Apache Software Foundation Mesos 1.5.2 Release Candidate 3

CPE Details

Apache Software Foundation Mesos 1.5.2 Release Candidate 3
apache
mesos
1.5.2
2019-03-06
15h12 +00:00
2019-03-06
15h12 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:apache:mesos:1.5.2:rc3:*:*:*:*:*:*

Informations

Vendor

apache

Product

mesos

Version

1.5.2

Update

rc3

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2019-0204 2019-03-25 20h43 +00:00 A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1. A malicious actor can therefore gain root-level code execution on the host.
7.8
High
CVE-2019-5736 2019-02-10 23h00 +00:00 runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
8.6
High