Skip to main content

Docker

820 CVEs product

Monthly

CVE-2015-3629 Go HIGH PATCH This Week

Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Docker Information Disclosure Libcontainer Opensuse
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2015-3627 Go HIGH PATCH This Week

Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Docker Information Disclosure Libcontainer
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2015-1843 MEDIUM This Month

The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Docker Red Hat Information Disclosure
NVD
CVSS 2.0
4.3
EPSS
1.5%
CVE-2014-9358 Go MEDIUM PATCH This Month

Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Docker Path Traversal
NVD
CVSS 2.0
6.4
EPSS
0.4%
CVE-2014-9357 Go CRITICAL PATCH Act Now

Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 36.2%.

Docker RCE Privilege Escalation
NVD
CVSS 2.0
10.0
EPSS
36.2%
CVE-2014-6408 Go MEDIUM PATCH This Month

Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Docker Privilege Escalation
NVD
CVSS 2.0
5.0
EPSS
1.6%
CVE-2014-6407 Go HIGH PATCH This Week

Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Docker RCE
NVD
CVSS 2.0
7.5
EPSS
5.9%
CVE-2014-5277 LIB MEDIUM PATCH This Month

Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Docker Information Disclosure Docker Py
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-3499 Go HIGH PATCH This Week

Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Docker Privilege Escalation Fedora
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2025-54388 Go MEDIUM PATCH This Month

Docker on Alpine Linux contains an uncharacterized vulnerability addressed in the 28.3.3-r0 Alpine package release. The sparse disclosure - a single-line vendor advisory from Alpine Linux with no CVSS score, CWE, or technical description - means the specific vulnerability class, attack surface, and impact are not determinable from available data. With an EPSS score of 0.03% (10th percentile), exploitation probability is assessed as very low at this time, and no public exploit code or CISA KEV listing has been identified.

Docker Information Disclosure
NVD
EPSS
0.0%
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Docker Information Disclosure Libcontainer +1
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Docker Information Disclosure Libcontainer
NVD
EPSS 2% CVSS 4.3
MEDIUM This Month

The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Docker Red Hat Information Disclosure
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Docker Path Traversal
NVD
EPSS 36% CVSS 10.0
CRITICAL PATCH Act Now

Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 36.2%.

Docker RCE Privilege Escalation
NVD
EPSS 2% CVSS 5.0
MEDIUM PATCH This Month

Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Docker Privilege Escalation
NVD
EPSS 6% CVSS 7.5
HIGH PATCH This Week

Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Docker RCE
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Docker Information Disclosure Docker Py
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Docker Privilege Escalation Fedora
NVD
EPSS 0%
MEDIUM PATCH This Month

Docker on Alpine Linux contains an uncharacterized vulnerability addressed in the 28.3.3-r0 Alpine package release. The sparse disclosure - a single-line vendor advisory from Alpine Linux with no CVSS score, CWE, or technical description - means the specific vulnerability class, attack surface, and impact are not determinable from available data. With an EPSS score of 0.03% (10th percentile), exploitation probability is assessed as very low at this time, and no public exploit code or CISA KEV listing has been identified.

Docker Information Disclosure
NVD
Prev Page 10 of 10

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy