Shodan
Vulnerabilities
Vulnerable Software
Docker:  >> Docker  >> 0.1.3  Security Vulnerabilities
CVE-2014-5282
Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'.
CVSS Score
8.1
EPSS Score
0.006
Published
2018-02-06
CVE-2014-0047
Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-10-06
CVE-2016-3697
libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.
CVSS Score
7.8
EPSS Score
0.001
Published
2016-06-01
CVE-2015-3631
Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc.
CVSS Score
3.6
EPSS Score
0.001
Published
2015-05-18
CVE-2015-3630
Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image.
CVSS Score
7.2
EPSS Score
0.001
Published
2015-05-18
CVE-2015-3627
Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.
CVSS Score
7.2
EPSS Score
0.001
Published
2015-05-18
CVE-2014-9358
Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation or (2) "registry communications."
CVSS Score
6.4
EPSS Score
0.003
Published
2014-12-16
CVE-2014-6407
Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.
CVSS Score
7.5
EPSS Score
0.056
Published
2014-12-12
CVE-2014-5277
Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic.
CVSS Score
5.0
EPSS Score
0.007
Published
2014-11-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved