Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
641
VMScore

CVE-2018-9862

Published: 09/04/2018 Updated: 03/10/2019
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Hyper

Vulnerability Summary

util.c in runV 1.0.0 for Docker mishandles a numeric username, which allows malicious users to obtain root access by leveraging the presence of an initial numeric value on an /etc/passwd line, and then issuing a "docker exec" command with that value in the -u argument, a similar issue to CVE-2016-3697.

Vulnerable Product Search on Vulmon Subscribe to Product

hyper runv 1.0.0

Github Repositories

https://github.com/sandbornm/HardenDocker

Markdown guide and best practices to harden Docker images

How to harden a Docker image: a tutorial for beginners This tutorial provides a basic overview of Docker and its security mechanisms, discusses best practices for creating Docker containers, and surveys a number of scanning and monitoring software to harden Docker images Table of Contents 1 How does Docker work? 2 How do Docker images interact with the host? 3 How are Docke

References

CWE-838https://github.com/hyperhq/hyperstart/pull/348http://www.securityfocus.com/bid/103738https://nvd.nist.govhttps://github.com/sandbornm/HardenDocker
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671unauthorizedCVE-2024-4776CVE-2024-3407CVE-2024-26026CVE-2024-32888wirelessCVE-2024-4656template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook