ReportizFlow
Filtered by vendor Docker
Subscriptions
Total
114 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-15664 | 2 Docker, Redhat | 2 Docker, Rhel Extras Other | 2024-11-21 | N/A |
| In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot). | ||||
| CVE-2018-15514 | 1 Docker | 1 Docker | 2024-11-21 | N/A |
| HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the "docker-users" group (who may not otherwise have administrator access) to escalate to administrator privileges. | ||||
| CVE-2018-10892 | 4 Docker, Mobyproject, Opensuse and 1 more | 7 Docker, Moby, Leap and 4 more | 2024-11-21 | 5.3 Medium |
| The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness. | ||||
| CVE-2015-9259 | 1 Docker | 1 Notary | 2024-11-21 | N/A |
| In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce update files referring to an old root.json file. | ||||
| CVE-2015-9258 | 1 Docker | 1 Notary | 2024-11-21 | N/A |
| In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might (for example) be able to forge a signature by forcing a misinterpretation of an RSA-PSS key as Ed25519 elliptic-curve data. | ||||
| CVE-2014-9356 | 2 Docker, Redhat | 2 Docker, Rhel Extras Other | 2024-11-21 | 8.6 High |
| Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile. | ||||
| CVE-2014-8179 | 2 Docker, Opensuse | 3 Cs Engine, Docker, Opensuse | 2024-11-21 | 7.5 High |
| Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation. | ||||
| CVE-2014-8178 | 2 Docker, Opensuse | 3 Cs Engine, Docker, Opensuse | 2024-11-21 | 5.5 Medium |
| Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands. | ||||
| CVE-2014-5282 | 1 Docker | 1 Docker | 2024-11-21 | N/A |
| Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'. | ||||
| CVE-2014-5278 | 1 Docker | 1 Docker | 2024-11-21 | 5.3 Medium |
| A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs. | ||||
| CVE-2014-0048 | 2 Apache, Docker | 2 Geode, Docker | 2024-11-21 | 9.8 Critical |
| An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways. | ||||
| CVE-2024-9348 | 1 Docker | 1 Desktop | 2024-10-17 | N/A |
| Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view. | ||||
| CVE-2024-8695 | 1 Docker | 2 Desktop, Docker Desktop | 2024-09-13 | 9.8 Critical |
| A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2. | ||||
| CVE-2024-8696 | 1 Docker | 2 Desktop, Docker Desktop | 2024-09-13 | 9.8 Critical |
| A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2. | ||||