Vulnerabilities > Docker > Docker
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-02-19 | CVE-2022-25365 | Unspecified vulnerability in Docker Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. | 4.6 |
2021-02-02 | CVE-2021-21285 | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. | 6.5 |
2021-02-02 | CVE-2021-21284 | Path Traversal vulnerability in multiple products In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. | 2.7 |
2021-01-15 | CVE-2021-3162 | Improper Certificate Validation vulnerability in Docker Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation. | 4.6 |
2020-12-30 | CVE-2020-27534 | Path Traversal vulnerability in Docker util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call. | 5.0 |
2020-07-13 | CVE-2020-14300 | Improper Check for Dropped Privileges vulnerability in multiple products The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrect version of runc that was missing multiple bug and security fixes. | 8.8 |
2020-07-13 | CVE-2020-14298 | Improper Check for Dropped Privileges vulnerability in multiple products The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. | 8.8 |
2020-02-07 | CVE-2014-5278 | Unspecified vulnerability in Docker A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs. | 5.3 |
2020-01-02 | CVE-2014-0048 | Improper Input Validation vulnerability in multiple products An issue was found in Docker before 1.6.0. | 9.8 |
2019-12-17 | CVE-2014-8179 | Improper Input Validation vulnerability in multiple products Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation. | 7.5 |