CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-25365
https://notcve.org/view.php?id=CVE-2022-25365
19 Feb 2022 — Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774. Docker Desktop versiones anteriores a 4.5.1 en Windows, permite a atacantes mover archivos arbitrarios. NOTA: este problema se presenta debido a una corrección incompleta de CVE-2022-23774 • https://github.com/followboy1999/CVE-2022-25365 •
CVSS: 7.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33183
https://notcve.org/view.php?id=CVE-2021-33183
01 Jun 2021 — Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability container volume management component in Synology Docker before 18.09.0-0515 allows local users to read or write arbitrary files via unspecified vectors. Una vulnerabilidad de limitación inapropiada de un nombre de ruta a un directorio restringido ("Path Traversal") del componente container volume management en Synology Docker versiones anteriores a 18.09.0-0515, permite a usuarios locales leer o escribir archivos a... • https://www.synology.com/security/advisory/Synology_SA_21_08 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-21284 – privilege escalation in Moby
https://notcve.org/view.php?id=CVE-2021-21284
02 Feb 2021 — In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/
CVSS: 6.5EPSS: 1%CPEs: 4EXPL: 0CVE-2021-21285 – Docker daemon crash during image pull of malicious image
https://notcve.org/view.php?id=CVE-2021-21285
02 Feb 2021 — In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing. En Docker versiones anteriores a 9.03.15, 20.10.3, se presenta una vulnerabilidad en la que al extraer un manifiesto de imagen de Docker malformado intencionalmente, bloquea al demonio dockerd. Las versiones 20.10.3 y 19.03.15 contienen parches que impiden al ... • https://docs.docker.com/engine/release-notes/#20103 • CWE-400: Uncontrolled Resource Consumption CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3162
https://notcve.org/view.php?id=CVE-2021-3162
15 Jan 2021 — Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation. Docker Desktop Community versiones anteriores a 2.5.0.0 en macOS, maneja inapropiadamente una comprobación de certificados, conllevando a una escalada de privilegios local • https://docs.docker.com/docker-for-mac/release-notes/#docker-desktop-community-2500 • CWE-295: Improper Certificate Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27534
https://notcve.org/view.php?id=CVE-2020-27534
30 Dec 2020 — util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call. El archivo util/binfmt_misc/check.go en Builder en Docker Engine versiones anteriores a 9.03.9, llama a os.OpenFile con un nombre de ruta temporal qemu-check potencialmente inseguro, construido con un primer argumento vacío en una llamada de ioutil.TempDir. • http://web.archive.org/web/20200530054359/https://docs.docker.com/engine/release-notes • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-5278
https://notcve.org/view.php?id=CVE-2014-5278
07 Feb 2020 — A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs. Se presenta una vulnerabilidad en Docker versiones anteriores a 1.2, por medio de los nombres de los contenedores, que pueden colisionar y anular los ID de los contenedores. • https://github.com/xxg1413/docker-security/tree/master/CVE-2014-5278 •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2014-0048
https://notcve.org/view.php?id=CVE-2014-0048
02 Jan 2020 — An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways. Se encontró un problema en Docker versiones anteriores a la versión 1.6.0. Algunos programas y scripts en Docker se descargan mediante HTTP y luego ejecutados o usados de manera no segura. • http://www.openwall.com/lists/oss-security/2015/03/24/18 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-8179
https://notcve.org/view.php?id=CVE-2014-8179
04 Dec 2019 — Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation. Docker Engine versiones anteriores a la versión 1.8.3 y CS Docker Engine versiones anteriores a la versión 1.6.2-CS7 no comprueba y extrae apropiadamente el objeto manifiesto desde su representación JSON durante una extracción, lo que permit... • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00014.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-8178
https://notcve.org/view.php?id=CVE-2014-8178
04 Dec 2019 — Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands. Docker Engine versiones anteriores a la versión 1.8.3 y CS Docker Engine versiones anteriores a la versión 1.6.2-CS7, no utilizan un identificador único de forma global para almacenar capas de imágenes, lo que facilita a atacantes envenenar la caché de imágenes por medio de u... • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00014.html • CWE-20: Improper Input Validation •