Filtered by vendor Docker Subscriptions
Total 103 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-3697 4 Docker, Linuxfoundation, Opensuse and 1 more 4 Docker, Runc, Opensuse and 1 more 2024-11-21 7.8 High
libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.
CVE-2015-9259 1 Docker 1 Notary 2024-11-21 N/A
In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce update files referring to an old root.json file.
CVE-2015-9258 1 Docker 1 Notary 2024-11-21 N/A
In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might (for example) be able to forge a signature by forcing a misinterpretation of an RSA-PSS key as Ed25519 elliptic-curve data.
CVE-2015-3631 2 Docker, Redhat 2 Docker, Rhel Extras Other 2024-11-21 N/A
Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc.
CVE-2015-3630 2 Docker, Redhat 2 Docker, Rhel Extras Other 2024-11-21 N/A
Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image.
CVE-2015-3629 3 Docker, Opensuse, Redhat 3 Libcontainer, Opensuse, Rhel Extras Other 2024-11-21 7.8 High
Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.
CVE-2015-3627 2 Docker, Redhat 3 Docker, Libcontainer, Rhel Extras Other 2024-11-21 N/A
Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.
CVE-2014-9358 2 Docker, Redhat 2 Docker, Rhel Extras Other 2024-11-21 N/A
Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation or (2) "registry communications."
CVE-2014-9357 2 Docker, Redhat 2 Docker, Rhel Extras Other 2024-11-21 N/A
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction.
CVE-2014-9356 2 Docker, Redhat 2 Docker, Rhel Extras Other 2024-11-21 8.6 High
Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile.
CVE-2014-8179 2 Docker, Opensuse 3 Cs Engine, Docker, Opensuse 2024-11-21 7.5 High
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation.
CVE-2014-8178 2 Docker, Opensuse 3 Cs Engine, Docker, Opensuse 2024-11-21 5.5 Medium
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands.
CVE-2014-6408 1 Docker 1 Docker 2024-11-21 N/A
Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image.
CVE-2014-6407 2 Docker, Redhat 2 Docker, Rhel Extras Other 2024-11-21 N/A
Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.
CVE-2014-5282 1 Docker 1 Docker 2024-11-21 N/A
Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'.
CVE-2014-5278 1 Docker 1 Docker 2024-11-21 5.3 Medium
A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs.
CVE-2014-5277 1 Docker 2 Docker, Docker-py 2024-11-21 N/A
Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic.
CVE-2014-3499 3 Docker, Fedoraproject, Redhat 3 Docker, Fedora, Rhel Extras Other 2024-11-21 N/A
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.
CVE-2014-0048 2 Apache, Docker 2 Geode, Docker 2024-11-21 9.8 Critical
An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways.
CVE-2014-0047 1 Docker 1 Docker 2024-11-21 N/A
Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage.