Search CVE reports
31 – 40 of 54 results
CVE-2019-13509
Low priorityIn Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack...
1 affected packages
docker.io
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
docker.io | — | — | — | Not affected | Not affected |
CVE-2018-15664
Medium priorityIn Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root...
1 affected packages
docker.io
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
docker.io | — | — | — | Fixed | Fixed |
CVE-2019-5736
Medium priorityrunc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within...
2 affected packages
docker.io, runc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
docker.io | — | — | — | Fixed | Fixed |
runc | — | — | — | Fixed | Fixed |
CVE-2018-20699
Negligible priorityDocker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and...
1 affected packages
docker.io
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
docker.io | — | — | — | Fixed | Fixed |
CVE-2018-12608
Low priorityAn issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client...
1 affected packages
docker.io
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
docker.io | — | — | — | Fixed | Fixed |
CVE-2018-10892
Medium prioritySome fixes available 3 of 4
The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning...
1 affected packages
docker.io
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
docker.io | — | — | — | Fixed | Fixed |
CVE-2014-5282
Medium priorityDocker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'.
1 affected packages
docker.io
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
docker.io | — | — | — | — | Not affected |
CVE-2017-16539
Medium prioritySome fixes available 3 of 5
The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker...
1 affected packages
docker.io
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
docker.io | — | — | — | Fixed | Fixed |
CVE-2017-14992
Low prioritySome fixes available 15 of 18
Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a...
2 affected packages
docker.io, golang-github-vbatts-tar-split
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
docker.io | Fixed | Fixed | Fixed | Fixed | Fixed |
golang-github-vbatts-tar-split | Not affected | Not affected | Not affected | Not affected | Vulnerable |
CVE-2014-0047
Low prioritySome fixes available 2 of 6
Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage.
1 affected packages
docker.io
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
docker.io | — | — | — | — | Fixed |