Vulnerabilities (CVE)

Vendor filter

Docker Subscribe

Product filter

Docker Subscribe


20 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-15664 1 Docker 1 Docker 2019-06-25 6.2
In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges,...
CVE-2019-5736 10 Docker, Google, Linuxcontainers and 7 more 12 Docker, Kubernetes Engine, Lxc and 9 more 2019-06-03 9.3
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these...
CVE-2014-5282 1 Docker 1 Docker 2019-04-29 5.5
Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'.
CVE-2018-15514 1 Docker 1 Docker 2018-11-09 6.5
HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects....
CVE-2016-3697 4 Opencontainers, Docker, Novell and 1 more 4 Docker, Runc, Opensuse and 1 more 2018-10-30 2.1
libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.
CVE-2016-9962 1 Docker 1 Docker 2018-10-09 4.4
RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the...
CVE-2014-9358 1 Docker 1 Docker 2018-10-09 6.4
Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation or (2) "registry communications."
CVE-2014-9357 1 Docker 1 Docker 2018-10-09 10.0
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction.
CVE-2015-3631 1 Docker 1 Docker 2018-08-13 3.6
Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc.
CVE-2015-3630 1 Docker 1 Docker 2018-08-13 7.2
Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade...
CVE-2015-3627 1 Docker 2 Docker, Libcontainer 2018-08-13 7.2
Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.
CVE-2014-5277 1 Docker 2 Docker, Docker-py 2018-08-13 5.0
Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a...
CVE-2017-14992 1 Docker 1 Docker 2017-11-22 4.3
Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer...
CVE-2014-0047 1 Docker 1 Docker 2017-10-13 4.6
Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage.
CVE-2016-6595 1 Docker 1 Docker 2017-08-16 4.0
** DISPUTED ** The SwarmKit toolkit 1.12.0 for Docker allows remote authenticated users to cause a denial of service (prevention of cluster joins) via a long sequence of join and quit actions. NOTE: the vendor disputes this issue, stating that...
CVE-2016-8867 1 Docker 1 Docker 2017-07-28 5.0
Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or mounted volumes.
CVE-2017-7297 2 Rancher Labs, Docker 2 Rancher, Docker 2017-04-04 6.5
Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. This is fixed in versions rancher/server:v1.2.4, rancher/server:v1.3.5, rancher/server:v1.4.3, and rancher/server:v1.5.3.
CVE-2014-6408 1 Docker 1 Docker 2014-12-15 5.0
Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image.
CVE-2014-6407 1 Docker 1 Docker 2014-12-15 7.5
Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.
CVE-2014-3499 2 Docker, Fedoraproject 2 Docker, Fedora 2014-07-11 7.2
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.