Debian Docker.Io vulnerabilities

CVE-2026-34040 [HIGH] CVE-2026-34040: docker.io - Moby is an open source container framework. Prior to version 29.3.1, a security ... Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2026-33997 [MEDIUM] CVE-2026-33997: docker.io - Moby is an open source container framework. Prior to version 29.3.1, a security ... Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a privilege set that differs from the one approved by the user. Plugins

CVE-2025-54410 [LOW] CVE-2025-54410: docker.io - Moby is an open source container framework developed by Docker Inc. that is dist... Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby releases before 28.0.0. When firewalld reloads, Docker fails to re-create iptables rules that isolate bridge networks, allowing any container to a

CVE-2025-54388 [MEDIUM] CVE-2025-54388: docker.io - Moby is an open source container framework developed by Docker Inc. that is dist... Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. In versions 28.2.0 through 28.3.2, when the firewalld service is reloaded it removes all iptables rules including those created by Docker. While Docker should automatically recreate

CVE-2024-41110 [CRITICAL] CVE-2024-41110: docker.io - Moby is an open-source project created by Docker for software containerization. ... Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low. Using a specially-crafted API request, an Engine

CVE-2024-36623 [HIGH] CVE-2024-36623: docker.io - moby through v25.0.3 has a Race Condition vulnerability in the streamformatter p... moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 26.1.4+dfsg1-9) sid: resolved (fixed in 26.1.4+dfsg1-9) trixie: resolved (fixed in 26.1.4+d

CVE-2024-32473 [MEDIUM] CVE-2024-32473: docker.io - Moby is an open source container framework that is a key component of Docker Eng... Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. In 26.0.0, IPv6 is not disabled on network interfaces, including those belonging to networks where `--ipv6=false`. An container with an `ipvlan` or `macvlan` interface will normally be configured to share

CVE-2024-36621 [MEDIUM] CVE-2024-36621: docker.io - moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/sn... moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 26.1.4+dfsg1-9) sid: resolved (fixed in 26.1.4+dfsg1-9) trixie

CVE-2024-24557 [MEDIUM] CVE-2024-24557: docker.io - Moby is an open-source project created by Docker to enable software containeriza... Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using cou

CVE-2024-29018 [MEDIUM] CVE-2024-29018: docker.io - Moby is an open source container framework that is a key component of Docker Eng... Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows for many networks, each with their own IP address range and gateway, to be defined. This feature is frequently referred to as custom networks, as each network can ha

CVE-2024-36620 [MEDIUM] CVE-2024-36620: docker.io - moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/imag... moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2023-28840 [HIGH] CVE-2023-28840: docker.io - Moby is an open source container framework developed by Docker Inc. that is dist... Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in dockerd and is thus p

CVE-2023-28841 [MEDIUM] CVE-2023-28841: docker.io - Moby is an open source container framework developed by Docker Inc. that is dist... Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in `dockerd` and is thu

CVE-2023-28842 [MEDIUM] CVE-2023-28842: docker.io - Moby) is an open source container framework developed by Docker Inc. that is dis... Moby) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in `dockerd` and is th

CVE-2022-36109 [MEDIUM] CVE-2022-36109: docker.io - Moby is an open-source project created by Docker to enable software containeriza... Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions

CVE-2021-21284 [MEDIUM] CVE-2021-21284: docker.io - In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving th... In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/" that cause writing files with ex

CVE-2021-21285 [MEDIUM] CVE-2021-21285: docker.io - In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pul... In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing. Scope: local bookworm: resolved (fixed in 20.10.3+dfsg1-1) bullseye: resolved (fixed in 20.10.3+dfsg1-1) forky: resol

CVE-2021-41091 [MEDIUM] CVE-2021-41091: docker.io - Moby is an open-source project created by Docker to enable software containeriza... Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers i

CVE-2021-41092 [MEDIUM] CVE-2021-41092: docker.io - Docker CLI is the command line interface for the docker container runtime. A bug... Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent

CVE-2021-41089 [LOW] CVE-2021-41089: docker.io - Moby is an open-source project created by Docker to enable software containeriza... Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to