.10.3%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.3%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2021-21284","GHSA-7452-xqpj-6rpc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gund-83cy-9fap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49948?format=json","vulnerability_id":"VCID-h83p-v26k-s7fa","summary":"A flaw in Docker allowed possible information leakage.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00040.html","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00040.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13401.json","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13401.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13401","reference_id":"","reference_type":"","scores":[{"value":"0.1287","scoring_system":"epss","scoring_elements":"0.9403","published_at":"2026-04-07T12:55:00Z"},{"value":"0.1287","scoring_system":"epss","scoring_elements":"0.94098","published_at":"2026-05-09T12:55:00Z"},{"value":"0.1287","scoring_system":"epss","scoring_elements":"0.94067","published_at":"2026-04-21T12:55:00Z"},{"value":"0.1287","scoring_system":"epss","scoring_elements":"0.94068","published_at":"2026-04-18T12:55:00Z"},{"value":"0.1287","scoring_system":"epss","scoring_elements":"0.94063","published_at":"2026-04-16T12:55:00Z"},{"value":"0.1287","scoring_system":"epss","scoring_elements":"0.94047","published_at":"2026-04-13T12:55:00Z"},{"value":"0.1287","scoring_system":"epss","scoring_elements":"0.94043","published_at":"2026-04-09T12:55:00Z"},{"value":"0.1287","scoring_system":"epss","scoring_elements":"0.94007","published_at":"2026-04-01T12:55:00Z"},{"value":"0.1287","scoring_system":"epss","scoring_elements":"0.94017","published_at":"2026-04-02T12:55:00Z"},{"value":"0.1287","scoring_system":"epss","scoring_elements":"0.94027","published_at":"2026-04-04T12:55:00Z"},{"value":"0.1287","scoring_system":"epss","scoring_elements":"0.94039","published_at":"2026-04-08T12:55:00Z"},{"value":"0.1287","scoring_system":"epss","scoring_elements":"0.94088","published_at":"2026-05-07T12:55:00Z"},{"value":"0.1287","scoring_system":"epss","scoring_elements":"0.94076","published_at":"2026-05-05T12:55:00Z"},{"value":"0.1287","scoring_system":"epss","scoring_elements":"0.94069","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13401"},{"reference_url":"https://docs.docker.com/engine/release-notes","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.docker.com/engine/release-notes"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/docker/docker-ce/releases/tag/v19.03.11","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/docker/docker-ce/releases/tag/v19.03.11"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DN4JQAOXBE3XUNK3FD423LHE3K74EMJT","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DN4JQAOXBE3XUNK3FD423LHE3K74EMJT"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJZLKRCOJMOGUIJI2AS27BOZS3RBEF3K","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJZLKRCOJMOGUIJI2AS27BOZS3RBEF3K"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13401","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13401"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200717-0002","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200717-0002"},{"reference_url":"https://www.debian.org/security/2020/dsa-4716","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2020/dsa-4716"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/06/01/5","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/06/01/5"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1833233","reference_id":"1833233","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1833233"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962141","reference_id":"962141","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962141"},{"reference_url":"https://security.gentoo.org/glsa/202008-15","reference_id":"GLSA-202008-15","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202008-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/585627?format=json","purl":"pkg:deb/debian/docker.io@19.03.11%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@19.03.11%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2020-13401","GHSA-qrrc-ww9x-r43g"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h83p-v26k-s7fa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29859?format=json","vulnerability_id":"VCID-jgyp-7k51-1uda","summary":"Moby firewalld reload makes published container ports accessible from remote hosts\nMoby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (dockerd), which is developed as [moby/moby](https://github.com/moby/moby) is commonly referred to as Docker, or Docker Engine.\n\nFirewalld is a daemon used by some Linux distributions to provide a dynamically managed firewall. When Firewalld is running, Docker uses its iptables backend to create rules, including rules to isolate containers in one bridge network from containers in other bridge networks.\n\n### Impact\n\nThe iptables rules created by Docker are removed when firewalld is reloaded using, for example \"firewall-cmd --reload\", \"killall -HUP firewalld\", or \"systemctl reload firewalld\".\n\nWhen that happens, Docker must re-create the rules. However, in affected versions of Docker, the iptables rules that prevent packets arriving on a host interface from reaching container addresses are not re-created.\n\nOnce these rules have been removed, a remote host configured with a route to a Docker bridge network can access published ports, even when those ports were only published to a loopback address. Unpublished ports remain inaccessible.\n\nFor example, following a firewalld reload on a Docker host with address `192.168.0.10` and a bridge network with subnet `172.17.0.0/16`, running the following command on another host in the local network will give it access to published ports on container addresses in that network: `ip route add 172.17.0.0/16 via 192.168.0.10`.\n\nContainers running in networks created with `--internal` or equivalent have no access to other networks. Containers that are only connected to these networks remain isolated after a firewalld reload.\n\nWhere Docker Engine is not running in the host's network namespace, it is unaffected. Including, for example, Rootless Mode, and Docker Desktop.\n\n### Patches\n\nMoby releases older than 28.2.0 are not affected. A fix is available in moby release 28.3.3.\n\n### Workarounds\nAfter reloading firewalld, either:\n- Restart the docker daemon,\n- Re-create bridge networks, or\n- Use rootless mode.\n\n### References\nhttps://firewalld.org/\nhttps://firewalld.org/documentation/howto/reload-firewalld.html","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54388.json","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54388.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54388","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01122","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01125","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01127","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01128","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01069","published_at":"2026-04-21T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00402","published_at":"2026-04-02T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00479","published_at":"2026-04-11T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00478","published_at":"2026-04-13T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00476","published_at":"2026-04-12T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00486","published_at":"2026-04-04T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00484","published_at":"2026-04-07T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00481","published_at":"2026-04-08T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00863","published_at":"2026-04-18T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00915","published_at":"2026-04-24T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00857","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54388"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/moby","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby"},{"reference_url":"https://github.com/moby/moby/commit/bea959c7b793b32a893820b97c4eadc7c87fabb0","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-30T13:36:54Z/"}],"url":"https://github.com/moby/moby/commit/bea959c7b793b32a893820b97c4eadc7c87fabb0"},{"reference_url":"https://github.com/moby/moby/pull/50506","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-30T13:36:54Z/"}],"url":"https://github.com/moby/moby/pull/50506"},{"reference_url":"https://github.com/moby/moby/security/advisories/GHSA-x4rx-4gw3-53p4","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-30T13:36:54Z/"}],"url":"https://github.com/moby/moby/security/advisories/GHSA-x4rx-4gw3-53p4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54388","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54388"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2384954","reference_id":"2384954","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2384954"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582262?format=json","purl":"pkg:deb/debian/docker.io@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2025-54388","GHSA-x4rx-4gw3-53p4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jgyp-7k51-1uda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92626?format=json","vulnerability_id":"VCID-k8uy-g29x-hkht","summary":"A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5278","reference_id":"","reference_type":"","scores":[{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53276","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53287","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53249","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53206","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53257","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53308","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.63014","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.63","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.62977","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.62877","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.63023","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.63002","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.63016","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.62936","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.62965","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.62929","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.6298","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.62996","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5278"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5278","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5278"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/584396?format=json","purl":"pkg:deb/debian/docker.io@1.2.0~dfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@1.2.0~dfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2014-5278"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k8uy-g29x-hkht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53087?format=json","vulnerability_id":"VCID-ksbt-33eq-93c9","summary":"Arbitrary File Write in Libcontainer\nLibcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization (\"mount namespace breakout\") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html"},{"reference_url":"http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3629.