Filtered by vendor Docker
Subscribe
Total
105 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-64443 | 1 Docker | 1 Mcp Gateway | 2026-03-10 | N/A | 9.6 CRITICAL |
| MCP Gateway allows easy and secure running and deployment of MCP servers. In versions 0.27.0 and earlier, when MCP Gateway runs in sse or streaming transport mode, it is vulnerable to DNS rebinding. An attacker who can get a victim to visit a malicious website or be served a malicious advertisement can perform browser-based exploitation of MCP servers executing behind the gateway, including manipulating tools or other features exposed by those MCP servers. MCP Gateway is not affected when running in the default stdio mode, which does not listen on network ports. Version 0.28.0 fixes this issue. | |||||
| CVE-2025-15558 | 2 Docker, Microsoft | 2 Command Line Interface, Windows | 2026-03-09 | N/A | 8.0 HIGH |
| Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that are executed when a victim user opens Docker Desktop or invokes Docker CLI plugin features, and allow privilege-escalation if the docker CLI is executed as a privileged user. This issue affects Docker CLI: through 29.1.5 and Windows binaries acting as a CLI-plugin manager using the github.com/docker/cli/cli-plugins/manager https://pkg.go.dev/github.com/docker/cli@v29.1.5+incompatible/cli-plugins/manager package, such as Docker Compose. This issue does not impact non-Windows binaries, and projects not using the plugin-manager code. | |||||
| CVE-2026-2664 | 1 Docker | 1 Desktop | 2026-02-27 | N/A | 7.8 HIGH |
| An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 could allow a local attacker to cause an unspecified impact by writing to /proc/docker entries. The issue has been fixed in Docker Desktop 4.62.0 . | |||||
| CVE-2022-34883 | 3 Docker, Hitachi, Microsoft | 3 Docker, Raid Manager Storage Replication Adapter, Windows | 2026-02-25 | N/A | 7.2 HIGH |
| OS Command Injection vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to execute arbitrary OS commands. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker. | |||||
| CVE-2022-34882 | 3 Docker, Hitachi, Microsoft | 3 Docker, Raid Manager Storage Replication Adapter, Windows | 2026-02-25 | N/A | 9.0 CRITICAL |
| Information Exposure Through an Error Message vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to gain sensitive information. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker. | |||||
| CVE-2025-13743 | 1 Docker | 1 Docker Desktop | 2026-01-30 | N/A | 7.5 HIGH |
| Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred. | |||||
| CVE-2019-15752 | 3 Apache, Docker, Microsoft | 3 Geode, Docker, Windows | 2025-11-06 | 9.3 HIGH | 7.8 HIGH |
| Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command. | |||||
| CVE-2025-3224 | 1 Docker | 1 Desktop | 2025-05-10 | N/A | 7.8 HIGH |
| A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subdirectories under the path C:\ProgramData\Docker\config with high privileges. However, this directory often does not exist by default, and C:\ProgramData\ allows normal users to create new directories. By creating a malicious Docker\config folder structure at this location, an attacker can force the privileged update process to delete or manipulate arbitrary system files, leading to Elevation of Privilege. | |||||
| CVE-2014-0047 | 1 Docker | 1 Docker | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage. | |||||
| CVE-2017-14992 | 1 Docker | 1 Docker | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing. | |||||
| CVE-2017-11468 | 2 Docker, Redhat | 2 Docker Registry, Enterprise Linux Server | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint. | |||||
| CVE-2016-9962 | 1 Docker | 1 Docker | 2025-04-20 | 4.4 MEDIUM | 6.4 MEDIUM |
| RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container. | |||||
| CVE-2015-3629 | 2 Docker, Opensuse | 2 Libcontainer, Opensuse | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container. | |||||
| CVE-2016-3697 | 3 Docker, Linuxfoundation, Opensuse | 3 Docker, Runc, Opensuse | 2025-04-12 | 2.1 LOW | 7.8 HIGH |
| libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container. | |||||
| CVE-2016-8867 | 1 Docker | 1 Docker | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or mounted volumes. | |||||
| CVE-2015-3627 | 1 Docker | 2 Docker, Libcontainer | 2025-04-12 | 7.2 HIGH | N/A |
| Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image. | |||||
| CVE-2014-9357 | 1 Docker | 1 Docker | 2025-04-12 | 10.0 HIGH | N/A |
| Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction. | |||||
| CVE-2015-3631 | 1 Docker | 1 Docker | 2025-04-12 | 3.6 LOW | N/A |
| Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc. | |||||
| CVE-2014-6407 | 1 Docker | 1 Docker | 2025-04-12 | 7.5 HIGH | N/A |
| Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation. | |||||
| CVE-2015-3630 | 1 Docker | 1 Docker | 2025-04-12 | 7.2 HIGH | N/A |
| Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image. | |||||