Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2015-3627 (GCVE-0-2015-3627)
Vulnerability from cvelistv5 – Published: 2015-05-18 15:00 – Updated: 2024-08-06 05:47
VLAI
EPSS
Summary
Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://groups.google.com/forum/#%21searchin/dock… | x_refsource_CONFIRM |
| http://seclists.org/fulldisclosure/2015/May/28 | mailing-listx_refsource_FULLDISC |
| http://lists.opensuse.org/opensuse-updates/2015-0… | vendor-advisoryx_refsource_SUSE |
| http://packetstormsecurity.com/files/131835/Docke… | x_refsource_MISC |
Date Public
2015-05-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:47:57.723Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ"
},
{
"name": "20150508 Docker 1.6.1 - Security Advisory [150507]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/May/28"
},
{
"name": "openSUSE-SU-2015:0905",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ"
},
{
"name": "20150508 Docker 1.6.1 - Security Advisory [150507]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/May/28"
},
{
"name": "openSUSE-SU-2015:0905",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/forum/#!searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ"
},
{
"name": "20150508 Docker 1.6.1 - Security Advisory [150507]",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/May/28"
},
{
"name": "openSUSE-SU-2015:0905",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html"
},
{
"name": "http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3627",
"datePublished": "2015-05-18T15:00:00.000Z",
"dateReserved": "2015-04-30T00:00:00.000Z",
"dateUpdated": "2024-08-06T05:47:57.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2015-3627",
"date": "2026-05-25",
"epss": "0.00105",
"percentile": "0.27969"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.6\", \"matchCriteriaId\": \"17D18FD1-A4E3-4CB4-BEA5-A10FB3EEB4EC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:docker:libcontainer:*:*:*:*:*:docker:*:*\", \"versionEndIncluding\": \"1.6.0\", \"matchCriteriaId\": \"F6F2A291-80C9-4A4E-9CA8-980B1F2BDE44\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.\"}, {\"lang\": \"es\", \"value\": \"Libcontainer and Docker Engine anterior a 1.6.1 abre el descriptor de ficheros pasado al proceso pid-1 antes de realizar el chroot, lo que permite a usuarios locales ganar privilegios a trav\\u00e9s de una ataque de enlace simb\\u00f3lico en una imagen.\"}]",
"id": "CVE-2015-3627",
"lastModified": "2024-11-21T02:29:30.930",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2015-05-18T15:59:14.930",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://seclists.org/fulldisclosure/2015/May/28\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://seclists.org/fulldisclosure/2015/May/28\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-59\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2015-3627\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2015-05-18T15:59:14.930\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.\"},{\"lang\":\"es\",\"value\":\"Libcontainer and Docker Engine anterior a 1.6.1 abre el descriptor de ficheros pasado al proceso pid-1 antes de realizar el chroot, lo que permite a usuarios locales ganar privilegios a trav\u00e9s de una ataque de enlace simb\u00f3lico en una imagen.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-59\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.6\",\"matchCriteriaId\":\"17D18FD1-A4E3-4CB4-BEA5-A10FB3EEB4EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:libcontainer:*:*:*:*:*:docker:*:*\",\"versionEndIncluding\":\"1.6.0\",\"matchCriteriaId\":\"F6F2A291-80C9-4A4E-9CA8-980B1F2BDE44\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://seclists.org/fulldisclosure/2015/May/28\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2015/May/28\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
CERTFR-2024-AVI-0366
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cloud Pak | IBM Cloud Pak for Security versions 1.10.x.x antérieures à 1.10.21.0 | ||
| IBM | QRadar Suite Software | QRadar Suite Software versions 1.10.x.x antérieures à 1.10.21.0 | ||
| IBM | QRadar Assistant | QRadar Assistant versions antérieures à 3.7.0 | ||
| IBM | Cognos Analytics | Cognos Analytics versions 12.0.x antérieures à 12.0.3 | ||
| IBM | QRadar SIEM | QRadar SIEM sur Azure Marketplace versions antérieures à 7.3.x postérieures à 7.3.3 et antérieures à 7.5.0 avec le paquet OMI installé | ||
| IBM | WebSphere | WebSphere eXtreme Scale versions 8.6.1.x antérieures à 8.6.1.6 sans le correctif de sécurité PH61029 | ||
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x FP2 antérieures à 11.2.4 FP3 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Cloud Pak for Security versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.21.0",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Suite Software versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.21.0",
"product": {
"name": "QRadar Suite Software",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Assistant versions ant\u00e9rieures \u00e0 3.7.0",
"product": {
"name": "QRadar Assistant",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.3",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM sur Azure Marketplace versions ant\u00e9rieures \u00e0 7.3.x post\u00e9rieures \u00e0 7.3.3 et ant\u00e9rieures \u00e0 7.5.0 avec le paquet OMI install\u00e9",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere eXtreme Scale versions 8.6.1.x ant\u00e9rieures \u00e0 8.6.1.6 sans le correctif de s\u00e9curit\u00e9 PH61029",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 11.2.x FP2 ant\u00e9rieures \u00e0 11.2.4 FP3",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-25577",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25577"
},
{
"name": "CVE-2022-31116",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31116"
},
{
"name": "CVE-2023-28841",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28841"
},
{
"name": "CVE-2024-28849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
},
{
"name": "CVE-2023-28840",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28840"
},
{
"name": "CVE-2023-45857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
},
{
"name": "CVE-2021-30465",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30465"
},
{
"name": "CVE-2022-29162",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29162"
},
{
"name": "CVE-2022-31117",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31117"
},
{
"name": "CVE-2023-23934",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23934"
},
{
"name": "CVE-2023-27561",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27561"
},
{
"name": "CVE-2024-28102",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28102"
