cbcvebase.

Github.Com Docker Docker vulnerabilities

33 known vulnerabilities affecting github.com/docker_docker.

Total CVEs
33
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH10MEDIUM19LOW2

Vulnerabilities

Page 2 of 2
CVE-2015-3627P4MEDIUM≥ 0, < 1.6.12022-02-15
CVE-2015-3627 [MEDIUM] CWE-59 Symlink Attack in Libcontainer and Docker Engine Symlink Attack in Libcontainer and Docker Engine Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.
ghsaosv
CVE-2026-41568P4MEDIUM≥ 0, ≤ 28.5.22026-05-18
CVE-2026-41568 [MEDIUM] CWE-367 Docker: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap Docker: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap ## Summary A race condition during `docker cp` mount setup allows a malicious container to create empty files or directories at arbitrary absolute paths on the host filesystem. This advisory covers the race during mountpoint creation. The related race d
ghsa
CVE-2020-27534P4MEDIUM≥ 0, < 19.03.92024-01-31
CVE-2020-27534 [MEDIUM] CWE-22 Path Traversal in Moby builder Path Traversal in Moby builder util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call.
ghsaosv
CVE-2024-32473P4MEDIUM≥ 26.0.0, < 26.0.22024-04-18
CVE-2024-32473 [MEDIUM] CWE-668 IPv6 enabled on IPv4-only network interfaces IPv6 enabled on IPv4-only network interfaces In 26.0.0 and 26.0.1, IPv6 is not disabled on network interfaces, including those belonging to networks where `--ipv6=false`. ### Impact A container with an `ipvlan` or `macvlan` interface will normally be configured to share an external network link with the host machine. Because of this direct access, with IPv6 enabled: - Containers may be able to communicate with other
ghsaosv
CVE-2022-39253P4MEDIUMCVSS 5.5≥ 0, < 20.10.202022-11-11
[MEDIUM] CWE-200 Container build can leak any path on the host into the container Container build can leak any path on the host into the container ### Description Moby is the open source Linux container runtime and set of components used to build a variety of downstream container runtimes, including Docker CE, Mirantis Container Runtime (formerly Docker EE), and Docker Desktop. Moby allows for building container images using a set of build instructions (usually named and referred to as a "Dock
ghsaosv
CVE-2022-24769P4MEDIUM≥ 0, < 20.10.142024-04-22
CVE-2022-24769 [MEDIUM] CWE-732 Moby (Docker Engine) started with non-empty inheritable Linux process capabilities Moby (Docker Engine) started with non-empty inheritable Linux process capabilities ### Impact A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set durin
ghsaosv
CVE-2014-3499P4HIGH≥ 0, < 1.0.12022-02-15
CVE-2014-3499 [HIGH] CWE-269 Privilege Escalation in Docker Privilege Escalation in Docker Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.
ghsaosv
CVE-2020-8694P4MEDIUMCVSS 5.5≥ 24.0.0, < 24.0.7≥ 21.0.0, < 23.0.8+1 more2023-10-30
[MEDIUM] /sys/devices/virtual/powercap accessible by default to containers /sys/devices/virtual/powercap accessible by default to containers Intel's RAPL (Running Average Power Limit) feature, introduced by the Sandy Bridge microarchitecture, provides software insights into hardware energy consumption. To facilitate this, Intel introduced the powercap framework in Linux kernel 3.13, which reads values via relevant MSRs (model specific registers) and provides unprivileged userspace access via `s
ghsaosv
CVE-2015-3630P4HIGH≥ 1.6.0, < 1.6.12022-02-15
CVE-2015-3630 [HIGH] CWE-285 Information Exposure in Docker Engine Information Exposure in Docker Engine Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image.
ghsaosv
CVE-2025-54410P4LOW≥ 0, < 25.0.13≥ 26.0.0-rc1, < 28.0.02025-07-29
CVE-2025-54410 [LOW] CWE-909 Moby firewalld reload removes bridge network isolation Moby firewalld reload removes bridge network isolation Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (dockerd), which is developed as [moby/moby](https://github.com/moby/moby) is commonly referred to as Docker, or Docker Engine. Firewalld is a daemon u
ghsaosv
CVE-2014-5277P4MEDIUM≥ 0, < 1.3.12022-02-15
CVE-2014-5277 [MEDIUM] Man-in-the-Middle (MitM) Man-in-the-Middle (MitM) Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic.
ghsaosv
CVE-2025-54388P4MEDIUM≥ 28.2.0, < 28.3.32025-07-29
CVE-2025-54388 [MEDIUM] CWE-909 Moby firewalld reload makes published container ports accessible from remote hosts Moby firewalld reload makes published container ports accessible from remote hosts Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (dockerd), which is developed as [moby/moby](https://github.com/moby/moby) is commonly referr
ghsaosv
CVE-2015-3631P4MEDIUM≥ 0, < 1.6.12022-02-15
CVE-2015-3631 [MEDIUM] CWE-285 Arbitrary File Override in Docker Engine Arbitrary File Override in Docker Engine Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc.
ghsaosv
Github.Com Docker Docker vulnerabilities | cvebase