Filtered by vendor Docker
Subscriptions
Filtered by product Docker
Subscriptions
Total
53 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-9358 | 2 Docker, Redhat | 2 Docker, Rhel Extras Other | 2024-11-21 | N/A |
Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation or (2) "registry communications." | ||||
CVE-2014-9357 | 2 Docker, Redhat | 2 Docker, Rhel Extras Other | 2024-11-21 | N/A |
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction. | ||||
CVE-2014-9356 | 2 Docker, Redhat | 2 Docker, Rhel Extras Other | 2024-11-21 | 8.6 High |
Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile. | ||||
CVE-2014-8179 | 2 Docker, Opensuse | 3 Cs Engine, Docker, Opensuse | 2024-11-21 | 7.5 High |
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation. | ||||
CVE-2014-8178 | 2 Docker, Opensuse | 3 Cs Engine, Docker, Opensuse | 2024-11-21 | 5.5 Medium |
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands. | ||||
CVE-2014-6408 | 1 Docker | 1 Docker | 2024-11-21 | N/A |
Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image. | ||||
CVE-2014-6407 | 2 Docker, Redhat | 2 Docker, Rhel Extras Other | 2024-11-21 | N/A |
Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation. | ||||
CVE-2014-5282 | 1 Docker | 1 Docker | 2024-11-21 | N/A |
Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'. | ||||
CVE-2014-5278 | 1 Docker | 1 Docker | 2024-11-21 | 5.3 Medium |
A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs. | ||||
CVE-2014-5277 | 1 Docker | 2 Docker, Docker-py | 2024-11-21 | N/A |
Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic. | ||||
CVE-2014-3499 | 3 Docker, Fedoraproject, Redhat | 3 Docker, Fedora, Rhel Extras Other | 2024-11-21 | N/A |
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors. | ||||
CVE-2014-0048 | 2 Apache, Docker | 2 Geode, Docker | 2024-11-21 | 9.8 Critical |
An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways. | ||||
CVE-2014-0047 | 1 Docker | 1 Docker | 2024-11-21 | N/A |
Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage. |