CVE-2020-14298

HIGH Year: 2020
CVSS v3 Score
8.8
High
CVSS v2 Score
4.6
Medium
Weakness Type
CWE-273
View all →

Vulnerability Description

The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the container host and other containers running on the same host. This issue only affects docker version 1.13.1-108.git4ef4b30.el7, shipped in Red Hat Enterprise Linux 7 Extras. Both earlier and later versions are not affected.

Related Vulnerabilities

CVE-2020-14300

HIGH
CVSS:8.8(High)

The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrec...

CWE-2732020

CVE-2024-8382

HIGH
CVSS:8.8(High)

Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to ...

CWE-2732024

CVE-2025-27396

HIGH
CVSS:8.8(High)

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the elevation of privileges required to perform certain valid...

CWE-2732025

CVE-2011-2921

CRITICAL
CVSS:9.8(Critical)

ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to executing user specified commands, which can result in command execution with root privileges.

CWE-2732011

CVE-2011-3350

CRITICAL
CVSS:9.8(Critical)

masqmail 0.2.21 through 0.2.30 improperly calls seteuid() in src/log.c and src/masqmail.c that results in improper privilege dropping.

CWE-2732011

CVE-2012-1187

CRITICAL
CVSS:9.8(Critical)

Bitlbee does not drop extra group privileges correctly in unix.c

CWE-2732012