Vulnerabilities > Mobyproject
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-07-06 | CVE-2018-10892 | The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. | 5.3 |
2017-11-04 | CVE-2017-16539 | Information Exposure vulnerability in Mobyproject Moby The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a "scsi remove-single-device" line to /proc/scsi/scsi, aka SCSI MICDROP. | 5.9 |