},
{
"name": "CVE-2019-14322",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14322"
},
{
"name": "CVE-2023-44270",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44270"
},
{
"name": "CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"name": "CVE-2019-1010083",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1010083"
},
{
"name": "CVE-2018-18074",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18074"
},
{
"name": "CVE-2022-23541",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23541"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2023-5072",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5072"
},
{
"name": "CVE-2024-21503",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21503"
},
{
"name": "CVE-2022-23540",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23540"
},
{
"name": "CVE-2024-1135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1135"
},
{
"name": "CVE-2024-21501",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21501"
},
{
"name": "CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"name": "CVE-2021-43784",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43784"
},
{
"name": "CVE-2023-28842",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28842"
},
{
"name": "CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"name": "CVE-2024-21334",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21334"
},
{
"name": "CVE-2023-25809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25809"
},
{
"name": "CVE-2016-10745",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10745"
},
{
"name": "CVE-2023-46136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46136"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2023-44981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44981"
},
{
"name": "CVE-2024-27088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27088"
},
{
"name": "CVE-2022-23539",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23539"
},
{
"name": "CVE-2018-1000656",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000656"
},
{
"name": "CVE-2024-25047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25047"
},
{
"name": "CVE-2021-28363",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28363"
},
{
"name": "CVE-2020-15366",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15366"
},
{
"name": "CVE-2015-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3627"
},
{
"name": "CVE-2023-31484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31484"
},
{
"name": "CVE-2023-28642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28642"
},
{
"name": "CVE-2016-10516",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10516"
},
{
"name": "CVE-2020-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25032"
},
{
"name": "CVE-2021-45958",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45958"
},
{
"name": "CVE-2023-30861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30861"
},
{
"name": "CVE-2021-43565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43565"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2020-28493",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28493"
},
{
"name": "CVE-2023-26159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
},
{
"name": "CVE-2024-24758",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24758"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0366",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-05-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7149736 du 29 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7149736"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7150045 du 01 mai 2024",
"url": "https://www.ibm.com/support/pages/node/7150045"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7149967 du 01 mai 2024",
"url": "https://www.ibm.com/support/pages/node/7149967"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7149874 du 01 mai 2024",
"url": "https://www.ibm.com/support/pages/node/7149874"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7150150 du 03 mai 2024",
"url": "https://www.ibm.com/support/pages/node/7150150"
}
]
}
CERTFR-2026-AVI-0131
Vulnerability from certfr_avis - Published: 2026-02-06 - Updated: 2026-02-06
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cloud Pak System | Cloud Pak System versions 2.3.4.x et postérieures, antérieures à 2.3.6.1 | ||
| IBM | Cognos Analytics | Cognos Command Center versions 10.2.4.x et 10.2.5.x antérieures à 10.2.5 FP1 IF2 | ||
| IBM | Db2 | DB2 sans le correctif de sécurité 11.5.9 Special Build 62071 | ||
| IBM | Db2 | DB2 Data Management Console antérieures à 3.1.13.1 | ||
| IBM | Db2 | DB2 Data Management Console on CPD versions antérieurs à 4.8 | ||
| IBM | Db2 | DB2 Recovery Expert for LUW version 5.5 IF2 sans le correctif de sécurité v5.5.0.1 Interim Fix 8 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cloud Pak System versions 2.3.4.x et post\u00e9rieures, ant\u00e9rieures \u00e0 2.3.6.1",
"product": {
"name": "Cloud Pak System",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Command Center versions 10.2.4.x et 10.2.5.x ant\u00e9rieures \u00e0 10.2.5 FP1 IF2",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 sans le correctif de s\u00e9curit\u00e9 11.5.9 Special Build 62071",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console ant\u00e9rieures \u00e0 3.1.13.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console on CPD versions ant\u00e9rieurs \u00e0 4.8",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Recovery Expert for LUW version 5.5 IF2 sans le correctif de s\u00e9curit\u00e9 v5.5.0.1 Interim Fix 8",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2024-51473",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51473"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"name": "CVE-2024-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3933"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2025-33092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33092"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2025-7962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
},
{
"name": "CVE-2022-21624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2025-27903",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27903"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2022-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
},
{
"name": "CVE-2025-33143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33143"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2024-10917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10917"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2022-40609",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40609"
},
{
"name": "CVE-2022-21628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2026-1188",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1188"
},
{
"name": "CVE-2023-25173",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25173"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2025-1948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1948"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2023-25153",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25153"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"name": "CVE-2024-49828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49828"
},
{
"name": "CVE-2015-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3627"
},
{
"name": "CVE-2025-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27904"
},
{
"name": "CVE-2025-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27533"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2025-36071",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36071"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2025-27900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27900"
},
{
"name": "CVE-2022-23471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23471"
},
{
"name": "CVE-2025-27899",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27899"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2025-27901",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27901"
},
{
"name": "CVE-2024-52894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52894"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2025-27898",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27898"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2022-21619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2024-27267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
}
],
"initial_release_date": "2026-02-06T00:00:00",
"last_revision_date": "2026-02-06T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0131",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2026-02-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7259447",
"url": "https://www.ibm.com/support/pages/node/7259447"
},
{
"published_at": "2026-01-30",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7253572",
"url": "https://www.ibm.com/support/pages/node/7253572"
},
{
"published_at": "2026-02-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257780",
"url": "https://www.ibm.com/support/pages/node/7257780"
},
{
"published_at": "2026-02-05",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7259901",
"url": "https://www.ibm.com/support/pages/node/7259901"
},
{
"published_at": "2026-02-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7259526",
"url": "https://www.ibm.com/support/pages/node/7259526"
}
]
}
CERTFR-2024-AVI-0366
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cloud Pak | IBM Cloud Pak for Security versions 1.10.x.x antérieures à 1.10.21.0 | ||
| IBM | QRadar Suite Software | QRadar Suite Software versions 1.10.x.x antérieures à 1.10.21.0 | ||
| IBM | QRadar Assistant | QRadar Assistant versions antérieures à 3.7.0 | ||
| IBM | Cognos Analytics | Cognos Analytics versions 12.0.x antérieures à 12.0.3 | ||
| IBM | QRadar SIEM | QRadar SIEM sur Azure Marketplace versions antérieures à 7.3.x postérieures à 7.3.3 et antérieures à 7.5.0 avec le paquet OMI installé | ||
| IBM | WebSphere | WebSphere eXtreme Scale versions 8.6.1.x antérieures à 8.6.1.6 sans le correctif de sécurité PH61029 | ||
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x FP2 antérieures à 11.2.4 FP3 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Cloud Pak for Security versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.21.0",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Suite Software versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.21.0",
"product": {
"name": "QRadar Suite Software",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Assistant versions ant\u00e9rieures \u00e0 3.7.0",
"product": {
"name": "QRadar Assistant",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.3",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM sur Azure Marketplace versions ant\u00e9rieures \u00e0 7.3.x post\u00e9rieures \u00e0 7.3.3 et ant\u00e9rieures \u00e0 7.5.0 avec le paquet OMI install\u00e9",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere eXtreme Scale versions 8.6.1.x ant\u00e9rieures \u00e0 8.6.1.6 sans le correctif de s\u00e9curit\u00e9 PH61029",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 11.2.x FP2 ant\u00e9rieures \u00e0 11.2.4 FP3",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-25577",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25577"
},
{
"name": "CVE-2022-31116",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31116"
},
{
"name": "CVE-2023-28841",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28841"
},
{
"name": "CVE-2024-28849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
},
{
"name": "CVE-2023-28840",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28840"
},
{
"name": "CVE-2023-45857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
},
{
"name": "CVE-2021-30465",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30465"
},
{
"name": "CVE-2022-29162",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29162"
},
{
"name": "CVE-2022-31117",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31117"
},
{
"name": "CVE-2023-23934",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23934"
},
{
"name": "CVE-2023-27561",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27561"
},
{
"name": "CVE-2024-28102",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28102"
},
{
"name": "CVE-2019-14322",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14322"
},
{
"name": "CVE-2023-44270",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44270"
},
{
"name": "CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"name": "CVE-2019-1010083",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1010083"
},
{
"name": "CVE-2018-18074",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18074"
},
{
"name": "CVE-2022-23541",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23541"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2023-5072",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5072"
},
{
"name": "CVE-2024-21503",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21503"
},
{
"name": "CVE-2022-23540",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23540"
},
{
"name": "CVE-2024-1135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1135"
},
{
"name": "CVE-2024-21501",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21501"
},
{
"name": "CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"name": "CVE-2021-43784",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43784"