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3629.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3629","reference_id":"","reference_type":"","scores":[{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39032","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39398","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39454","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39469","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.3948","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39442","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39425","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39476","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39448","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39362","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.3917","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39152","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39071","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.38944","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39015","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39299","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.3946","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39484","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3629"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3629","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3629"},{"reference_url":"http://seclists.org/fulldisclosure/2015/May/28","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2015/May/28"},{"reference_url":"https://github.com/docker/docker/commit/d5ebb60bddbabea0439213501f4f6ed494b23cba","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/docker/docker/commit/d5ebb60bddbabea0439213501f4f6ed494b23cba"},{"reference_url":"https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ"},{"reference_url":"https://groups.google.com/forum/#!searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3629","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3629"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3629","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3629"},{"reference_url":"http://www.securityfocus.com/bid/74558","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/74558"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1219058","reference_id":"1219058","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1219058"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784726","reference_id":"784726","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784726"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583905?format=json","purl":"pkg:deb/debian/docker.io@1.6.1%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@1.6.1%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2015-3629","GHSA-g44j-7vp3-68cv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ksbt-33eq-93c9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85744?format=json","vulnerability_id":"VCID-m45k-qc4s-dycq","summary":"Docker: multiple files downloaded over HTTP and executed or used unsafely","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0048.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0048.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0048","reference_id":"","reference_type":"","scores":[{"value":"0.03303","scoring_system":"epss","scoring_elements":"0.87265","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03303","scoring_system":"epss","scoring_elements":"0.87272","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03303","scoring_system":"epss","scoring_elements":"0.87275","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03303","scoring_system":"epss","scoring_elements":"0.87293","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03303","scoring_system":"epss","scoring_elements":"0.87305","published_at":"2026-05-07T12:55:00Z"},{"value":"0.03303","scoring_system":"epss","scoring_elements":"0.87325","published_at":"2026-05-09T12:55:00Z"},{"value":"0.03322","scoring_system":"epss","scoring_elements":"0.87283","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03322","scoring_system":"epss","scoring_elements":"0.87277","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03322","scoring_system":"epss","scoring_elements":"0.87273","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03322","scoring_system":"epss","scoring_elements":"0.8722","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03322","scoring_system":"epss","scoring_elements":"0.87292","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03322","scoring_system":"epss","scoring_elements":"0.87286","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03322","scoring_system":"epss","scoring_elements":"0.87287","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03322","scoring_system":"epss","scoring_elements":"0.8723","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03322","scoring_system":"epss","scoring_elements":"0.87246","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03322","scoring_system":"epss","scoring_elements":"0.87243","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03322","scoring_system":"epss","scoring_elements":"0.87262","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03322","scoring_system":"epss","scoring_elements":"0.8727","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0048"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0048","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0048"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1063550","reference_id":"1063550","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1063550"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/584474?format=json","purl":"pkg:deb/debian/docker.io@1.6.0%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@1.6.0%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2014-0048"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m45k-qc4s-dycq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15326?format=json","vulnerability_id":"VCID-njcw-wc13-dqcz","summary":"Classic builder cache poisoning\nThe classic builder cache system is prone to cache poisoning if the image is built `FROM scratch`.\nAlso, changes to some instructions (most important being `HEALTHCHECK` and `ONBUILD`) would not cause a cache miss.\n\n\nAn attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps.\n\nFor example, an attacker could create an image that is considered as a valid cache candidate for:\n```\nFROM scratch\nMAINTAINER Pawel\n```\n\nwhen in fact the malicious image used as a cache would be an image built from a different Dockerfile.\n\nIn the second case, the attacker could for example substitute a different `HEALTCHECK` command.\n\n\n### Impact\n\n23.0+ users are only affected if they explicitly opted out of Buildkit (`DOCKER_BUILDKIT=0` environment variable) or are using the `/build` API endpoint (which uses the classic builder by default).\n\nAll users on versions older than 23.0 could be impacted. An example could be a CI with a shared cache, or just a regular Docker user pulling a malicious image due to misspelling/typosquatting.\n\nImage build API endpoint (`/build`) and `ImageBuild` function from `github.com/docker/docker/client` is also affected as it the uses classic builder by default. \n\n\n### Patches\n\nPatches are included in Moby releases:\n\n- v25.0.2\n- v24.0.9\n- v23.0.10\n\n### Workarounds\n\n- Use `--no-cache` or use Buildkit if possible (`DOCKER_BUILDKIT=1`, it's default on 23.0+ assuming that the buildx plugin is installed).\n- Use `Version = types.BuilderBuildKit` or `NoCache = true` in `ImageBuildOptions` for `ImageBuild` call.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24557.json","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24557.