9237 matches found
CVE-2025-62725
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...
CVE-2025-62725
CVE-2025-62725 affects Docker Compose when resolving remote OCI artifacts. The vulnerability arises from path handling of annotations in OCI layers (com.docker.compose.file and com.docker.compose.envfile), where Docker Compose joins attacker-controlled paths with its local cache directory without...
CVE-2025-62725 Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...
EUVD-2025-36357
Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations...
GHSA-GV8H-7V7W-R22Q Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...
Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...
CVE-2025-9164
Docker Desktop Installer.exe is vulnerable to DLL hijacking due to insecure DLL search order. The installer searches for required DLLs in the user's Downloads folder before checking system directories, allowing local privilege escalation through malicious DLL placement.This issue affects Docker...
CVE-2025-9164
Docker Desktop for Windows is affected by CVE-2025-9164 due to DLL hijacking in Docker Desktop Installer.exe caused by insecure DLL search order. The vulnerable component is the Docker Desktop Installer.exe, which searches the user’s Downloads folder for required DLLs before checking system direc...
CVE-2025-9164 Multiple DLL Search Order Hijacking Vulnerabilities in Docker Desktop Installer for Windows
Docker Desktop Installer.exe is vulnerable to DLL hijacking due to insecure DLL search order. The installer searches for required DLLs in the user's Downloads folder before checking system directories, allowing local privilege escalation through malicious DLL placement.This issue affects Docker...
CVE-2025-9164 Multiple DLL Search Order Hijacking Vulnerabilities in Docker Desktop Installer for Windows
Docker Desktop Installer.exe is vulnerable to DLL hijacking due to insecure DLL search order. The installer searches for required DLLs in the user's Downloads folder before checking system directories, allowing local privilege escalation through malicious DLL placement.This issue affects Docker...
EUVD-2025-36191
Docker Desktop Installer.exe is vulnerable to DLL hijacking due to insecure DLL search order. The installer searches for required DLLs in the user's Downloads folder before checking system directories, allowing local privilege escalation through malicious DLL placement.This issue affects Docker...
Docker Desktop 安全漏洞
Docker Desktop is a desktop software for lightweight deployment of applications based on container technology from Docker Inc. in the United States. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...
Low: docker
Issue Overview: Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby releases before 28.0.0. When firewalld reloads, Docker fails...
Docker Compose 路径遍历漏洞
Docker Compose is a Docker open source for defining and running multi-container applications using Docker. A path traversal vulnerability exists in Docker Compose that stems from trusting path information in a remote OCI compose artifact, which could lead an attacker to escape the cache directory...
PT-2025-44043
Name of the Vulnerable Software and Affected Versions Docker Compose versions prior to 2.40.2 Description Docker Compose is affected by a path traversal flaw stemming from improper restriction of path names to accessible directories. This issue allows a remote attacker to overwrite arbitrary file...
[SECURITY] Fedora 43 Update: docker-buildx-0.29.1-1.fc43
Docker CLI plugin for extended build capabilities with BuildKit...
[SECURITY] Fedora 43 Update: docker-buildkit-0.25.0-1.fc43
Concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit...
Fedora 43 : docker-buildx (2025-d81c797483)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-d81c797483 advisory. - Update to release v0.29.1 - Upstream fixes ---- - Update to release v0.29.0 - Resolves: rhbz2397747, rhbz2398425, rhbz2398679, rhbz2399082,...
Fedora 43 : docker-buildkit (2025-f7a2d648e7)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-f7a2d648e7 advisory. - Update to release v0.25.0 - Resolves: rhbz2399354, rhbz2399081, rhbz2398678, rhbz2398424 - Upstream feature additions and fixes Tenable has...
PT-2025-43961
Name of the Vulnerable Software and Affected Versions Docker Desktop versions through 4.48.0 Description The Docker Desktop Installer.exe is susceptible to a DLL hijacking issue stemming from an insecure DLL search order. The installer prioritizes searching for necessary DLLs within the user's...