VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-funr-5s9t-aaak

Essentials
Severities (138)
References (43)
Severity details (45)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-funr-5s9t-aaak
Aliases	CVE-2016-9962 GHSA-gp4j-w3vj-7299
Summary	RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-362	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-200	Exposure of Sensitive Information to an Unauthorized Actor

System	Score	Found at
generic_textual	Medium	http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9962.html
cvssv3.1	6.4	http://rhn.redhat.com/errata/RHSA-2017-0116.html
generic_textual	MODERATE	http://rhn.redhat.com/errata/RHSA-2017-0116.html
cvssv3.1	6.4	http://rhn.redhat.com/errata/RHSA-2017-0123.html
generic_textual	MODERATE	http://rhn.redhat.com/errata/RHSA-2017-0123.html
cvssv3.1	6.4	http://rhn.redhat.com/errata/RHSA-2017-0127.html
generic_textual	MODERATE	http://rhn.redhat.com/errata/RHSA-2017-0127.html
rhas	Moderate	https://access.redhat.com/errata/RHSA-2017:0116
rhas	Moderate	https://access.redhat.com/errata/RHSA-2017:0123
rhas	Moderate	https://access.redhat.com/errata/RHSA-2017:0127
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9962.json
cvssv3.1	6.4	https://access.redhat.com/security/vulnerabilities/cve-2016-9962
generic_textual	MODERATE	https://access.redhat.com/security/vulnerabilities/cve-2016-9962
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00213	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00213	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00213	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.00213	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
epss	0.0382	https://api.first.org/data/v1/epss?cve=CVE-2016-9962
rhbs	high	https://bugzilla.redhat.com/show_bug.cgi?id=1409531
cvssv3.1	6.4	https://bugzilla.suse.com/show_bug.cgi?id=1012568#c6
generic_textual	MODERATE	https://bugzilla.suse.com/show_bug.cgi?id=1012568#c6
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9962
cvssv3.1	6.4	http://seclists.org/fulldisclosure/2017/Jan/21
generic_textual	MODERATE	http://seclists.org/fulldisclosure/2017/Jan/21
cvssv3.1	6.4	http://seclists.org/fulldisclosure/2017/Jan/29
generic_textual	MODERATE	http://seclists.org/fulldisclosure/2017/Jan/29
cvssv2	4.1	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
generic_textual	Medium	https://github.com/docker/docker/compare/v1.12.5...v1.12.6
cvssv3.1	6.4	https://github.com/docker/docker/releases/tag/v1.12.6
generic_textual	MODERATE	https://github.com/docker/docker/releases/tag/v1.12.6
cvssv3.1	6.4	https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5
generic_textual	MODERATE	https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5
cvssv3.1	6.4	https://github.com/opencontainers/runc/commit/5d93fed3d27f1e2bab58bad13b180a7a81d0b378
generic_textual	MODERATE	https://github.com/opencontainers/runc/commit/5d93fed3d27f1e2bab58bad13b180a7a81d0b378
cvssv3.1	6.4	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQAXJMMLRU7DD2IMG47SR2K4BOFFG7FZ
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQAXJMMLRU7DD2IMG47SR2K4BOFFG7FZ
cvssv3.1	6.4	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FINGBFMIXBG6B6ZWYH3TMRP5V3PDBNXR
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FINGBFMIXBG6B6ZWYH3TMRP5V3PDBNXR
cvssv3.1	6.4	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVM7FCOQMPKOFLDTUYSS4ES76DDM56VP
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVM7FCOQMPKOFLDTUYSS4ES76DDM56VP
cvssv3.1	6.4	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WUQ3MQNEL5IBZZLMLR72Q4YDCL2SCKRK
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WUQ3MQNEL5IBZZLMLR72Q4YDCL2SCKRK
cvssv2	4.4	https://nvd.nist.gov/vuln/detail/CVE-2016-9962
cvssv3	6.4	https://nvd.nist.gov/vuln/detail/CVE-2016-9962
archlinux	High	https://security.archlinux.org/AVG-133
archlinux	High	https://security.archlinux.org/AVG-134
cvssv3.1	6.4	https://security.gentoo.org/glsa/201701-34
generic_textual	MODERATE	https://security.gentoo.org/glsa/201701-34
cvssv3.1	6.4	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9962
generic_textual	MODERATE	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9962
cvssv3.1	6.4	http://www.securityfocus.com/archive/1/540001/100/0/threaded
generic_textual	MODERATE	http://www.securityfocus.com/archive/1/540001/100/0/threaded
cvssv3.1	6.4	http://www.securityfocus.com/bid/95361
generic_textual	MODERATE	http://www.securityfocus.com/bid/95361

