Vulnerabilities > Docker > Docker > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-11-01 | CVE-2017-14992 | Improper Input Validation vulnerability in Docker Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing. | 6.5 |
2017-10-06 | CVE-2014-0047 | Temporary File Creation vulnerability in Docker Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage. | 4.6 |
2017-01-31 | CVE-2016-9962 | Race Condition vulnerability in Docker RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. | 6.4 |
2017-01-04 | CVE-2016-6595 | Resource Management Errors vulnerability in Docker 1.12.0 The SwarmKit toolkit 1.12.0 for Docker allows remote authenticated users to cause a denial of service (prevention of cluster joins) via a long sequence of join and quit actions. | 6.5 |
2016-10-28 | CVE-2016-8867 | Permissions, Privileges, and Access Controls vulnerability in Docker 1.12.2 Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. | 5.0 |
2014-12-12 | CVE-2014-6408 | Permissions, Privileges, and Access Controls vulnerability in Docker 1.3.0/1.3.1 Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image. | 5.0 |