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-24557","reference_id":"","reference_type":"","scores":[{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24144","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24498","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24281","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24348","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24392","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24409","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24367","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.2431","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24328","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24317","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24292","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24167","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24154","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24112","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.23996","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24078","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24464","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-24557"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24557","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24557"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/moby","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby"},{"reference_url":"https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T15:20:50Z/"}],"url":"https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae"},{"reference_url":"https://github.com/moby/moby/commit/fca702de7f71362c8d103073c7e4a1d0a467fadd","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/commit/fca702de7f71362c8d103073c7e4a1d0a467fadd"},{"reference_url":"https://github.com/moby/moby/commit/fce6e0ca9bc000888de3daa157af14fa41fcd0ff","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/commit/fce6e0ca9bc000888de3daa157af14fa41fcd0ff"},{"reference_url":"https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T15:20:50Z/"}],"url":"https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24557","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24557"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071745","reference_id":"1071745","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071745"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262352","reference_id":"2262352","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262352"},{"reference_url":"https://security.gentoo.org/glsa/202409-29","reference_id":"GLSA-202409-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11749","reference_id":"RHSA-2025:11749","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11749"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9340","reference_id":"RHSA-2025:9340","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9340"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/921998?format=json","purl":"pkg:deb/debian/docker.io@26.1.4%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.4%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2024-24557","GHSA-xw73-rw38-6vjc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-njcw-wc13-dqcz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52959?format=json","vulnerability_id":"VCID-nkhu-t2nh-s7b2","summary":"Arbitrary File Override in Docker Engine\nDocker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html"},{"reference_url":"http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3631.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3631.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3631","reference_id":"","reference_type":"","scores":[{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.3424","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34325","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34345","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34581","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34635","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34596","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.3462","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34659","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34584","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34211","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34172","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34108","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34627","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34656","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.3447","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34689","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34715","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3631"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3631","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3631"},{"reference_url":"http://seclists.org/fulldisclosure/2015/May/28","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2015/May/28"},{"reference_url":"https://github.com/moby/moby","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby"},{"reference_url":"https://github.com/moby/moby/compare/769acfec2928c47a35da5357d854145b1036448d...b6a9dc399be31c531e3753104e10d74760ed75a2","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/compare/769acfec2928c47a35da5357d854145b1036448d...b6a9dc399be31c531e3753104e10d74760ed75a2"},{"reference_url":"https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ"},{"reference_url":"https://groups.google.com/forum/#!searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3631","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3631"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3631","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3631"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1219065","reference_id":"1219065","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1219065"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784726","reference_id":"784726","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784726"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583905?format=json","purl":"pkg:deb/debian/docker.io@1.6.1%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@1.6.1%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2015-3631","GHSA-v4h8-794j-g8mm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nkhu-t2nh-s7b2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54421?format=json","vulnerability_id":"VCID-pevy-d197-zydv","summary":"Moby Docker cp broken with debian containers\nIn Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14271.json","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14271.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14271","reference_id":"","reference_type":"","scores":[{"value":"0.72198","scoring_system":"epss","scoring_elements":"0.98764","published_at":"2026-04-29T12:55:00Z"},{"value":"0.72198","scoring_system":"epss","scoring_elements":"0.98774","published_at":"2026-05-09T12:55:00Z"},{"value":"0.72198","scoring_system":"epss","scoring_elements":"0.98769","published_at":"2026-05-05T12:55:00Z"},{"value":"0.72198","scoring_system":"epss","scoring_elements":"0.98752","published_at":"2026-04-12T12:55:00Z"},{"value":"0.72198","scoring_system":"epss","scoring_elements":"0.98749","published_at":"2026-04-09T12:55:00Z"},{"value":"0.72198","scoring_system":"epss","scoring_elements":"0.98748","published_at":"2026-04-07T12:55:00Z"},{"value":"0.72198","scoring_system":"epss","scoring_elements":"0.98745","published_at":"2026-04-04T12:55:00Z"},{"value":"0.72198","scoring_system":"epss","scoring_elements":"0.98742","published_at":"2026-04-02T12:55:00Z"},{"value":"0.72198","scoring_system":"epss","scoring_elements":"0.98741","published_at":"2026-04-01T12:55:00Z"},{"value":"0.72198","scoring_system":"epss","scoring_elements":"0.98771","published_at":"2026-05-07T12:55:00Z"},{"value":"0.72198","scoring_system":"epss","scoring_elements":"0.98756","published_at":"2026-04-18T12:55:00Z"},{"value":"0.72198","scoring_system":"epss","scoring_elements":"0.98754","published_at":"2026-04-13T12:55:00Z"},{"value":"0.72589","scoring_system":"epss","scoring_elements":"0.98774","published_at":"2026-04-21T12:55:00Z"},{"value":"0.72589","scoring_system":"epss","scoring_elements":"0.98777","published_at":"2026-04-24T12:55:00Z"},{"value":"0.72589","scoring_system":"epss","scoring_elements":"0.98779","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14271"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13139","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13139"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271"},{"reference_url":"https://docs.docker.com/engine/release-notes","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.docker.com/engine/release-notes"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/moby","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby"},{"reference_url":"https://github.com/moby/moby/commit/11e48badcb67554b3d795241855028f28d244545","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/commit/11e48badcb67554b3d795241855028f28d244545"},{"reference_url":"https://github.com/moby/moby/commit/fa8dd90ceb7bcb9d554d27e0b9087ab83e54bd2b","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/commit/fa8dd90ceb7bcb9d554d27e0b9087ab83e54bd2b"},{"reference_url":"https://github.com/moby/moby/issues/39449","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/issues/39449"},{"reference_url":"https://github.com/moby/moby/pull/39612","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/pull/39612"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14271","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14271"},{"reference_url":"https://seclists.org/bugtraq/2019/Sep/21","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Sep/21"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190828-0003","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20190828-0003"},{"reference_url":"https://www.debian.org/security/2019/dsa-4521","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4521"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1747222","reference_id":"1747222","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1747222"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/585461?format=json","purl":"pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2019-14271","GHSA-v2cv-wwxq-qq97"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pevy-d197-zydv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5451?format=json","vulnerability_id":"VCID-pnva-j5xs-7udv","summary":"Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-11/msg00048.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-11/msg00048.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5277.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5277.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5277","reference_id":"","reference_type":"","scores":[{"value":"0.00675","scoring_system":"epss","scoring_elements":"0.71599","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00675","scoring_system":"epss","scoring_elements":"0.71406","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00675","scoring_system":"epss","scoring_elements":"0.71414","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00675","scoring_system":"epss","scoring_elements":"0.71431","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00675","scoring_system":"epss","scoring_elements":"0.71407","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00675","scoring_system":"epss","scoring_elements":"0.71448","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00675","scoring_system":"epss","scoring_elements":"0.7146","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00675","scoring_system":"epss","scoring_elements":"0.71483","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00675","scoring_system":"epss","scoring_elements":"0.71467","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00675","scoring_system":"epss","scoring_elements":"0.71449","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00675","scoring_system":"epss","scoring_elements":"0.71495","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00675","scoring_system":"epss","scoring_elements":"0.715","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00675","scoring_system":"epss","scoring_elements":"0.7148","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00675","scoring_system":"epss","scoring_elements":"0.7153","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00675","scoring_system":"epss","scoring_elements":"0.71537","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00675","scoring_system":"epss","scoring_elements":"0.71541","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00675","scoring_system":"epss","scoring_elements":"0.71529","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00675","scoring_system":"epss","scoring_elements":"0.71564","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5277"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5277","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5277"},{"reference_url":"https://github.com/docker/docker","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/docker/docker"},{"reference_url":"https://github.com/docker/docker/commit/8caacb18f8019dfda30d79c327397e5f5783c068","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/docker/docker/commit/8caacb18f8019dfda30d79c327397e5f5783c068"},{"reference_url":"https://groups.google.com/forum/#%21topic/docker-user/oYm0i3xShJU","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#%21topic/docker-user/oYm0i3xShJU"},{"reference_url":"https://groups.google.com/forum/#!topic/docker-user/oYm0i3xShJU","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/docker-user/oYm0i3xShJU"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-5277","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-5277"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5277","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5277"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1164849","reference_id":"1164849","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1164849"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker-py:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:docker:docker-py:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker-py:*:*:*:*:*:*:*:*"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582859?format=json","purl":"pkg:deb/debian/docker.io@1.3.1~dfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@1.3.1~dfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2014-5277","GHSA-8w94-cf6g-c8mg","GO-2022-0636","PYSEC-2014-80"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pnva-j5xs-7udv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30534?format=json","vulnerability_id":"VCID-quyf-eq2s-dbda","summary":"Docker Swarm encrypted overlay network traffic may be unencrypted\n[Moby](https://mobyproject.org/) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as [moby/moby](https://github.com/moby/moby) is commonly referred to as *Docker*.\n\nSwarm Mode, which is compiled in and delivered by default in `dockerd` and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of [SwarmKit](https://github.com/moby/swarmkit) and supporting network code.\n\nThe `overlay` network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of [VXLAN](https://en.wikipedia.org/wiki/Virtual_Extensible_LAN), which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes.\n\nEncrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the [IPsec Encapsulating Security Payload](https://en.wikipedia.org/wiki/IPsec#Encapsulating_Security_Payload) protocol in [Transport mode](https://en.wikipedia.org/wiki/IPsec#Transport_mode). By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption.\n\nWhen setting an endpoint up on an encrypted overlay network, Moby installs three [iptables](https://www.netfilter.org/projects/iptables/index.html) (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the `u32` iptables extension provided by the `xt_u32` kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN.\n\nAn [iptables rule](https://github.com/moby/libnetwork/blob/d9fae4c73daf76c3b0f77e14b45b8bf612ba764d/drivers/overlay/encryption.go#L205-L207) designates outgoing VXLAN datagrams with a VNI that corresponds to an encrypted overlay network for IPsec encapsulation.\n\nOn Red Hat Enterprise Linux and derivatives such as CentOS and Rocky, the `xt_u32` module has been:\n* [moved to the kernel-modules-extra package and no longer installed by default in RHEL 8.3](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/rhel-8-3-0-release#technology-preview_networking)\n* [officially deprecated in RHEL 8.6](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/deprecated_functionality#deprecated-functionality_networking)\n* [removed completely in RHEL 9](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/considerations_in_adopting_rhel_9/assembly_networking_considerations-in-adopting-rhel-9#ref_firewall-networking_assembly_networking)\n\nThis rule is not created when `xt_u32` is unavailable, even though the container is still attached to the network.\n\n## Impact\nEncrypted overlay networks on affected platforms silently transmit unencrypted data. As a result, `overlay` networks may appear to be functional, passing traffic as expected, but without any of the expected confidentiality or data integrity guarantees.\n\nIt is possible for an attacker sitting in a trusted position on the network to read all of the application traffic that is moving across the overlay network, resulting in unexpected secrets or user data disclosure. Thus, because many database protocols, internal APIs, etc. are not protected by a second layer of encryption, a user may rely on Swarm encrypted overlay networks to provide confidentiality, which due to this vulnerability is no longer guaranteed.\n\n## Patches\nPatches are available in Moby releases 23.0.3, and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16.\n\n## Workarounds\n* Close the VXLAN port (by default, UDP port 4789) to outgoing traffic at the Internet boundary (see [GHSA-vwm3-crmr-xfxw](https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw)) in order to prevent unintentionally leaking unencrypted traffic over the Internet.\n* Ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.\n\n## Background\n* [#43382 ](https://github.com/moby/moby/issues/43382)partially discussed this concern, but did not consider the security implications.\n* Mirantis FIELD-5788 essentially duplicates [#43382](https://github.com/moby/moby/issues/43382), and was created six months earlier; it similarly overlooked the security implications.\n* [#45118](https://github.com/moby/moby/pull/45118) is the ancestor of the final patches, and was where the security implications were discovered.\n\n## Related\n* [CVE-2023-28840: Encrypted overlay network may be unauthenticated](https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp)\n* [CVE-2023-28842: Encrypted overlay network with a single endpoint is unauthenticated](https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p)\n* [GHSA-vwm3-crmr-xfxw: The Swarm VXLAN port may be exposed to attack due to ambiguous documentation](https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw)\n* [GHSA-gvm4-2qqg-m333: Security issues in encrypted overlay networks](https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333) (libnetwork)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28841.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28841.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28841","reference_id":"","reference_type":"","scores":[{"value":"0.02956","scoring_system":"epss","scoring_elements":"0.86417","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02956","scoring_system":"epss","scoring_elements":"0.86435","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03129","scoring_system":"epss","scoring_elements":"0.86871","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03129","scoring_system":"epss","scoring_elements":"0.86877","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03129","scoring_system":"epss","scoring_elements":"0.86876","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03129","scoring_system":"epss","scoring_elements":"0.86854","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03129","scoring_system":"epss","scoring_elements":"0.86859","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03129","scoring_system":"epss","scoring_elements":"0.86863","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03129","scoring_system":"epss","scoring_elements":"0.8685","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03129","scoring_system":"epss","scoring_elements":"0.86841","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03129","scoring_system":"epss","scoring_elements":"0.86821","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04189","scoring_system":"epss","scoring_elements":"0.88791","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04189","scoring_system":"epss","scoring_elements":"0.88751","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04189","scoring_system":"epss","scoring_elements":"0.88779","published_at":"2026-05-07T12:55:00Z"},{"value":"0.04189","scoring_system":"epss","scoring_elements":"0.88745","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04189","scoring_system":"epss","scoring_elements":"0.88761","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28841"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28841","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28841"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/libnetwork/blob/d9fae4c73daf76c3b0f77e14b45b8bf612ba764d/drivers/overlay/encryption.go#L205-L207","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:19Z/"}],"url":"https://github.com/moby/libnetwork/blob/d9fae4c73daf76c3b0f77e14b45b8bf612ba764d/drivers/overlay/encryption.go#L205-L207"},{"reference_url":"https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:19Z/"}],"url":"https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333"},{"reference_url":"https://github.com/moby/moby","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby"},{"reference_url":"https://github.com/moby/moby/issues/43382","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:19Z/"}],"url":"https://github.com/moby/moby/issues/43382"},{"reference_url":"https://github.com/moby/moby/pull/45118","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:19Z/"}],"url":"https://github.com/moby/moby/pull/45118"},{"reference_url":"https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:19Z/"}],"url":"https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp"},{"reference_url":"https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:19Z/"}],"url":"https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237"},{"reference_url":"https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:19Z/"}],"url":"https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p"},{"reference_url":"https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:19Z/"}],"url":"https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28841","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28841"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2184685","reference_id":"2184685","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2184685"},{"reference_url":"https://security.gentoo.org/glsa/202409-29","reference_id":"GLSA-202409-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-29"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/","reference_id":"LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:19Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/"},{"reference_url":"https://usn.ubuntu.com/7474-1/","reference_id":"USN-7474-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7474-1/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/","reference_id":"XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:19Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/","reference_id":"ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:19Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/921997?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2023-28841","GHSA-33pg-m6jh-5237"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-quyf-eq2s-dbda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14199?format=json","vulnerability_id":"VCID-qwqe-27yu-8kds","summary":"Docker Authentication Bypass\nAn issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root CA (as opposed to one signed by the configured CA root certificate) to authenticate.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12608.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12608.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12608","reference_id":"","reference_type":"","scores":[{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63751","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63645","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63661","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63676","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63627","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63664","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63673","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63657","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63688","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63683","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.637","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63547","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63607","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63634","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63593","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12608"},{"reference_url":"https://github.com/moby/moby","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby"},{"reference_url":"https://github.com/moby/moby/commit/190c6e8cf8b893874a33d83f78307f1bed0bfbcd","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/commit/190c6e8cf8b893874a33d83f78307f1bed0bfbcd"},{"reference_url":"https://github.com/moby/moby/issues/33173","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/issues/33173"},{"reference_url":"https://github.com/moby/moby/pull/33182","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/pull/33182"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-12608","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-12608"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2275812","reference_id":"2275812","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2275812"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5094","reference_id":"RHSA-2024:5094","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5094"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586173?format=json","purl":"pkg:deb/debian/docker.io@18.03.1%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.03.1%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2018-12608","GHSA-qrqr-3x5j-2xw9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qwqe-27yu-8kds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85743?format=json","vulnerability_id":"VCID-qxhd-hnja-2qad","summary":"Docker: multiple temporary file creation vulnerabilities","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0047.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0047.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0047","reference_id":"","reference_type":"","scores":[{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28203","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28178","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28684","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28766","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28814","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.2862","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28685","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28724","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28729","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28637","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28657","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28632","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28582","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28469","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28357","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.2828","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.2812","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0047"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0047","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0047"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/03/24/23","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2015/03/24/23"},{"reference_url":"http://www.securityfocus.com/bid/73315","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/73315"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1063549","reference_id":"1063549","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1063549"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0047","reference_id":"CVE-2014-0047","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0047"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/584474?format=json","purl":"pkg:deb/debian/docker.io@1.6.0%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@1.6.0%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2014-0047"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qxhd-hnja-2qad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82519?format=json","vulnerability_id":"VCID-sh5d-p485-6qh4","summary":"docker: symlink-exchange race attacks in docker cp","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15664.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15664.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-15664","reference_id":"","reference_type":"","scores":[{"value":"0.06205","scoring_system":"epss","scoring_elements":"0.90949","published_at":"2026-05-09T12:55:00Z"},{"value":"0.06205","scoring_system":"epss","scoring_elements":"0.90906","published_at":"2026-04-24T12:55:00Z"},{"value":"0.06205","scoring_system":"epss","scoring_elements":"0.90905","published_at":"2026-04-26T12:55:00Z"},{"value":"0.06205","scoring_system":"epss","scoring_elements":"0.90903","published_at":"2026-04-29T12:55:00Z"},{"value":"0.06205","scoring_system":"epss","scoring_elements":"0.90919","published_at":"2026-05-05T12:55:00Z"},{"value":"0.06205","scoring_system":"epss","scoring_elements":"0.90937","published_at":"2026-05-07T12:55:00Z"},{"value":"0.06925","scoring_system":"epss","scoring_elements":"0.91386","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06925","scoring_system":"epss","scoring_elements":"0.91405","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06925","scoring_system":"epss","scoring_elements":"0.91411","published_at":"2026-04-11T12:55:00Z"},{"value":"0.06925","scoring_system":"epss","scoring_elements":"0.91414","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06925","scoring_system":"epss","scoring_elements":"0.91413","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06925","scoring_system":"epss","scoring_elements":"0.91437","published_at":"2026-04-16T12:55:00Z"},{"value":"0.06925","scoring_system":"epss","scoring_elements":"0.91433","published_at":"2026-04-18T12:55:00Z"},{"value":"0.06925","scoring_system":"epss","scoring_elements":"0.91434","published_at":"2026-04-21T12:55:00Z"},{"value":"0.06925","scoring_system":"epss","scoring_elements":"0.91363","published_at":"2026-04-01T12:55:00Z"},{"value":"0.06925","scoring_system":"epss","scoring_elements":"0.91379","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06925","scoring_system":"epss","scoring_elements":"0.91398","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06925","scoring_system":"epss","scoring_elements":"0.91368","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-15664"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15664","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15664"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1714722","reference_id":"1714722","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1714722"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929662","reference_id":"929662","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929662"},{"reference_url":"https://security.archlinux.org/AVG-968","reference_id":"AVG-968","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-968"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1910","reference_id":"RHSA-2019:1910","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1910"},{"reference_url":"https://usn.ubuntu.com/4048-1/","reference_id":"USN-4048-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4048-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/585761?format=json","purl":"pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2018-15664"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sh5d-p485-6qh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53106?format=json","vulnerability_id":"VCID-smxj-2zhy-yycc","summary":"Arbitrary Code Execution in Docker\nDocker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145154.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145154.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00009.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00009.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6407.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6407.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-6407","reference_id":"","reference_type":"","scores":[{"value":"0.05856","scoring_system":"epss","scoring_elements":"0.90548","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05856","scoring_system":"epss","scoring_elements":"0.90626","published_at":"2026-05-09T12:55:00Z"},{"value":"0.05856","scoring_system":"epss","scoring_elements":"0.90572","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05856","scoring_system":"epss","scoring_elements":"0.90574","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05856","scoring_system":"epss","scoring_elements":"0.90556","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05856","scoring_system":"epss","scoring_elements":"0.90563","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05856","scoring_system":"epss","scoring_elements":"0.90515","published_at":"2026-04-01T12:55:00Z"},{"value":"0.05856","scoring_system":"epss","scoring_elements":"0.90519","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05856","scoring_system":"epss","scoring_elements":"0.9053","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05856","scoring_system":"epss","scoring_elements":"0.90536","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05856","scoring_system":"epss","scoring_elements":"0.90555","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05856","scoring_system":"epss","scoring_elements":"0.90613","published_at":"2026-05-07T12:55:00Z"},{"value":"0.05856","scoring_system":"epss","scoring_elements":"0.90595","published_at":"2026-05-05T12:55:00Z"},{"value":"0.05856","scoring_system":"epss","scoring_elements":"0.90583","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05856","scoring_system":"epss","scoring_elements":"0.90587","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-6407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6407"},{"reference_url":"https://docs.docker.com/v1.3/release-notes","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.docker.com/v1.3/release-notes"},{"reference_url":"https://docs.docker.com/v1.3/release-notes/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.docker.com/v1.3/release-notes/"},{"reference_url":"http://secunia.com/advisories/60171","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/60171"},{"reference_url":"http://secunia.com/advisories/60241","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/60241"},{"reference_url":"https://github.com/docker/docker/commit/3ac6394b8082d4700483d52fbfe54914be537d9e","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/docker/docker/commit/3ac6394b8082d4700483d52fbfe54914be537d9e"},{"reference_url":"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145154.html","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145154.html"},{"reference_url":"https://lists.opensuse.org/opensuse-security-announce/2014-12/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.opensuse.org/opensuse-security-announce/2014-12/msg00009.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-6407","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-6407"},{"reference_url":"https://secunia.com/advisories/60171","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://secunia.com/advisories/60171"},{"reference_url":"https://secunia.com/advisories/60241","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://secunia.com/advisories/60241"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6407","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6407"},{"reference_url":"https://www.openwall.com/lists/oss-security/2014/11/24/5","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2014/11/24/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/11/24/5","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2014/11/24/5"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1167505","reference_id":"1167505","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1167505"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:1.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:docker:docker:1.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:1.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:1.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:docker:docker:1.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:1.3.0:*:*:*:*:*:*:*"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583196?format=json","purl":"pkg:deb/debian/docker.io@1.3.2~dfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@1.3.2~dfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2014-6407","GHSA-5qgp-p5jc-w2rm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-smxj-2zhy-yycc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85494?format=json","vulnerability_id":"VCID-su25-rgw1-xkg6","summary":"docker: Attacker controlled layer IDs lead to local graph content poisoning","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8178.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8178.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8178","reference_id":"","reference_type":"","scores":[{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50045","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50079","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50107","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50057","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50111","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50105","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50122","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50096","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50093","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50137","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50138","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.5011","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50102","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50056","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.49974","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50028","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8178"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8178","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8178"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1271253","reference_id":"1271253","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1271253"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583969?format=json","purl":"pkg:deb/debian/docker.io@1.8.3~ds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@1.8.3~ds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2014-8178"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-su25-rgw1-xkg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56740?format=json","vulnerability_id":"VCID-u44m-mgza-nfcx","summary":"Secret insertion into debug log in Docker\nIn Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13509.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13509.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13509","reference_id":"","reference_type":"","scores":[{"value":"0.0152","scoring_system":"epss","scoring_elements":"0.81379","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0152","scoring_system":"epss","scoring_elements":"0.81357","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0152","scoring_system":"epss","scoring_elements":"0.81338","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0155","scoring_system":"epss","scoring_elements":"0.81432","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0155","scoring_system":"epss","scoring_elements":"0.81348","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0155","scoring_system":"epss","scoring_elements":"0.8145","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0155","scoring_system":"epss","scoring_elements":"0.81451","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0155","scoring_system":"epss","scoring_elements":"0.81473","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0155","scoring_system":"epss","scoring_elements":"0.8148","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0155","scoring_system":"epss","scoring_elements":"0.81485","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0155","scoring_system":"epss","scoring_elements":"0.81357","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0155","scoring_system":"epss","scoring_elements":"0.81379","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0155","scoring_system":"epss","scoring_elements":"0.81377","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