Vulnerabilities > Docker
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-03-31 | CVE-2015-9259 | Unrestricted Upload of File with Dangerous Type vulnerability in Docker Notary In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. | 7.5 |
2018-03-31 | CVE-2015-9258 | Cryptographic Issues vulnerability in Docker Notary In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. | 5.0 |
2018-02-06 | CVE-2014-5282 | Improper Input Validation vulnerability in Docker Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'. | 8.1 |
2017-11-01 | CVE-2017-14992 | Improper Input Validation vulnerability in Docker Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing. | 6.5 |
2017-10-06 | CVE-2014-0047 | Temporary File Creation vulnerability in Docker Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage. | 4.6 |
2017-07-20 | CVE-2017-11468 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint. | 7.5 |
2017-01-31 | CVE-2016-9962 | Race Condition vulnerability in Docker RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. | 6.4 |
2017-01-04 | CVE-2016-6595 | Resource Management Errors vulnerability in Docker 1.12.0 The SwarmKit toolkit 1.12.0 for Docker allows remote authenticated users to cause a denial of service (prevention of cluster joins) via a long sequence of join and quit actions. | 6.5 |
2016-10-28 | CVE-2016-8867 | Permissions, Privileges, and Access Controls vulnerability in Docker 1.12.2 Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. | 5.0 |
2016-06-01 | CVE-2016-3697 | Permissions, Privileges, and Access Controls vulnerability in multiple products libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container. | 2.1 |