},
{
"name": "CVE-2023-28842",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28842"
},
{
"name": "CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"name": "CVE-2024-21334",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21334"
},
{
"name": "CVE-2023-25809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25809"
},
{
"name": "CVE-2016-10745",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10745"
},
{
"name": "CVE-2023-46136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46136"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2023-44981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44981"
},
{
"name": "CVE-2024-27088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27088"
},
{
"name": "CVE-2022-23539",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23539"
},
{
"name": "CVE-2018-1000656",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000656"
},
{
"name": "CVE-2024-25047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25047"
},
{
"name": "CVE-2021-28363",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28363"
},
{
"name": "CVE-2020-15366",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15366"
},
{
"name": "CVE-2015-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3627"
},
{
"name": "CVE-2023-31484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31484"
},
{
"name": "CVE-2023-28642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28642"
},
{
"name": "CVE-2016-10516",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10516"
},
{
"name": "CVE-2020-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25032"
},
{
"name": "CVE-2021-45958",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45958"
},
{
"name": "CVE-2023-30861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30861"
},
{
"name": "CVE-2021-43565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43565"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2020-28493",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28493"
},
{
"name": "CVE-2023-26159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
},
{
"name": "CVE-2024-24758",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24758"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0366",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-05-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7149736 du 29 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7149736"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7150045 du 01 mai 2024",
"url": "https://www.ibm.com/support/pages/node/7150045"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7149967 du 01 mai 2024",
"url": "https://www.ibm.com/support/pages/node/7149967"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7149874 du 01 mai 2024",
"url": "https://www.ibm.com/support/pages/node/7149874"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7150150 du 03 mai 2024",
"url": "https://www.ibm.com/support/pages/node/7150150"
}
]
}
CERTFR-2026-AVI-0131
Vulnerability from certfr_avis - Published: 2026-02-06 - Updated: 2026-02-06
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cloud Pak System | Cloud Pak System versions 2.3.4.x et postérieures, antérieures à 2.3.6.1 | ||
| IBM | Cognos Analytics | Cognos Command Center versions 10.2.4.x et 10.2.5.x antérieures à 10.2.5 FP1 IF2 | ||
| IBM | Db2 | DB2 sans le correctif de sécurité 11.5.9 Special Build 62071 | ||
| IBM | Db2 | DB2 Data Management Console antérieures à 3.1.13.1 | ||
| IBM | Db2 | DB2 Data Management Console on CPD versions antérieurs à 4.8 | ||
| IBM | Db2 | DB2 Recovery Expert for LUW version 5.5 IF2 sans le correctif de sécurité v5.5.0.1 Interim Fix 8 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cloud Pak System versions 2.3.4.x et post\u00e9rieures, ant\u00e9rieures \u00e0 2.3.6.1",
"product": {
"name": "Cloud Pak System",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Command Center versions 10.2.4.x et 10.2.5.x ant\u00e9rieures \u00e0 10.2.5 FP1 IF2",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 sans le correctif de s\u00e9curit\u00e9 11.5.9 Special Build 62071",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console ant\u00e9rieures \u00e0 3.1.13.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console on CPD versions ant\u00e9rieurs \u00e0 4.8",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Recovery Expert for LUW version 5.5 IF2 sans le correctif de s\u00e9curit\u00e9 v5.5.0.1 Interim Fix 8",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2024-51473",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51473"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"name": "CVE-2024-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3933"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2025-33092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33092"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2025-7962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
},
{
"name": "CVE-2022-21624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2025-27903",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27903"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2022-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
},
{
"name": "CVE-2025-33143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33143"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2024-10917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10917"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2022-40609",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40609"
},
{
"name": "CVE-2022-21628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2026-1188",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1188"
},
{
"name": "CVE-2023-25173",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25173"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2025-1948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1948"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2023-25153",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25153"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"name": "CVE-2024-49828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49828"
},
{
"name": "CVE-2015-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3627"
},
{
"name": "CVE-2025-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27904"
},
{
"name": "CVE-2025-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27533"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2025-36071",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36071"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2025-27900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27900"
},
{
"name": "CVE-2022-23471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23471"
