Search
Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9358 | 1 Docker | 1 Docker | 2018-10-09 | 6.4 MEDIUM | N/A |
| Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation or (2) "registry communications." | |||||
| CVE-2014-9357 | 1 Docker | 1 Docker | 2018-10-09 | 10.0 HIGH | N/A |
| Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction. | |||||
| CVE-2015-3631 | 1 Docker | 1 Docker | 2018-08-13 | 3.6 LOW | N/A |
| Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc. | |||||
| CVE-2014-5277 | 1 Docker | 2 Docker, Docker-py | 2018-08-13 | 5.0 MEDIUM | N/A |
| Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic. | |||||
| CVE-2015-3627 | 1 Docker | 2 Docker, Libcontainer | 2018-08-13 | 7.2 HIGH | N/A |
| Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image. | |||||
| CVE-2015-3630 | 1 Docker | 1 Docker | 2018-08-13 | 7.2 HIGH | N/A |
| Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image. | |||||
| CVE-2014-6408 | 1 Docker | 1 Docker | 2014-12-15 | 5.0 MEDIUM | N/A |
| Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image. | |||||
| CVE-2014-6407 | 1 Docker | 1 Docker | 2014-12-15 | 7.5 HIGH | N/A |
| Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation. | |||||
| CVE-2014-3499 | 2 Docker, Fedoraproject | 2 Docker, Fedora | 2014-07-11 | 7.2 HIGH | N/A |
| Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors. | |||||