Reference id	Reference type	URL
		http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9962.html
		http://rhn.redhat.com/errata/RHSA-2017-0116.html
		http://rhn.redhat.com/errata/RHSA-2017-0123.html
		http://rhn.redhat.com/errata/RHSA-2017-0127.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9962.json
		https://access.redhat.com/security/vulnerabilities/cve-2016-9962
		https://api.first.org/data/v1/epss?cve=CVE-2016-9962
		https://bugzilla.suse.com/show_bug.cgi?id=1012568#c6
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9962
		http://seclists.org/fulldisclosure/2017/Jan/21
		http://seclists.org/fulldisclosure/2017/Jan/29
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/docker/docker/compare/v1.12.5...v1.12.6
		https://github.com/docker/docker/releases/tag/v1.12.6
		https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5
		https://github.com/opencontainers/runc/commit/5d93fed3d27f1e2bab58bad13b180a7a81d0b378
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQAXJMMLRU7DD2IMG47SR2K4BOFFG7FZ/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FINGBFMIXBG6B6ZWYH3TMRP5V3PDBNXR/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UVM7FCOQMPKOFLDTUYSS4ES76DDM56VP/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WUQ3MQNEL5IBZZLMLR72Q4YDCL2SCKRK/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQAXJMMLRU7DD2IMG47SR2K4BOFFG7FZ
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQAXJMMLRU7DD2IMG47SR2K4BOFFG7FZ/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FINGBFMIXBG6B6ZWYH3TMRP5V3PDBNXR
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FINGBFMIXBG6B6ZWYH3TMRP5V3PDBNXR/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVM7FCOQMPKOFLDTUYSS4ES76DDM56VP
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVM7FCOQMPKOFLDTUYSS4ES76DDM56VP/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WUQ3MQNEL5IBZZLMLR72Q4YDCL2SCKRK
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WUQ3MQNEL5IBZZLMLR72Q4YDCL2SCKRK/
		https://security.gentoo.org/glsa/201701-34
		https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9962
		http://www.securityfocus.com/archive/1/540001/100/0/threaded
		http://www.securityfocus.com/bid/95361
1409531		https://bugzilla.redhat.com/show_bug.cgi?id=1409531
850951		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850951
ASA-201701-19		https://security.archlinux.org/ASA-201701-19
ASA-201805-11		https://security.archlinux.org/ASA-201805-11
AVG-133		https://security.archlinux.org/AVG-133
AVG-134		https://security.archlinux.org/AVG-134
cpe:2.3:a:docker:docker::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker::::::::
CVE-2016-9962		https://nvd.nist.gov/vuln/detail/CVE-2016-9962
RHSA-2017:0116		https://access.redhat.com/errata/RHSA-2017:0116
RHSA-2017:0123		https://access.redhat.com/errata/RHSA-2017:0123
RHSA-2017:0127		https://access.redhat.com/errata/RHSA-2017:0127

No exploits are available.

Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Found at http://rhn.redhat.com/errata/RHSA-2017-0116.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Found at http://rhn.redhat.com/errata/RHSA-2017-0123.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Found at http://rhn.redhat.com/errata/RHSA-2017-0127.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9962.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/security/vulnerabilities/cve-2016-9962

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://bugzilla.suse.com/show_bug.cgi?id=1012568#c6

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2017/Jan/21

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2017/Jan/29

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:L/AC:M/Au:S/C:P/I:P/A:P Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/docker/docker/releases/tag/v1.12.6

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/opencontainers/runc/commit/5d93fed3d27f1e2bab58bad13b180a7a81d0b378

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQAXJMMLRU7DD2IMG47SR2K4BOFFG7FZ

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FINGBFMIXBG6B6ZWYH3TMRP5V3PDBNXR

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVM7FCOQMPKOFLDTUYSS4ES76DDM56VP

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WUQ3MQNEL5IBZZLMLR72Q4YDCL2SCKRK

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2016-9962

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2016-9962

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/201701-34

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9962

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Found at http://www.securityfocus.com/archive/1/540001/100/0/threaded

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Found at http://www.securityfocus.com/bid/95361

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.29834
EPSS Score	0.00065
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.