Docker CVE - CVE Search - CVE Details

Filtered by vendor Docker Subscribe

Total 85 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2014-0047	1 Docker	1 Docker	2017-10-13	4.6 MEDIUM	7.8 HIGH
Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage.
CVE-2016-6595	1 Docker	1 Docker	2017-08-15	4.0 MEDIUM	6.5 MEDIUM
DISPUTED The SwarmKit toolkit 1.12.0 for Docker allows remote authenticated users to cause a denial of service (prevention of cluster joins) via a long sequence of join and quit actions. NOTE: the vendor disputes this issue, stating that this sequence is not "removing the state that is left by old nodes. At some point the manager obviously stops being able to accept new nodes, since it runs out of memory. Given that both for Docker swarm and for Docker Swarmkit nodes are required to provide a secret token (it's actually the only mode of operation), this means that no adversary can simply join nodes and exhaust manager resources. We can't do anything about a manager running out of memory and not being able to add new legitimate nodes to the system. This is merely a resource provisioning issue, and definitely not a CVE worthy vulnerability."
CVE-2016-8867	1 Docker	1 Docker	2017-07-27	5.0 MEDIUM	7.5 HIGH
Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or mounted volumes.
CVE-2014-6407	1 Docker	1 Docker	2014-12-15	7.5 HIGH	N/A
Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.
CVE-2014-6408	1 Docker	1 Docker	2014-12-15	5.0 MEDIUM	N/A
Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image.

Vulnerabilities (CVE)