Msrc Cm1 Moby-Buildx 0.4.1+Azure-3 On Cbl Mariner 1.0 vulnerabilities

CVE-2021-21284 [MEDIUM] CWE-22 privilege escalation in Moby privilege escalation in Moby FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to tran

CVE-2021-21285 [MEDIUM] CWE-754 Docker daemon crash during image pull of malicious image Docker daemon crash during image pull of malicious image FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whi

CVE-2020-27534 [MEDIUM] CWE-22 util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname constructed with an empty first argument in an ioutil.Tem util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname constructed with an empty first argument in an ioutil.TempDir call. FAQ: Is Azure Linux the only Microsoft product that incl

CVE-2014-5278 [MEDIUM] A vulnerability exists in Docker before 1.2 via container names which may collide with and override container IDs. A vulnerability exists in Docker before 1.2 via container names which may collide with and override container IDs. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitmen

CVE-2014-0048 [CRITICAL] CWE-20 An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways. An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to ou

CVE-2014-9356 [HIGH] CWE-22 Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile. FAQ: Is Azure Linux the only Microsoft prod

CVE-2014-8178 [MEDIUM] CWE-20 Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers which makes it easier for attackers to poison the image cache via a craft Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands. FAQ: Is Azure Linux the only Micr

CVE-2019-16884 [HIGH] CWE-863 runc through 1.0.0-rc8 as used in Docker through 19.03.2-ce and other products allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets and thus a malic runc through 1.0.0-rc8 as used in Docker through 19.03.2-ce and other products allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets and thus a malicious Docker image can mount over a /proc directory. FAQ: Is Azure Li

CVE-2019-13139 [HIGH] CWE-78 In Docker before 18.09.4 an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "dock In Docker before 18.09.4 an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs and results in command injection i

CVE-2019-13509 [HIGH] CWE-532 In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10) Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a s In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10) Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that inc

CVE-2019-5736 [HIGH] CWE-78 runc through 1.0-rc6 as used in Docker before 18.09.2 and other products allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to exec runc through 1.0-rc6 as used in Docker before 18.09.2 and other products allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a ne

CVE-2014-5282 [HIGH] CWE-20 Docker before 1.3 does not properly validate image IDs which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'. Docker before 1.3 does not properly validate image IDs which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected b

CVE-2017-14992 [MEDIUM] CWE-20 Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0 1.10.3 17.03.0 17.03.1 17.03.2 17.06.0 17.06.1 17.06.2 17.09.0 and earlier allows a remote attacker to cause a Denial o Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0 1.10.3 17.03.0 17.03.1 17.03.2 17.06.0 17.06.1 17.06.2 17.09.0 and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload aka gzip bombing. FAQ:

CVE-2014-0047 [HIGH] Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage. Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to dat

CVE-2016-3697 [HIGH] CWE-264 libcontainer/user/user.go in runC before 0.1.0 as used in Docker before 1.11.2 improperly treats a numeric UID as a potential username which allows local users to gain privileges via a numeric usernam libcontainer/user/user.go in runC before 0.1.0 as used in Docker before 1.11.2 improperly treats a numeric UID as a potential username which allows local users to gain privileges via a numeric username in the password file in a container. FAQ: Is Azure Linux the only M