Vulnerabilities > Docker > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-18 | CVE-2020-10665 | Link Following vulnerability in Docker Desktop Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. | 6.7 |
| 2020-02-07 | CVE-2014-5278 | Unspecified vulnerability in Docker A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs. | 5.3 |
| 2019-12-17 | CVE-2014-8178 | Improper Input Validation vulnerability in multiple products Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands. | 5.5 |
| 2019-07-29 | CVE-2019-1020014 | Double Free vulnerability in multiple products docker-credential-helpers before 0.6.3 has a double free in the List functions. | 5.5 |
| 2019-01-12 | CVE-2018-20699 | Resource Exhaustion vulnerability in multiple products Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go. | 4.9 |
| 2018-07-06 | CVE-2018-10892 | Execution with Unnecessary Privileges vulnerability in multiple products The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. | 5.3 |
| 2017-11-01 | CVE-2017-14992 | Improper Input Validation vulnerability in Docker Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing. | 6.5 |
| 2017-01-31 | CVE-2016-9962 | Race Condition vulnerability in Docker RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. | 6.4 |
| 2017-01-04 | CVE-2016-6595 | Resource Management Errors vulnerability in Docker 1.12.0 The SwarmKit toolkit 1.12.0 for Docker allows remote authenticated users to cause a denial of service (prevention of cluster joins) via a long sequence of join and quit actions. | 6.5 |