| CVE-2021-41190 |
AVG-2574 |
Medium |
Yes |
Insufficient validation |
In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull... |
| CVE-2021-41092 |
AVG-2440 |
Low |
No |
Information disclosure |
A bug was found in the Docker CLI where running docker login my- private-registry.example.com with a misconfigured configuration file (typically... |
| CVE-2021-41091 |
AVG-2440 |
Medium |
No |
Directory traversal |
A bug was found in Moby (Docker Engine) where the data directory (typically /var/lib/docker) contained subdirectories with insufficiently restricted... |
| CVE-2021-41089 |
AVG-2440 |
Low |
No |
Information disclosure |
A bug was found in Moby (Docker Engine) where attempting to copy files using docker cp into a specially-crafted container can result in Unix file permission... |
| CVE-2021-21285 |
AVG-1528 |
Medium |
No |
Denial of service |
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd... |
| CVE-2021-21284 |
AVG-1528 |
Low |
No |
Privilege escalation |
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege... |
| CVE-2019-5736 |
AVG-892 |
High |
Yes |
Privilege escalation |
A vulnerability discovered in runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary... |
| CVE-2018-15664 |
AVG-968 |
High |
No |
Privilege escalation |
A race condition with symbolic links has been found in Docker, allowing read-write access to the host and guest file-systems. |
| CVE-2016-9962 |
AVG-133 |
High |
No |
Privilege escalation |
The runc component used by `docker exec` feature of docker allowed additional container processes to be ptraced by the pid 1 of the container. This allows... |