| CVE-2014-9357 |
critical |
— |
10.0 |
|
|
|
12y ago |
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive ex… |
| CVE-2026-42306 |
high |
— |
8.0 |
|
|
|
17d ago |
Docker: Race condition in docker cp allows bind mount redirection to host path |
| CVE-2026-41567 |
high |
— |
8.0 |
|
|
|
17d ago |
Docker: `PUT /containers/{id}/archive` executes container binary on the host |
| CVE-2026-34040 |
high |
— |
8.0 |
|
|
|
2mo ago |
Moby has AuthZ plugin bypass when provided oversized request bodies |
| CVE-2015-3629 |
high |
7.8 |
7.8 |
|
|
|
11y ago |
Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an imag… |
| CVE-2014-6407 |
high |
— |
7.5 |
|
|
|
12y ago |
Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation. |
| CVE-2015-3630 |
high |
— |
7.2 |
|
|
|
11y ago |
Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive … |
| CVE-2015-3627 |
high |
— |
7.2 |
|
|
|
11y ago |
Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an … |
| CVE-2014-3499 |
high |
— |
7.2 |
|
|
|
12y ago |
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors. |
| CVE-2014-9358 |
medium |
— |
6.4 |
|
|
|
12y ago |
Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation o… |
| CVE-2026-41568 |
medium |
— |
5.5 |
|
|
|
17d ago |
Docker: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap |
| CVE-2021-41089 |
medium |
— |
5.5 |
|
|
|
2y ago |
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted… |
| CVE-2021-41091 |
medium |
— |
5.5 |
|
|
|
2y ago |
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirec… |
| CVE-2014-6408 |
medium |
— |
5.0 |
|
|
|
12y ago |
Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image. |
| CVE-2014-5277 |
medium |
— |
5.0 |
|
|
|
12y ago |
Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain auth… |
| CVE-2015-3631 |
low |
— |
3.6 |
|
|
|
11y ago |
Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc. |
