| CVE-2026-42306 |
high |
— |
8.0 |
|
|
|
17d ago |
Docker: Race condition in docker cp allows bind mount redirection to host path |
| CVE-2026-41567 |
high |
— |
8.0 |
|
|
|
17d ago |
Docker: `PUT /containers/{id}/archive` executes container binary on the host |
| CVE-2026-34040 |
high |
— |
8.0 |
|
|
|
2mo ago |
Moby has AuthZ plugin bypass when provided oversized request bodies |
| CVE-2015-3629 |
high |
7.8 |
7.8 |
|
|
|
11y ago |
Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an imag… |
| CVE-2014-6407 |
high |
— |
7.5 |
|
|
|
12y ago |
Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation. |
| CVE-2015-3630 |
high |
— |
7.2 |
|
|
|
11y ago |
Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive … |
| CVE-2015-3627 |
high |
— |
7.2 |
|
|
|
11y ago |
Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an … |
| CVE-2014-3499 |
high |
— |
7.2 |
|
|
|
12y ago |
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors. |
| CVE-2015-3631 |
low |
— |
3.6 |
|
|
|
11y ago |
Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc. |
| CVE-2026-33997 |
unknown |
— |
— |
|
|
|
2mo ago |
Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. D… |
| CVE-2025-54410 |
unknown |
— |
— |
|
|
|
10mo ago |
Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulne… |
| CVE-2025-54388 |
unknown |
— |
— |
|
|
|
10mo ago |
Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. In versions 28.2.… |
| CVE-2024-41110 |
unknown |
— |
— |
|
|
|
2y ago |
Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypas… |
| CVE-2024-32473 |
unknown |
— |
— |
|
|
|
2y ago |
Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. In 26.0.0, IPv6 is not disabled on netwo… |
| CVE-2024-29018 |
unknown |
— |
— |
|
|
|
2y ago |
Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows … |
| CVE-2024-24557 |
unknown |
— |
— |
|
|
|
2y ago |
Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to… |
| CVE-2018-12608 |
unknown |
— |
— |
|
|
|
2y ago |
An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows sy… |
| CVE-2020-27534 |
unknown |
— |
— |
|
|
|
2y ago |
util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.T… |
| CVE-2023-28840 |
unknown |
— |
— |
|
|
|
3y ago |
Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon componen… |
| CVE-2023-28841 |
unknown |
— |
— |
|
|
|
3y ago |
Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon componen… |
| CVE-2023-28842 |
unknown |
— |
— |
|
|
|
3y ago |
Moby) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon compone… |
| CVE-2022-36109 |
unknown |
— |
— |
|
|
|
4y ago |
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has di… |
| CVE-2019-14271 |
unknown |
— |
— |
|
|
|
4y ago |
In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the conten… |
| CVE-2019-13509 |
unknown |
— |
— |
|
|
|
4y ago |
In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a… |
| CVE-2014-9356 |
unknown |
— |
— |
|
|
|
5y ago |
Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or… |