0155","scoring_system":"epss","scoring_elements":"0.81405","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0155","scoring_system":"epss","scoring_elements":"0.8141","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0155","scoring_system":"epss","scoring_elements":"0.81419","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0155","scoring_system":"epss","scoring_elements":"0.81412","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0155","scoring_system":"epss","scoring_elements":"0.81449","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13139","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13139"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271"},{"reference_url":"https://docs.docker.com/engine/release-notes/18.09","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.docker.com/engine/release-notes/18.09"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-13509","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-13509"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1732418","reference_id":"1732418","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1732418"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932673","reference_id":"932673","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932673"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/584397?format=json","purl":"pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-8%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2019-13509","GHSA-j249-ghv5-7mxv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u44m-mgza-nfcx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14025?format=json","vulnerability_id":"VCID-uckr-kzdf-7ydj","summary":"moby docker daemon crash during image pull of malicious image\n### Impact\n\nPulling an intentionally malformed Docker image manifest crashes the `dockerd` daemon.\n\n### Patches\n\nVersions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.\n\n### Credits\n\nMaintainers would like to thank Josh Larsen, Ian Coldwater, Duffie Cooley, Rory McCune for working on the vulnerability and Brad Geesaman for responsibly disclosing it to security@docker.com.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21285.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21285.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21285","reference_id":"","reference_type":"","scores":[{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57562","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57431","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57515","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57536","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57512","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57565","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57568","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57583","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57563","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57541","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57569","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57546","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57504","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57524","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57503","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57454","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57499","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21285"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285"},{"reference_url":"https://docs.docker.com/engine/release-notes/#20103","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.docker.com/engine/release-notes/#20103"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/moby/commit/8d3179546e79065adefa67cc697c09d0ab137d30","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/commit/8d3179546e79065adefa67cc697c09d0ab137d30"},{"reference_url":"https://github.com/moby/moby/releases/tag/v19.03.15","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/releases/tag/v19.03.15"},{"reference_url":"https://github.com/moby/moby/releases/tag/v20.10.3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/releases/tag/v20.10.3"},{"reference_url":"https://github.com/moby/moby/security/advisories/GHSA-6fj5-m822-rqx8","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/security/advisories/GHSA-6fj5-m822-rqx8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21285","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21285"},{"reference_url":"https://security.gentoo.org/glsa/202107-23","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202107-23"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210226-0005","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210226-0005"},{"reference_url":"https://www.debian.org/security/2021/dsa-4865","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4865"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1924742","reference_id":"1924742","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1924742"},{"reference_url":"https://security.archlinux.org/ASA-202102-12","reference_id":"ASA-202102-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202102-12"},{"reference_url":"https://security.archlinux.org/AVG-1528","reference_id":"AVG-1528","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1528"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582752?format=json","purl":"pkg:deb/debian/docker.io@20.10.3%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.3%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2021-21285","GHSA-6fj5-m822-rqx8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uckr-kzdf-7ydj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36786?format=json","vulnerability_id":"VCID-vkba-amt4-m7e6","summary":"Privilege Elevation in runc\nlibcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-05/msg00111.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2016-05/msg00111.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1034.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-1034.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2634.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2634.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3697.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3697.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3697","reference_id":"","reference_type":"","scores":[{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17774","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17796","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17888","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17852","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17842","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.179","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17949","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17993","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17976","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17916","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17828","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18127","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18073","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17912","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17741","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21037","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.20881","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.2095","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3697"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3697","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3697"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/docker/docker/issues/21436","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/docker/docker/issues/21436"},{"reference_url":"https://github.com/opencontainers/runc","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencontainers/runc"},{"reference_url":"https://github.com/opencontainers/runc/commit/69af385de62ea68e2e608335cffbb0f4aa3db091","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencontainers/runc/commit/69af385de62ea68e2e608335cffbb0f4aa3db091"},{"reference_url":"https://github.com/opencontainers/runc/pull/708","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencontainers/runc/pull/708"},{"reference_url":"https://github.com/opencontainers/runc/releases/tag/v0.1.0","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencontainers/runc/releases/tag/v0.1.0"},{"reference_url":"https://lists.opensuse.org/opensuse-updates/2016-05/msg00111.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.opensuse.org/opensuse-updates/2016-05/msg00111.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3697","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:N"},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3697"},{"reference_url":"https://pkg.go.dev/vuln/GO-2021-0070","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2021-0070"},{"reference_url":"https://rhn.redhat.com/errata/RHSA-2016-1034.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rhn.redhat.com/errata/RHSA-2016-1034.html"},{"reference_url":"https://rhn.redhat.com/errata/RHSA-2016-2634.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rhn.redhat.com/errata/RHSA-2016-2634.html"},{"reference_url":"https://security.gentoo.org/glsa/201612-28","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201612-28"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1329450","reference_id":"1329450","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1329450"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:runc:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:linuxfoundation:runc:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:runc:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1034","reference_id":"RHSA-2016:1034","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1034"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2634","reference_id":"RHSA-2016:2634","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2634"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582262?format=json","purl":"pkg:deb/debian/docker.io@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2016-3697","GHSA-q3j5-32m5-58c2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vkba-amt4-m7e6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/196754?format=json","vulnerability_id":"VCID-w4uc-6mvs-u3g7","summary":"Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\\DockerDesktop\\version-bin\\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command.","references":[{"reference_url":"http://packetstormsecurity.com/files/157404/Docker-Credential-Wincred.exe-Privilege-Escalation.