},
{
"name": "CVE-2025-27899",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27899"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2025-27901",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27901"
},
{
"name": "CVE-2024-52894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52894"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2025-27898",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27898"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2022-21619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2024-27267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
}
],
"initial_release_date": "2026-02-06T00:00:00",
"last_revision_date": "2026-02-06T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0131",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2026-02-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7259447",
"url": "https://www.ibm.com/support/pages/node/7259447"
},
{
"published_at": "2026-01-30",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7253572",
"url": "https://www.ibm.com/support/pages/node/7253572"
},
{
"published_at": "2026-02-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257780",
"url": "https://www.ibm.com/support/pages/node/7257780"
},
{
"published_at": "2026-02-05",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7259901",
"url": "https://www.ibm.com/support/pages/node/7259901"
},
{
"published_at": "2026-02-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7259526",
"url": "https://www.ibm.com/support/pages/node/7259526"
}
]
}
CNVD-2015-03053
Vulnerability from cnvd - Published: 2015-05-15
VLAI
Title
Docker不安全文件描述符处理权限提升漏洞
Description
Docker 是一个开源的应用容器引擎,让开发者可以打包他们的应用以及依赖包到一个可移植的容器中,然后发布到任何流行的 Linux 机器上,也可以实现虚拟化。
Docker处理容器重派生存在安全漏洞,允许本地攻击者构建特殊容器映像,通过目录遍历攻击,覆盖宿主机中的文件,提升权限。
Severity
中
Patch Name
Docker不安全文件描述符处理权限提升漏洞的补丁
Patch Description
Docker 是一个开源的应用容器引擎,让开发者可以打包他们的应用以及依赖包到一个可移植的容器中,然后发布到任何流行的 Linux 机器上,也可以实现虚拟化。Docker处理容器重派生存在安全漏洞,允许本地攻击者构建特殊容器映像,通过目录遍历攻击,覆盖宿主机中的文件,提升权限。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下厂商提供的安全补丁以修复该漏洞: http://www.docker.com/
Reference
http://www.openwall.com/lists/oss-security/2015/05/07/10
Impacted products
| Name | Docker Docker 1.6.1 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2015-3627"
}
},
"description": "Docker \u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u5e94\u7528\u5bb9\u5668\u5f15\u64ce\uff0c\u8ba9\u5f00\u53d1\u8005\u53ef\u4ee5\u6253\u5305\u4ed6\u4eec\u7684\u5e94\u7528\u4ee5\u53ca\u4f9d\u8d56\u5305\u5230\u4e00\u4e2a\u53ef\u79fb\u690d\u7684\u5bb9\u5668\u4e2d\uff0c\u7136\u540e\u53d1\u5e03\u5230\u4efb\u4f55\u6d41\u884c\u7684 Linux \u673a\u5668\u4e0a\uff0c\u4e5f\u53ef\u4ee5\u5b9e\u73b0\u865a\u62df\u5316\u3002\r\n\r\nDocker\u5904\u7406\u5bb9\u5668\u91cd\u6d3e\u751f\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u672c\u5730\u653b\u51fb\u8005\u6784\u5efa\u7279\u6b8a\u5bb9\u5668\u6620\u50cf\uff0c\u901a\u8fc7\u76ee\u5f55\u904d\u5386\u653b\u51fb\uff0c\u8986\u76d6\u5bbf\u4e3b\u673a\u4e2d\u7684\u6587\u4ef6\uff0c\u63d0\u5347\u6743\u9650\u3002",
"discovererName": "Eric Windisch",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://www.docker.com/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2015-03053",
"openTime": "2015-05-15",
"patchDescription": "Docker \u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u5e94\u7528\u5bb9\u5668\u5f15\u64ce\uff0c\u8ba9\u5f00\u53d1\u8005\u53ef\u4ee5\u6253\u5305\u4ed6\u4eec\u7684\u5e94\u7528\u4ee5\u53ca\u4f9d\u8d56\u5305\u5230\u4e00\u4e2a\u53ef\u79fb\u690d\u7684\u5bb9\u5668\u4e2d\uff0c\u7136\u540e\u53d1\u5e03\u5230\u4efb\u4f55\u6d41\u884c\u7684 Linux \u673a\u5668\u4e0a\uff0c\u4e5f\u53ef\u4ee5\u5b9e\u73b0\u865a\u62df\u5316\u3002Docker\u5904\u7406\u5bb9\u5668\u91cd\u6d3e\u751f\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u672c\u5730\u653b\u51fb\u8005\u6784\u5efa\u7279\u6b8a\u5bb9\u5668\u6620\u50cf\uff0c\u901a\u8fc7\u76ee\u5f55\u904d\u5386\u653b\u51fb\uff0c\u8986\u76d6\u5bbf\u4e3b\u673a\u4e2d\u7684\u6587\u4ef6\uff0c\u63d0\u5347\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Docker\u4e0d\u5b89\u5168\u6587\u4ef6\u63cf\u8ff0\u7b26\u5904\u7406\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Docker Docker 1.6.1"
},
"referenceLink": "http://www.openwall.com/lists/oss-security/2015/05/07/10",
"serverity": "\u4e2d",
"submitTime": "2015-05-11",
"title": "Docker\u4e0d\u5b89\u5168\u6587\u4ef6\u63cf\u8ff0\u7b26\u5904\u7406\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}
FKIE_CVE-2015-3627
Vulnerability from fkie_nvd - Published: 2015-05-18 15:59 - Updated: 2026-05-06 22:30
Severity
Summary
Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| docker | docker | * | |
| docker | libcontainer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17D18FD1-A4E3-4CB4-BEA5-A10FB3EEB4EC",
"versionEndIncluding": "1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:libcontainer:*:*:*:*:*:docker:*:*",
"matchCriteriaId": "F6F2A291-80C9-4A4E-9CA8-980B1F2BDE44",
"versionEndIncluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image."
},
{
"lang": "es",
"value": "Libcontainer and Docker Engine anterior a 1.6.1 abre el descriptor de ficheros pasado al proceso pid-1 antes de realizar el chroot, lo que permite a usuarios locales ganar privilegios a trav\u00e9s de una ataque de enlace simb\u00f3lico en una imagen."
}
],
"id": "CVE-2015-3627",
"lastModified": "2026-05-06T22:30:45.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-05-18T15:59:14.930",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2015/May/28"
},
{
"source": "cve@mitre.org",
"url": "https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2015/May/28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-G7V2-2QXX-WJRW
Vulnerability from github – Published: 2022-02-15 01:18 – Updated: 2021-05-20 16:33
VLAI
Summary
Symlink Attack in Libcontainer and Docker Engine
Details
Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/docker/docker"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2015-3627"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-20T16:33:03Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.",
"id": "GHSA-g7v2-2qxx-wjrw",
"modified": "2021-05-20T16:33:03Z",
"published": "2022-02-15T01:18:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3627"
},
{
"type": "WEB",
"url": "https://github.com/docker/docker/commit/d5ebb60bddbabea0439213501f4f6ed494b23cba"
},
{
"type": "WEB",
"url": "https://groups.google.com/forum/#!searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ"
},
{
"type": "WEB",
"url": "https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ"
},
{
"type": "WEB",
"url": "https://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html"
},
{
"type": "WEB",
