CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-25365
https://notcve.org/view.php?id=CVE-2022-25365
19 Feb 2022 — Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774. Docker Desktop versiones anteriores a 4.5.1 en Windows, permite a atacantes mover archivos arbitrarios. NOTA: este problema se presenta debido a una corrección incompleta de CVE-2022-23774 • https://github.com/followboy1999/CVE-2022-25365 •
CVSS: 7.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33183
https://notcve.org/view.php?id=CVE-2021-33183
01 Jun 2021 — Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability container volume management component in Synology Docker before 18.09.0-0515 allows local users to read or write arbitrary files via unspecified vectors. Una vulnerabilidad de limitación inapropiada de un nombre de ruta a un directorio restringido ("Path Traversal") del componente container volume management en Synology Docker versiones anteriores a 18.09.0-0515, permite a usuarios locales leer o escribir archivos a... • https://www.synology.com/security/advisory/Synology_SA_21_08 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-21284 – privilege escalation in Moby
https://notcve.org/view.php?id=CVE-2021-21284
02 Feb 2021 — In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/
CVSS: 6.5EPSS: 1%CPEs: 4EXPL: 0CVE-2021-21285 – Docker daemon crash during image pull of malicious image
https://notcve.org/view.php?id=CVE-2021-21285
02 Feb 2021 — In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing. En Docker versiones anteriores a 9.03.15, 20.10.3, se presenta una vulnerabilidad en la que al extraer un manifiesto de imagen de Docker malformado intencionalmente, bloquea al demonio dockerd. Las versiones 20.10.3 y 19.03.15 contienen parches que impiden al ... • https://docs.docker.com/engine/release-notes/#20103 • CWE-400: Uncontrolled Resource Consumption CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3162
https://notcve.org/view.php?id=CVE-2021-3162
15 Jan 2021 — Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation. Docker Desktop Community versiones anteriores a 2.5.0.0 en macOS, maneja inapropiadamente una comprobación de certificados, conllevando a una escalada de privilegios local • https://docs.docker.com/docker-for-mac/release-notes/#docker-desktop-community-2500 • CWE-295: Improper Certificate Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27534
https://notcve.org/view.php?id=CVE-2020-27534
30 Dec 2020 — util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call. El archivo util/binfmt_misc/check.go en Builder en Docker Engine versiones anteriores a 9.03.9, llama a os.OpenFile con un nombre de ruta temporal qemu-check potencialmente inseguro, construido con un primer argumento vacío en una llamada de ioutil.TempDir. • http://web.archive.org/web/20200530054359/https://docs.docker.com/engine/release-notes • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-14300 – docker: Security regression of CVE-2016-9962 due to inclusion of vulnerable runc
https://notcve.org/view.php?id=CVE-2020-14300
23 Jun 2020 — The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in that update was the fix for CVE-2016-9962, that was previously corrected in the docker packages in Red Hat Enterprise Linux 7 Extras via RHSA-2017:0116 (https://access.redhat.com/errata/RHSA-2017:0116). The CVE-202... • https://access.redhat.com/errata/RHBA-2020:0427 • CWE-271: Privilege Dropping / Lowering Errors CWE-273: Improper Check for Dropped Privileges •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-14298 – docker: Security regression of CVE-2019-5736 due to inclusion of vulnerable runc
https://notcve.org/view.php?id=CVE-2020-14298
23 Jun 2020 — The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the container host and other containers running on the same host. This issue only affects docker version 1.13.1-108.git4ef4b30.el7, shipped in Red Hat Enterprise Linux 7 Extras. Both earlier and later versions are not ... • https://access.redhat.com/errata/RHBA-2020:0427 • CWE-271: Privilege Dropping / Lowering Errors CWE-273: Improper Check for Dropped Privileges •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-5278
https://notcve.org/view.php?id=CVE-2014-5278
07 Feb 2020 — A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs. Se presenta una vulnerabilidad en Docker versiones anteriores a 1.2, por medio de los nombres de los contenedores, que pueden colisionar y anular los ID de los contenedores. • https://github.com/xxg1413/docker-security/tree/master/CVE-2014-5278 •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2014-0048
https://notcve.org/view.php?id=CVE-2014-0048
02 Jan 2020 — An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways. Se encontró un problema en Docker versiones anteriores a la versión 1.6.0. Algunos programas y scripts en Docker se descargan mediante HTTP y luego ejecutados o usados de manera no segura. • http://www.openwall.com/lists/oss-security/2015/03/24/18 • CWE-20: Improper Input Validation •