apk package
wolfi/docker-oci-entrypoint
pkg:apk/wolfi/docker-oci-entrypoint
Vulnerabilities (45)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2014-9358 | — | < 0 | 0 | Dec 16, 2014 | Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation or (2) "registry communications." | ||
| CVE-2014-9357 | — | < 0 | 0 | Dec 16, 2014 | Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction. | ||
| CVE-2014-6407 | — | < 0 | 0 | Dec 12, 2014 | Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation. | ||
| CVE-2014-5277 | — | < 0 | 0 | Nov 17, 2014 | Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and | ||
| CVE-2014-3499 | — | < 0 | 0 | Jul 11, 2014 | Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors. |
- CVE-2014-9358Dec 16, 2014affected < 0fixed 0
Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation or (2) "registry communications."
- CVE-2014-9357Dec 16, 2014affected < 0fixed 0
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction.
- CVE-2014-6407Dec 12, 2014affected < 0fixed 0
Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.
- CVE-2014-5277Nov 17, 2014affected < 0fixed 0
Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and
- CVE-2014-3499Jul 11, 2014affected < 0fixed 0
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.
Page 3 of 3