VYPR

Docker

by Docker

Source repositories

CVEs (27)

  • CVE-2024-41110CriJul 24, 2024
    risk 0.59cvss 9.9epss 0.17

    Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base…

  • CVE-2024-9348HigOct 16, 2024
    risk 0.58cvss epss 0.00

    Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view.

  • CVE-2018-15514HigSep 1, 2018
    risk 0.57cvss 8.8epss 0.02

    HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in…

  • CVE-2014-5282HigFeb 6, 2018
    risk 0.53cvss 8.1epss 0.01

    Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'.

  • CVE-2014-0047HigOct 6, 2017
    risk 0.51cvss 7.8epss 0.00

    Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage.

  • CVE-2016-8867HigOct 28, 2016
    risk 0.49cvss 7.5epss 0.03

    Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or mounted volumes.

  • CVE-2016-3697HigJun 1, 2016
    risk 0.44cvss 7.8epss 0.00

    libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.

  • CVE-2017-14992MedNov 1, 2017
    risk 0.42cvss 6.5epss 0.02

    Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing.

  • CVE-2016-6595MedJan 4, 2017
    risk 0.42cvss 6.5epss 0.02

    The SwarmKit toolkit 1.12.0 for Docker allows remote authenticated users to cause a denial of service (prevention of cluster joins) via a long sequence of join and quit actions. NOTE: the vendor disputes this issue, stating that this sequence is not "removing the state that is…

  • CVE-2016-9962MedJan 31, 2017
    risk 0.35cvss 6.4epss 0.00

    RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to…

  • CVE-2018-15664May 23, 2019
    risk 0.01cvss epss 0.03

    In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not…

  • CVE-2014-9357Dec 16, 2014
    risk 0.01cvss epss 0.06

    Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction.

  • CVE-2025-15558Mar 4, 2026
    risk 0.00cvss epss 0.00

    Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that…

  • CVE-2020-27352Jun 21, 2024
    risk 0.00cvss epss 0.00

    When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself…

  • CVE-2020-35467Dec 15, 2020
    risk 0.00cvss epss 0.02

    The Docker Docs Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Docker Docs container may allow a remote attacker to achieve root access with a blank password.

  • CVE-2014-5278Feb 7, 2020
    risk 0.00cvss epss 0.02

    A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs.

  • CVE-2014-0048Jan 2, 2020
    risk 0.00cvss epss 0.07

    An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways.

  • CVE-2019-5736Feb 11, 2019
    risk 0.00cvss epss 0.99

    runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new…

  • CVE-2018-10892MedJul 6, 2018
    risk 0.00cvss 5.3epss 0.01

    The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness.

  • CVE-2015-3631May 18, 2015
    risk 0.00cvss epss 0.01

    Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc.

Page 1 of 2