Docker Docker

Do you want an email whenever new security vulnerabilities are reported in any Docker product?

Products by Docker Sorted by Most Security Vulnerabilities since 2018

Docker21 vulnerabilities
Open Platform for Distributed Applications

Docker Desktop10 vulnerabilities

Docker Desktop7 vulnerabilities

Docker Cs Engine2 vulnerabilities

Docker Engine2 vulnerabilities

Storm Docker Image1 vulnerability

Docker Registry1 vulnerability

Rabbitmq Docker Image1 vulnerability

Notary Docker Image1 vulnerability

Memcached Docker Image1 vulnerability

Docker Machine1 vulnerability

Docker Libcontainer1 vulnerability

Haproxy Docker Image1 vulnerability

Ghost Alpine Docker Image1 vulnerability

Docker Adminer1 vulnerability

Docker Docs1 vulnerability

Docker Registry1 vulnerability

Crux Linux Docker Image1 vulnerability

Docker Credential Helpers1 vulnerability

Composer Docker Image1 vulnerability

Docker Composer1 vulnerability

Known Exploited Docker Vulnerabilities

The following Docker vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Docker Desktop Community Edition Privilege Escalation Vulnerability Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command. CVE-2019-15752 November 3, 2021

By the Year

In 2024 there have been 0 vulnerabilities in Docker . Last year Docker had 14 security vulnerabilities published. Right now, Docker is on track to have less security vulnerabilities in 2024 than it did last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 14 7.69
2022 1 5.50
2021 4 7.15
2020 20 9.03
2019 10 7.27
2018 2 7.05

It may take a day or so for new Docker vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Docker Security Vulnerabilities

Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action (via escape sequence injection), or might have a data size

CVE-2023-40453 6.5 - Medium - November 07, 2023

Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action (via escape sequence injection), or might have a data size that causes a denial of service to a bastion node. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog

CVE-2023-0625 9.8 - Critical - September 25, 2023

Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: before 4.12.0.

Code Injection

Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route

CVE-2023-0626 9.8 - Critical - September 25, 2023

Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route. This issue affects Docker Desktop: before 4.12.0.

Code Injection

Docker Desktop 4.11.x

CVE-2023-0627 7.8 - High - September 25, 2023

Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X.

In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE).This issue affects Docker Desktop: before 4.12.0.

CVE-2023-0633 7.8 - High - September 25, 2023

In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE).This issue affects Docker Desktop: before 4.12.0.

Argument Injection

Docker Desktop before 4.23.0

CVE-2023-5165 8.8 - High - September 25, 2023

Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. This issue has been fixed in Docker Desktop 4.23.0. Affected Docker Desktop versions: from 4.13.0 before 4.23.0.

AuthZ

Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL

CVE-2023-5166 6.5 - Medium - September 25, 2023

Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: before 4.23.0.

Docker Desktop before 4.6.0 on Windows

CVE-2022-31647 7.1 - High - April 27, 2023

Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder parameter, a different vulnerability than CVE-2022-26659.

insecure temporary file

Docker Desktop for Windows before 4.6.0

CVE-2022-34292 7.1 - High - April 27, 2023

Docker Desktop for Windows before 4.6.0 allows attackers to overwrite any file through a symlink attack on the hyperv/create dockerBackendV2 API by controlling the DataFolder parameter for DockerDesktop.vhdx, a similar issue to CVE-2022-31647.

insecure temporary file

Docker Desktop for Windows before 4.6.0

CVE-2022-37326 7.8 - High - April 27, 2023

Docker Desktop for Windows before 4.6.0 allows attackers to delete (or create) any file through the dockerBackendV2 windowscontainers/start API by controlling the pidfile field inside the DaemonJSON field in the WindowsContainerStartRequest class. This can indirectly lead to privilege escalation.

Docker Desktop for Windows before 4.6

CVE-2022-38730 6.3 - Medium - April 27, 2023

Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class. This allows exploiting a symlink vulnerability in ..\dataRoot\network\files\local-kv.db because of a TOCTOU race condition.

insecure temporary file

In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed

CVE-2023-1802 7.5 - High - April 06, 2023

In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected.

Cleartext Transmission of Sensitive Information

Docker Desktop before 4.17.0

CVE-2023-0628 7.8 - High - March 13, 2023

Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL.

Command Injection

Docker Desktop before 4.17.0

CVE-2023-0629 7.1 - High - March 13, 2023

Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/docker_engine_linux on Windows, via the -H (--host) CLI flag or the DOCKER_HOST environment variable and launch containers without the additional hardening features provided by ECI. This would not affect already running containers, nor containers launched through the usual approach (without Docker's raw socket). The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. This issue has been fixed in Docker Desktop 4.17.0. Affected Docker Desktop versions: from 4.13.0 before 4.17.0.