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:14:21Z/"}],"url":"http://packetstormsecurity.com/files/157404/Docker-Credential-Wincred.exe-Privilege-Escalation.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15752","reference_id":"","reference_type":"","scores":[{"value":"0.49322","scoring_system":"epss","scoring_elements":"0.97808","published_at":"2026-05-09T12:55:00Z"},{"value":"0.49322","scoring_system":"epss","scoring_elements":"0.97769","published_at":"2026-04-02T12:55:00Z"},{"value":"0.49322","scoring_system":"epss","scoring_elements":"0.97796","published_at":"2026-04-18T12:55:00Z"},{"value":"0.49322","scoring_system":"epss","scoring_elements":"0.97794","published_at":"2026-04-26T12:55:00Z"},{"value":"0.49322","scoring_system":"epss","scoring_elements":"0.978","published_at":"2026-04-29T12:55:00Z"},{"value":"0.49322","scoring_system":"epss","scoring_elements":"0.97804","published_at":"2026-05-05T12:55:00Z"},{"value":"0.49322","scoring_system":"epss","scoring_elements":"0.97806","published_at":"2026-05-07T12:55:00Z"},{"value":"0.49322","scoring_system":"epss","scoring_elements":"0.97763","published_at":"2026-04-01T12:55:00Z"},{"value":"0.49322","scoring_system":"epss","scoring_elements":"0.9777","published_at":"2026-04-04T12:55:00Z"},{"value":"0.49322","scoring_system":"epss","scoring_elements":"0.97772","published_at":"2026-04-07T12:55:00Z"},{"value":"0.49322","scoring_system":"epss","scoring_elements":"0.97778","published_at":"2026-04-08T12:55:00Z"},{"value":"0.49322","scoring_system":"epss","scoring_elements":"0.97781","published_at":"2026-04-09T12:55:00Z"},{"value":"0.49322","scoring_system":"epss","scoring_elements":"0.97783","published_at":"2026-04-11T12:55:00Z"},{"value":"0.49322","scoring_system":"epss","scoring_elements":"0.97785","published_at":"2026-04-12T12:55:00Z"},{"value":"0.49322","scoring_system":"epss","scoring_elements":"0.97787","published_at":"2026-04-13T12:55:00Z"},{"value":"0.49322","scoring_system":"epss","scoring_elements":"0.97793","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15752"},{"reference_url":"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:14:21Z/"}],"url":"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"},{"reference_url":"https://medium.com/%40morgan.henry.roman/elevation-of-privilege-in-docker-for-windows-2fd8450b478e","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:14:21Z/"}],"url":"https://medium.com/%40morgan.henry.roman/elevation-of-privilege-in-docker-for-windows-2fd8450b478e"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-15752","reference_id":"","reference_type":"","scores":[],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-15752"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:geode:1.12.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:geode:1.12.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:geode:1.12.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:community:*:*:*","reference_id":"cpe:2.3:a:docker:docker:*:*:*:*:community:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:community:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/48388.rb","reference_id":"CVE-2019-15752","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/48388.rb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-15752","reference_id":"CVE-2019-15752","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:C/I:C/A:C"},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-15752"},{"reference_url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/local/docker_credential_wincred.rb","reference_id":"CVE-2019-15752","reference_type":"exploit","scores":[],"url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/local/docker_credential_wincred.rb"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582262?format=json","purl":"pkg:deb/debian/docker.io@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2019-15752"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w4uc-6mvs-u3g7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84822?format=json","vulnerability_id":"VCID-y6tt-h3zz-ukev","summary":"docker: Ambient capability usage in containers","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8867.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8867.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8867","reference_id":"","reference_type":"","scores":[{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60214","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.6029","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60315","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60283","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60333","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60348","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60369","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60356","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60337","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60378","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60386","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60375","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60346","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60361","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60349","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60307","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60354","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60413","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8867"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1390163","reference_id":"1390163","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1390163"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2653","reference_id":"RHSA-2020:2653","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2653"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582262?format=json","purl":"pkg:deb/debian/docker.io@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2016-8867"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y6tt-h3zz-ukev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82693?format=json","vulnerability_id":"VCID-yt33-nmzd-r3cs","summary":"docker: command injection due to a missing validation of the git ref command","references":[{"reference_url":"https://access.redhat.com/errata/RHBA-2019:3092","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHBA-2019:3092"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13139.json","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13139.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13139","reference_id":"","reference_type":"","scores":[{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67846","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.68058","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67999","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67974","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.68016","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67869","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67888","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.6792","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67933","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67957","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67943","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67907","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67945","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67958","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67939","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67985","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67993","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13139"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13139","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13139"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271"},{"reference_url":"https://docs.docker.com/engine/release-notes/#18094","reference_id":"","reference_type":"","scores":[],"url":"https://docs.docker.com/engine/release-notes/#18094"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/moby/pull/38944","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moby/moby/pull/38944"},{"reference_url":"https://seclists.org/bugtraq/2019/Sep/21","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/Sep/21"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190910-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190910-0001/"},{"reference_url":"https://staaldraad.github.io/post/2019-07-16-cve-2019-13139-docker-build/","reference_id":"","reference_type":"","scores":[],"url":"https://staaldraad.github.io/post/2019-07-16-cve-2019-13139-docker-build/"},{"reference_url":"https://www.debian.org/security/2019/dsa-4521","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4521"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1732627","reference_id":"1732627","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1732627"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933002","reference_id":"933002","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933002"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:docker:docker:*:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-13139","reference_id":"CVE-2019-13139","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"8.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-13139"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/584397?format=json","purl":"pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-8%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"}],"aliases":["CVE-2019-13139"],"risk_score":3.8,"exploitability":"0.5","weighted_severity":"7.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yt33-nmzd-r3cs"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"}