18.09.0

DATE	CVE	VULNERABILITY TITLE	RISK
2021-02-02	CVE-2021-21285	Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. network low complexity docker debian netapp CWE-754	6.5
2021-02-02	CVE-2021-21284	Path Traversal vulnerability in multiple products In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. low complexity docker debian netapp CWE-22	2.7
2020-12-30	CVE-2020-27534	Path Traversal vulnerability in Docker util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call. network low complexity docker CWE-22	5.0
2019-09-25	CVE-2019-16884	Incorrect Authorization vulnerability in multiple products runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. network low complexity linuxfoundation docker fedoraproject opensuse redhat canonical CWE-863	7.5
2019-08-22	CVE-2019-13139	OS Command Injection vulnerability in Docker In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. local low complexity docker CWE-78	4.6
2019-07-18	CVE-2019-13509	Information Exposure Through Log Files vulnerability in Docker In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. network low complexity docker CWE-532	7.5
2019-02-11	CVE-2019-5736	OS Command Injection vulnerability in multiple products runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. local low complexity docker linuxfoundation redhat google linuxcontainers hp netapp apache opensuse d2iq fedoraproject canonical microfocus CWE-78	8.6