"url": "https://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html"
},
{
"type": "WEB",
"url": "https://seclists.org/fulldisclosure/2015/May/28"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Symlink Attack in Libcontainer and Docker Engine"
}
GSD-2015-3627
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2015-3627",
"description": "Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.",
"id": "GSD-2015-3627",
"references": [
"https://www.suse.com/security/cve/CVE-2015-3627.html",
"https://access.redhat.com/errata/RHBA-2015:1167",
"https://alas.aws.amazon.com/cve/html/CVE-2015-3627.html",
"https://linux.oracle.com/cve/CVE-2015-3627.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2015-3627"
],
"details": "Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.",
"id": "GSD-2015-3627",
"modified": "2023-12-13T01:20:07.721832Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/forum/#!searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ"
},
{
"name": "20150508 Docker 1.6.1 - Security Advisory [150507]",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/May/28"
},
{
"name": "openSUSE-SU-2015:0905",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html"
},
{
"name": "http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003cv1.6.1",
"affected_versions": "All versions before 1.6.1",
"cvss_v2": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"cwe_ids": [
"CWE-1035",
"CWE-59",
"CWE-937"
],
"date": "2022-02-15",
"description": "Libcontainer and Docker Engine opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.",
"fixed_versions": [
"v1.6.1"
],
"identifier": "CVE-2015-3627",
"identifiers": [
"GHSA-g7v2-2qxx-wjrw",
"CVE-2015-3627"
],
"not_impacted": "All versions starting from 1.6.1",
"package_slug": "go/github.com/docker/docker",
"pubdate": "2015-05-19",
"solution": "Upgrade to version 1.6.1 or above.",
"title": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2015-3627",
"https://github.com/docker/docker/commit/d5ebb60bddbabea0439213501f4f6ed494b23cba",
"https://groups.google.com/forum/#!searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ",
"https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ",
"https://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html",
"https://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html",
"https://seclists.org/fulldisclosure/2015/May/28",
"https://github.com/advisories/GHSA-g7v2-2qxx-wjrw"
],
"uuid": "f7e377fe-f587-4905-8d2d-c52ccc6075dc",
"versions": [
{
"commit": {
"sha": "c2b89b93393685e075d77200ae25a98cd2051eaa",
"tags": [
"v1.6.1"
],
"timestamp": "20150507170701"
},
"number": "v1.6.1"
}
]
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:libcontainer:*:*:*:*:*:docker:*:*",
"cpe_name": [],
"versionEndIncluding": "1.6.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3627"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150508 Docker 1.6.1 - Security Advisory [150507]",
"refsource": "FULLDISC",
"tags": [],
"url": "http://seclists.org/fulldisclosure/2015/May/28"
},
{
"name": "http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html",
"refsource": "MISC",
"tags": [],
"url": "http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html"
},
{
"name": "openSUSE-SU-2015:0905",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html"
},
{
"name": "https://groups.google.com/forum/#!searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ",
"refsource": "CONFIRM",
"tags": [],
"url": "https://groups.google.com/forum/#!searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2018-08-13T21:47Z",
"publishedDate": "2015-05-18T15:59Z"
}
}
}
MSRC_CVE-2015-3627
Vulnerability from csaf_microsoft - Published: 2015-05-02 00:00 - Updated: 2021-07-16 00:00Summary
Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot which allows local users to gain privileges via a symlink attack in an image.
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
CWE-59
- Improper Link Resolution Before File Access ('Link Following')
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 16833-16820 | — |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 16820-1 | — |
Vendor Fix
fix
|
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2015/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2015/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2015-3627 Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot which allows local users to gain privileges via a symlink attack in an image. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2015/msrc_cve-2015-3627.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot which allows local users to gain privileges via a symlink attack in an image.",
"tracking": {
"current_release_date": "2021-07-16T00:00:00.000Z",
"generator": {
"date": "2025-10-19T17:01:17.842Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2015-3627",
"initial_release_date": "2015-05-02T00:00:00.000Z",
"revision_history": [
{
"date": "2021-07-16T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "1.0",
"product": {
"name": "CBL Mariner 1.0",
"product_id": "16820"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccm1 moby-buildx 0.4.1+azure-3",
"product": {
"name": "\u003ccm1 moby-buildx 0.4.1+azure-3",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cm1 moby-buildx 0.4.1+azure-3",
"product": {
"name": "cm1 moby-buildx 0.4.1+azure-3",
"product_id": "16833"
}
}
],
"category": "product_name",
"name": "moby-buildx"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccm1 moby-buildx 0.4.1+azure-3 as a component of CBL Mariner 1.0",
"product_id": "16820-1"
},
"product_reference": "1",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cm1 moby-buildx 0.4.1+azure-3 as a component of CBL Mariner 1.0",
"product_id": "16833-16820"
},
"product_reference": "16833",
"relates_to_product_reference": "16820"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-3627",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0026#39;Link Following\u0026#39;)"
},
"notes": [
{
"category": "general",
"text": "mitre",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"16833-16820"
],
"known_affected": [
"16820-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2015-3627 Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot which allows local users to gain privileges via a symlink attack in an image. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2015/msrc_cve-2015-3627.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-16T00:00:00.000Z",
"details": "-:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"16820-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"title": "Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot which allows local users to gain privileges via a symlink attack in an image."
}
]
}
OPENSUSE-SU-2024:10532-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
docker-1.12.3-4.1 on GA media
Severity
Moderate
Notes
Title of the patch: docker-1.12.3-4.1 on GA media
Description of the patch: These are all security issues fixed in the docker-1.12.3-4.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10532
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.6 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.8 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.8 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
54 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "docker-1.12.3-4.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the docker-1.12.3-4.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10532",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10532-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-3499 page",
"url": "https://www.suse.com/security/cve/CVE-2014-3499/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-5277 page",
"url": "https://www.suse.com/security/cve/CVE-2014-5277/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-6407 page",
"url": "https://www.suse.com/security/cve/CVE-2014-6407/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-6408 page",
"url": "https://www.suse.com/security/cve/CVE-2014-6408/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-8178 page",
"url": "https://www.suse.com/security/cve/CVE-2014-8178/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-8179 page",
"url": "https://www.suse.com/security/cve/CVE-2014-8179/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9356 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9356/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9357 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9357/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9358 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9358/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3627 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3627/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3629 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3629/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3630 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3630/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3631 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3631/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3697 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-8867 page",
"url": "https://www.suse.com/security/cve/CVE-2016-8867/"
}
],
"title": "docker-1.12.3-4.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10532-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-1.12.3-4.1.aarch64",
"product": {
"name": "docker-1.12.3-4.1.aarch64",
"product_id": "docker-1.12.3-4.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-bash-completion-1.12.3-4.1.aarch64",
"product": {
"name": "docker-bash-completion-1.12.3-4.1.aarch64",
"product_id": "docker-bash-completion-1.12.3-4.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-test-1.12.3-4.1.aarch64",
"product": {
"name": "docker-test-1.12.3-4.1.aarch64",
"product_id": "docker-test-1.12.3-4.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-zsh-completion-1.12.3-4.1.aarch64",
"product": {
"name": "docker-zsh-completion-1.12.3-4.1.aarch64",
"product_id": "docker-zsh-completion-1.12.3-4.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-1.12.3-4.1.ppc64le",
"product": {
"name": "docker-1.12.3-4.1.ppc64le",
"product_id": "docker-1.12.3-4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-bash-completion-1.12.3-4.1.ppc64le",
"product": {
"name": "docker-bash-completion-1.12.3-4.1.ppc64le",
"product_id": "docker-bash-completion-1.12.3-4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-test-1.12.3-4.1.ppc64le",
"product": {
"name": "docker-test-1.12.3-4.1.ppc64le",
"product_id": "docker-test-1.12.3-4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-zsh-completion-1.12.3-4.1.ppc64le",
"product": {
"name": "docker-zsh-completion-1.12.3-4.1.ppc64le",
"product_id": "docker-zsh-completion-1.12.3-4.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-1.12.3-4.1.s390x",
"product": {
"name": "docker-1.12.3-4.1.s390x",
"product_id": "docker-1.12.3-4.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-bash-completion-1.12.3-4.1.s390x",
"product": {
"name": "docker-bash-completion-1.12.3-4.1.s390x",
"product_id": "docker-bash-completion-1.12.3-4.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-test-1.12.3-4.1.s390x",
"product": {
"name": "docker-test-1.12.3-4.1.s390x",
"product_id": "docker-test-1.12.3-4.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-zsh-completion-1.12.3-4.1.s390x",
"product": {
"name": "docker-zsh-completion-1.12.3-4.1.s390x",
"product_id": "docker-zsh-completion-1.12.3-4.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-1.12.3-4.1.x86_64",
"product": {
"name": "docker-1.12.3-4.1.x86_64",
"product_id": "docker-1.12.3-4.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-bash-completion-1.12.3-4.1.x86_64",
"product": {
"name": "docker-bash-completion-1.12.3-4.1.x86_64",
"product_id": "docker-bash-completion-1.12.3-4.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-test-1.12.3-4.1.x86_64",
"product": {
"name": "docker-test-1.12.3-4.1.x86_64",
"product_id": "docker-test-1.12.3-4.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-zsh-completion-1.12.3-4.1.x86_64",
"product": {
"name": "docker-zsh-completion-1.12.3-4.1.x86_64",
"product_id": "docker-zsh-completion-1.12.3-4.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-1.12.3-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64"
},
"product_reference": "docker-1.12.3-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-1.12.3-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le"
},
"product_reference": "docker-1.12.3-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-1.12.3-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-1.12.3-4.1.s390x"
},
"product_reference": "docker-1.12.3-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-1.12.3-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64"
},
"product_reference": "docker-1.12.3-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-1.12.3-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64"
},
"product_reference": "docker-bash-completion-1.12.3-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-1.12.3-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le"
},
"product_reference": "docker-bash-completion-1.12.3-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-1.12.3-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x"
},
"product_reference": "docker-bash-completion-1.12.3-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-1.12.3-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64"
},
"product_reference": "docker-bash-completion-1.12.3-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-test-1.12.3-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64"
},
"product_reference": "docker-test-1.12.3-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-test-1.12.3-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le"
},
"product_reference": "docker-test-1.12.3-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-test-1.12.3-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x"
},
"product_reference": "docker-test-1.12.3-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-test-1.12.3-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64"
},
"product_reference": "docker-test-1.12.3-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-zsh-completion-1.12.3-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64"
},
"product_reference": "docker-zsh-completion-1.12.3-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-zsh-completion-1.12.3-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le"
},
"product_reference": "docker-zsh-completion-1.12.3-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-zsh-completion-1.12.3-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x"
},