Docker Desktop version 4.3.0 and 4.3.1 has a bug

CVE-2021-45449 5.5 - Medium - January 12, 2022

Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user's machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0, 4.3.1. Gaining access to this data would require having access to the users local files.

Insertion of Sensitive Information into Log File

Docker CLI is the command line interface for the docker container runtime

CVE-2021-41092 7.5 - High - October 04, 2021

Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH.

Information Disclosure

Docker Desktop before 3.6.0 suffers from incorrect access control

CVE-2021-37841 7.8 - High - August 12, 2021

Docker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes. This security issue leads an attacker with low privilege to read, write and possibly even execute code inside the containers.

Incorrect Permission Assignment for Critical Resource

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in

CVE-2021-21285 6.5 - Medium - February 02, 2021

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.

Improper Check for Unusual or Exceptional Conditions

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root

CVE-2021-21284 6.8 - Medium - February 02, 2021

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/<remapping>" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.

Directory traversal

util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname

CVE-2020-27534 5.3 - Medium - December 30, 2020

util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call.

Directory traversal

The official memcached docker images before 1.5.11-alpine (Alpine specific) contain a blank password for a root user

CVE-2020-35197 9.8 - Critical - December 17, 2020

The official memcached docker images before 1.5.11-alpine (Alpine specific) contain a blank password for a root user. System using the memcached docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.

Missing Authentication for Critical Function

The official rabbitmq docker images before 3.7.13-beta.1-management-alpine (Alpine specific) contain a blank password for a root user

CVE-2020-35196 9.8 - Critical - December 17, 2020

The official rabbitmq docker images before 3.7.13-beta.1-management-alpine (Alpine specific) contain a blank password for a root user. System using the rabbitmq docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.

Missing Authentication for Critical Function

The official haproxy docker images before 1.8.18-alpine (Alpine specific) contain a blank password for a root user

CVE-2020-35195 9.8 - Critical - December 17, 2020

The official haproxy docker images before 1.8.18-alpine (Alpine specific) contain a blank password for a root user. System using the haproxy docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.

Missing Authentication for Critical Function

The official composer docker images before 1.8.3 contain a blank password for a root user

CVE-2020-35184 9.8 - Critical - December 17, 2020

The official composer docker images before 1.8.3 contain a blank password for a root user. System using the composer docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.

Missing Authentication for Critical Function

The official adminer docker images before 4.7.0-fastcgi contain a blank password for a root user

CVE-2020-35186 9.8 - Critical - December 17, 2020

The official adminer docker images before 4.7.0-fastcgi contain a blank password for a root user. System using the adminer docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.

Missing Authentication for Critical Function

The official ghost docker images before 2.16.1-alpine (Alpine specific) contain a blank password for a root user

CVE-2020-35185 9.8 - Critical - December 17, 2020

The official ghost docker images before 2.16.1-alpine (Alpine specific) contain a blank password for a root user. System using the ghost docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.

Missing Authentication for Critical Function

The Docker Docs Docker image through 2020-12-14 contains a blank password for the root user

CVE-2020-35467 9.8 - Critical - December 15, 2020

The Docker Docs Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Docker Docs container may allow a remote attacker to achieve root access with a blank password.

Missing Authentication for Critical Function

Versions of the Official registry Docker images through 2.7.0 contain a blank password for the root user

CVE-2020-29591 9.8 - Critical - December 11, 2020

Versions of the Official registry Docker images through 2.7.0 contain a blank password for the root user. Systems deployed using affected versions of the registry container may allow a remote attacker to achieve root access with a blank password.

Weak Password Requirements

The official notary docker images before signer-0.6.1-1 contain a blank password for a root user

CVE-2020-29601 9.8 - Critical - December 08, 2020

The official notary docker images before signer-0.6.1-1 contain a blank password for a root user. System using the notary docker container deployed by affected versions of the docker image may allow an remote attacker to achieve root access with a blank password.

The official spiped docker images before 1.5-alpine contain a blank password for a root user

CVE-2020-29581 9.8 - Critical - December 08, 2020

The official spiped docker images before 1.5-alpine contain a blank password for a root user. Systems using the spiped docker container deployed by affected versions of the docker image may allow an remote attacker to achieve root access with a blank password.

The official storm Docker images before 1.2.1 contain a blank password for a root user

CVE-2020-29580 9.8 - Critical - December 08, 2020

The official storm Docker images before 1.2.1 contain a blank password for a root user. Systems using the Storm Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password.

The official elixir Docker images before 1.8.0-alpine (Alpine specific) contain a blank password for a root user

CVE-2020-29575 9.8 - Critical - December 08, 2020

The official elixir Docker images before 1.8.0-alpine (Alpine specific) contain a blank password for a root user. Systems using the elixir Linux Docker container deployed by affected versions of the Docker image may allow a remote attacker to achieve root access with a blank password.

