Docker 2.0.0.3 Community Edition

CPE Details

Docker 2.0.0.3 Community Edition
docker
docker
2.0.0.3
2019-09-05
12h52 +00:00
2019-09-05
12h52 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:docker:docker:2.0.0.3:*:*:*:community:*:*:*

Informations

Vendor

docker

Product

docker

Version

2.0.0.3

Software Edition

community

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2022-25365 2022-02-19 00h56 +00:00 Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774.
7.8
Haute
CVE-2021-21284 2021-02-02 16h55 +00:00 In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.
6.8
Moyen
CVE-2021-21285 2021-02-02 16h55 +00:00 In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.
6.5
Moyen
CVE-2021-3162 2021-01-15 20h54 +00:00 Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
7.8
Haute
CVE-2020-27534 2020-12-30 21h28 +00:00 util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call.
5.3
Moyen
CVE-2019-16884 2019-09-24 22h00 +00:00 runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.
7.5
Haute
CVE-2019-15752 2019-08-28 20h24 +00:00 Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command.
7.8
Haute
CVE-2019-13509 2019-07-18 13h34 +00:00 In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret.
7.5
Haute
CVE-2019-5736 2019-02-10 23h00 +00:00 runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
8.6
Haute