Total vulnerabilities in the database
The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness.
| Software | From | Fixed in |
|---|---|---|
| docker / docker | 1.11 | 18.03.1.x |
| mobyproject / moby | 1.11 | 17.03.2.x |
| redhat / enterprise_linux | 7.0 | 7.0.x |
| redhat / enterprise_linux_server | 7.0 | 7.0.x |
| redhat / openstack | 12 | 12.x |
| opensuse / leap | 15.0 | 15.0.x |
| opensuse / leap | 15.1 | 15.1.x |