cbcvebase.

Github.Com Docker Docker vulnerabilities

33 known vulnerabilities affecting github.com/docker_docker.

Total CVEs
33
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH10MEDIUM19LOW2

Vulnerabilities

Page 1 of 2
CVE-2024-41110P2CRITICAL≥ 19.03.0, < 23.0.15≥ 26.0.0, < 26.1.5+2 more2024-07-30
CVE-2024-41110 [CRITICAL] CWE-187 Authz zero length regression Authz zero length regression A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass [authorization plugins (AuthZ)](https://docs.docker.com/engine/extend/plugins_authorization/) under specific circumstances. The base likelihood of this being exploited is low. This advisory outlines the issue, identifies the affected versions, and provides remediation steps for impacte
ghsaosv
CVE-2019-14271P2CRITICAL≥ 19.03.0, < 19.03.12022-05-24
CVE-2019-14271 [CRITICAL] CWE-665 Moby Docker cp broken with debian containers Moby Docker cp broken with debian containers In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.
ghsaosv
CVE-2014-9357P2HIGH≥ 0, < 1.3.32022-02-15
CVE-2014-9357 [HIGH] CWE-285 Arbitrary Code Execution Arbitrary Code Execution Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction.
ghsaosv
CVE-2023-28840P3HIGH≥ 1.12.0, < 20.10.24≥ 23.0.0, < 23.0.32023-04-04
CVE-2023-28840 [HIGH] CWE-420 Docker Swarm encrypted overlay network may be unauthenticated Docker Swarm encrypted overlay network may be unauthenticated [Moby](https://mobyproject.org/) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as [moby/moby](https://github.com/moby/moby) is commonly referred to as *Docker*. S
ghsaosv
CVE-2014-9356P3MEDIUM≥ 0, < 1.3.32021-05-18
CVE-2014-9356 [MEDIUM] CWE-22 Path Traversal in Docker Path Traversal in Docker Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile.
ghsaosv
CVE-2014-6407P3HIGH≥ 0, < 1.3.22022-02-15
CVE-2014-6407 [HIGH] CWE-59 Arbitrary Code Execution in Docker Arbitrary Code Execution in Docker Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.
ghsaosv
CVE-2024-29018P3MEDIUM≥ 26.0.0-rc1, < 26.0.0-rc3≥ 25.0.0, < 25.0.5+1 more2024-03-20
CVE-2024-29018 [MEDIUM] CWE-669 Moby's external DNS requests from 'internal' networks could lead to data exfiltration Moby's external DNS requests from 'internal' networks could lead to data exfiltration Moby is an open source container framework originally developed by Docker Inc. as Docker. It is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. As a batteries-included container runtime, Moby comes with a built-in networking implementa
ghsaosv
CVE-2019-13509P3HIGH≥ 0, < 18.09.82022-05-24
CVE-2019-13509 [HIGH] CWE-532 Secret insertion into debug log in Docker Secret insertion into debug log in Docker In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret.
ghsaosv
CVE-2026-41567P3HIGH≥ 0, ≤ 28.5.22026-05-18
CVE-2026-41567 [HIGH] CWE-427 Docker: `PUT /containers/{id}/archive` executes container binary on the host Docker: `PUT /containers/{id}/archive` executes container binary on the host ## Summary When a user uploads a compressed archive into a container, a malicious image can execute arbitrary code with daemon (host root) privileges. ## Details When handling `PUT /containers/{id}/archive` requests with compressed archives, the daemon decompresses them using external system binaries. Due to in
ghsa
CVE-2023-28842P3MEDIUM≥ 1.12.0, < 20.10.24≥ 23.0.0, < 23.0.32023-04-04
CVE-2023-28842 [MEDIUM] CWE-420 Docker Swarm encrypted overlay network with a single endpoint is unauthenticated Docker Swarm encrypted overlay network with a single endpoint is unauthenticated [Moby](https://mobyproject.org/) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as [moby/moby](https://github.com/moby/moby)
ghsaosv
CVE-2024-24557P3MEDIUM≥ 0, < 24.0.9≥ 25.0.0, < 25.0.22024-02-01
CVE-2024-24557 [MEDIUM] CWE-345 Classic builder cache poisoning Classic builder cache poisoning The classic builder cache system is prone to cache poisoning if the image is built `FROM scratch`. Also, changes to some instructions (most important being `HEALTHCHECK` and `ONBUILD`) would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candida
ghsaosv
CVE-2023-28841P3MEDIUM≥ 1.12.0, < 20.10.24≥ 23.0.0, < 23.0.32023-04-04
CVE-2023-28841 [MEDIUM] CWE-311 Docker Swarm encrypted overlay network traffic may be unencrypted Docker Swarm encrypted overlay network traffic may be unencrypted [Moby](https://mobyproject.org/) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as [moby/moby](https://github.com/moby/moby) is commonly referred to as *D
ghsaosv
CVE-2018-12608P3HIGH≥ 0, < 17.06.0-ce2024-01-31
CVE-2018-12608 [HIGH] CWE-288 Docker Authentication Bypass Docker Authentication Bypass An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root CA (as opposed to one signed by the configured CA root certificate) to authenticate.
ghsaosv
CVE-2026-42306P3HIGH≥ 0, ≤ 28.5.22026-05-18
CVE-2026-42306 [HIGH] CWE-367 Docker: Race condition in docker cp allows bind mount redirection to host path Docker: Race condition in docker cp allows bind mount redirection to host path ## Summary A race condition during `docker cp` mount setup allows a malicious container to redirect a bind mount target to an arbitrary host path, potentially overwriting host files or causing denial of service. ## Details When copying files into a container, the daemon sets up a temporary filesystem view b
ghsa
CVE-2022-36109P3MEDIUM≥ 0, < 20.10.182022-09-16
CVE-2022-36109 [MEDIUM] CWE-863 Docker supplementary group permissions not set up properly, allowing attackers to bypass primary group restrictions Docker supplementary group permissions not set up properly, allowing attackers to bypass primary group restrictions Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manip
ghsaosv
CVE-2015-3629P3HIGH≥ 1.6.0, < 1.6.12022-02-15
CVE-2015-3629 [HIGH] CWE-59 Arbitrary File Write in Libcontainer Arbitrary File Write in Libcontainer Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.
ghsaosv
CVE-2021-41091P3MEDIUM≥ 0, < 20.10.92024-01-31
CVE-2021-41091 [MEDIUM] CWE-281 Moby (Docker Engine) Insufficiently restricted permissions on data directory Moby (Docker Engine) Insufficiently restricted permissions on data directory ## Impact A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable progr
ghsaosv
CVE-2014-9358P4MEDIUM≥ 0, < 1.3.22022-02-15
CVE-2014-9358 [MEDIUM] CWE-59 Directory Traversal in Docker Directory Traversal in Docker Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation or (2) "registry communications."
ghsaosv
CVE-2014-6408P4MEDIUM≥ 1.3.0, < 1.3.22022-02-15
CVE-2014-6408 [MEDIUM] CWE-285 Access Restriction Bypass in Docker Access Restriction Bypass in Docker Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image.
ghsaosv
CVE-2021-41089P4LOW≥ 0, < 20.10.92024-06-10
CVE-2021-41089 [LOW] CWE-281 `docker cp` allows unexpected chmod of host files in Moby Docker Engine `docker cp` allows unexpected chmod of host files in Moby Docker Engine ## Impact A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed with
ghsaosv
Github.Com Docker Docker vulnerabilities | cvebase