"product_reference": "docker-zsh-completion-1.12.3-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-zsh-completion-1.12.3-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64"
},
"product_reference": "docker-zsh-completion-1.12.3-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-3499",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-3499"
}
],
"notes": [
{
"category": "general",
"text": "Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-3499",
"url": "https://www.suse.com/security/cve/CVE-2014-3499"
},
{
"category": "external",
"summary": "SUSE Bug 885209 for CVE-2014-3499",
"url": "https://bugzilla.suse.com/885209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2014-3499"
},
{
"cve": "CVE-2014-5277",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-5277"
}
],
"notes": [
{
"category": "general",
"text": "Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-5277",
"url": "https://www.suse.com/security/cve/CVE-2014-5277"
},
{
"category": "external",
"summary": "SUSE Bug 904165 for CVE-2014-5277",
"url": "https://bugzilla.suse.com/904165"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-5277"
},
{
"cve": "CVE-2014-6407",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-6407"
}
],
"notes": [
{
"category": "general",
"text": "Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-6407",
"url": "https://www.suse.com/security/cve/CVE-2014-6407"
},
{
"category": "external",
"summary": "SUSE Bug 907012 for CVE-2014-6407",
"url": "https://bugzilla.suse.com/907012"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-6407"
},
{
"cve": "CVE-2014-6408",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-6408"
}
],
"notes": [
{
"category": "general",
"text": "Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-6408",
"url": "https://www.suse.com/security/cve/CVE-2014-6408"
},
{
"category": "external",
"summary": "SUSE Bug 907014 for CVE-2014-6408",
"url": "https://bugzilla.suse.com/907014"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-6408"
},
{
"cve": "CVE-2014-8178",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-8178"
}
],
"notes": [
{
"category": "general",
"text": "Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-8178",
"url": "https://www.suse.com/security/cve/CVE-2014-8178"
},
{
"category": "external",
"summary": "SUSE Bug 949660 for CVE-2014-8178",
"url": "https://bugzilla.suse.com/949660"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2014-8178"
},
{
"cve": "CVE-2014-8179",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-8179"
}
],
"notes": [
{
"category": "general",
"text": "Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-8179",
"url": "https://www.suse.com/security/cve/CVE-2014-8179"
},
{
"category": "external",
"summary": "SUSE Bug 949660 for CVE-2014-8179",
"url": "https://bugzilla.suse.com/949660"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2014-8179"
},
{
"cve": "CVE-2014-9356",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9356"
}
],
"notes": [
{
"category": "general",
"text": "Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9356",
"url": "https://www.suse.com/security/cve/CVE-2014-9356"
},
{
"category": "external",
"summary": "SUSE Bug 909712 for CVE-2014-9356",
"url": "https://bugzilla.suse.com/909712"
},
{
"category": "external",
"summary": "SUSE Bug 909747 for CVE-2014-9356",
"url": "https://bugzilla.suse.com/909747"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2014-9356"
},
{
"cve": "CVE-2014-9357",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9357"
}
],
"notes": [
{
"category": "general",
"text": "Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9357",
"url": "https://www.suse.com/security/cve/CVE-2014-9357"
},
{
"category": "external",
"summary": "SUSE Bug 909710 for CVE-2014-9357",
"url": "https://bugzilla.suse.com/909710"
},
{
"category": "external",
"summary": "SUSE Bug 909747 for CVE-2014-9357",
"url": "https://bugzilla.suse.com/909747"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2014-9357"
},
{
"cve": "CVE-2014-9358",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9358"
}
],
"notes": [
{
"category": "general",
"text": "Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) \"docker load\" operation or (2) \"registry communications.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9358",
"url": "https://www.suse.com/security/cve/CVE-2014-9358"
},
{
"category": "external",
"summary": "SUSE Bug 909709 for CVE-2014-9358",
"url": "https://bugzilla.suse.com/909709"
},
{
"category": "external",
"summary": "SUSE Bug 909747 for CVE-2014-9358",
"url": "https://bugzilla.suse.com/909747"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9358"
},
{
"cve": "CVE-2015-3627",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3627"
}
],
"notes": [
{
"category": "general",
"text": "Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3627",
"url": "https://www.suse.com/security/cve/CVE-2015-3627"
},
{
"category": "external",
"summary": "SUSE Bug 930235 for CVE-2015-3627",
"url": "https://bugzilla.suse.com/930235"
},
{
"category": "external",
"summary": "SUSE Bug 945060 for CVE-2015-3627",
"url": "https://bugzilla.suse.com/945060"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2015-3627"
},
{
"cve": "CVE-2015-3629",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3629"
}
],
"notes": [
{
"category": "general",
"text": "Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization (\"mount namespace breakout\") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3629",
"url": "https://www.suse.com/security/cve/CVE-2015-3629"
},
{
"category": "external",
"summary": "SUSE Bug 930235 for CVE-2015-3629",
"url": "https://bugzilla.suse.com/930235"
},
{
"category": "external",
"summary": "SUSE Bug 945060 for CVE-2015-3629",
"url": "https://bugzilla.suse.com/945060"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2015-3629"
},
{
"cve": "CVE-2015-3630",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3630"
}
],
"notes": [
{
"category": "general",
"text": "Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3630",
"url": "https://www.suse.com/security/cve/CVE-2015-3630"
},
{
"category": "external",
"summary": "SUSE Bug 930235 for CVE-2015-3630",
"url": "https://bugzilla.suse.com/930235"
},
{
"category": "external",
"summary": "SUSE Bug 945060 for CVE-2015-3630",
"url": "https://bugzilla.suse.com/945060"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2015-3630"
},
{
"cve": "CVE-2015-3631",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3631"
}
],
"notes": [
{
"category": "general",
"text": "Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3631",
"url": "https://www.suse.com/security/cve/CVE-2015-3631"
},
{
"category": "external",
"summary": "SUSE Bug 930235 for CVE-2015-3631",
"url": "https://bugzilla.suse.com/930235"
},
{
"category": "external",
"summary": "SUSE Bug 945060 for CVE-2015-3631",
"url": "https://bugzilla.suse.com/945060"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2015-3631"
},
{
"cve": "CVE-2016-3697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3697"
}
],
"notes": [
{
"category": "general",
"text": "libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3697",
"url": "https://www.suse.com/security/cve/CVE-2016-3697"
},
{
"category": "external",
"summary": "SUSE Bug 976777 for CVE-2016-3697",
"url": "https://bugzilla.suse.com/976777"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-3697"
},
{
"cve": "CVE-2016-8867",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-8867"
}
],
"notes": [
{
"category": "general",
"text": "Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or mounted volumes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-8867",
"url": "https://www.suse.com/security/cve/CVE-2016-8867"
},
{
"category": "external",
"summary": "SUSE Bug 1007249 for CVE-2016-8867",
"url": "https://bugzilla.suse.com/1007249"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:docker-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-test-1.12.3-4.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-1.12.3-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-8867"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…