The official Crux Linux Docker images 3.0 through 3.4 contain a blank password for a root user

CVE-2020-29389 9.8 - Critical - December 02, 2020

The official Crux Linux Docker images 3.0 through 3.4 contain a blank password for a root user. System using the Crux Linux Docker container deployed by affected versions of the Docker image may allow an attacker to achieve root access with a blank password.

Missing Authentication for Critical Function

The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrect version of runc

CVE-2020-14300 8.8 - High - July 13, 2020

The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in that update was the fix for CVE-2016-9962, that was previously corrected in the docker packages in Red Hat Enterprise Linux 7 Extras via RHSA-2017:0116 (https://access.redhat.com/errata/RHSA-2017:0116). The CVE-2020-14300 was assigned to this security regression and it is specific to the docker packages produced by Red Hat. The original issue - CVE-2016-9962 - could possibly allow a process inside container to compromise a process entering container namespace and execute arbitrary code outside of the container. This could lead to compromise of the container host or other containers running on the same container host. This issue only affects a single version of Docker, 1.13.1-108.git4ef4b30, shipped in Red Hat Enterprise Linux 7. Both earlier and later versions are not affected.

Improper Check for Dropped Privileges

The version of docker as released for Red Hat Enterprise Linux 7 Extras

CVE-2020-14298 8.8 - High - July 13, 2020

The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the container host and other containers running on the same host. This issue only affects docker version 1.13.1-108.git4ef4b30.el7, shipped in Red Hat Enterprise Linux 7 Extras. Both earlier and later versions are not affected.

Improper Check for Dropped Privileges

com.docker.vmnetd in Docker Desktop 2.3.0.3

CVE-2020-15360 7.8 - High - June 27, 2020

com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalation because of a lack of client verification.

AuthZ

An issue was discovered in Docker Engine before 19.03.11

CVE-2020-13401 6 - Medium - June 02, 2020

An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service.

Improper Input Validation

Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM

CVE-2020-10665 6.7 - Medium - March 18, 2020

Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. This affects Docker Desktop Enterprise before 2.1.0.9, Docker Desktop for Windows Stable before 2.2.0.4, and Docker Desktop for Windows Edge before 2.2.2.0.

insecure temporary file

An issue was found in Docker before 1.6.0

CVE-2014-0048 9.8 - Critical - January 02, 2020

An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways.

Improper Input Validation

Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which

CVE-2014-8179 7.5 - High - December 17, 2019

Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation.

Improper Input Validation

Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache

CVE-2014-8178 5.5 - Medium - December 17, 2019

Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands.

Improper Input Validation

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products

CVE-2019-16884 7.5 - High - September 25, 2019

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.

AuthZ

In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command

CVE-2019-13139 8.4 - High - August 22, 2019

In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in command injection into the underlying "git clone" command, leading to code execution in the context of the user executing the "docker build" command. This occurs because git ref can be misinterpreted as a flag.

Shell injection

In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot

CVE-2019-14271 9.8 - Critical - July 29, 2019

In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.

Improper Initialization

docker-credential-helpers before 0.6.3 has a double free in the List functions.

CVE-2019-1020014 5.5 - Medium - July 29, 2019

docker-credential-helpers before 0.6.3 has a double free in the List functions.

Double-free

In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10)

CVE-2019-13509 7.5 - High - July 18, 2019

In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret.

Insertion of Sensitive Information into Log File

In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges

CVE-2018-15664 7.5 - High - May 23, 2019

In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot).

Race Condition

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access

CVE-2019-5736 8.6 - High - February 11, 2019

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.

Shell injection

Docker Engine before 18.09

CVE-2018-20699 4.9 - Medium - January 12, 2019

Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go.

Resource Exhaustion

HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\

CVE-2018-15514 8.8 - High - September 01, 2018

HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the "docker-users" group (who may not otherwise have administrator access) to escalate to administrator privileges.

Marshaling, Unmarshaling

The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames

CVE-2018-10892 5.3 - Medium - July 06, 2018

The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness.

Execution with Unnecessary Privileges

Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier

CVE-2017-14992 6.5 - Medium - November 01, 2017

Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing.

Improper Input Validation

Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which

CVE-2017-11468 7.5 - High - July 20, 2017

Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.

Allocation of Resources Without Limits or Throttling

Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call

CVE-2017-7297 8.8 - High - March 29, 2017

Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. This is fixed in versions rancher/server:v1.2.4, rancher/server:v1.3.5, rancher/server:v1.4.3, and rancher/server:v1.5.3.

libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which

CVE-2016-3697 7.8 - High - June 01, 2016

libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.

Permissions, Privileges, and Access Controls

Libcontainer 1.6.0, as used in Docker Engine

CVE-2015-3629 7.8 - High - May 18, 2015

Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.

insecure temporary file

Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which

CVE-2014-3499 - July 11, 2014

Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

Permissions, Privileges, and Access Controls

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.