9 matches found
CVE-2022-24769
CVE-2022-24769 affects Moby (Docker Engine) before 20.10.14. The bug starts containers with non-empty inheritable Linux process capabilities, enabling programs with inheritable file capabilities to elevate to the container’s permitted set during execve, potentially impacting containers using Linu...
CVE-2021-41089
CVE-2021-41089 concerns Moby (Docker Engine). A bug in docker cp into a specially-crafted container can cause Unix file permission changes for existing host files, potentially widening access to others. The issue is fixed in Moby/Docker Engine 20.10.9; users should upgrade to that version. Runnin...
CVE-2024-29018
CVE-2024-29018 affects the Moby-based docker/libnetwork networking stack, where internal networks can forward DNS requests to an external nameserver due to how host loopback DNS resolution is bridged for internal networks. The issue enables an attacker controlling an authoritative DNS domain to c...
CVE-2024-24557
CVE-2024-24557 affects Moby/Docker’s classic builder cache. The risk arises when building from scratch: HEALTHCHECK and ONBUILD changes may not trigger a cache miss, enabling cache poisoning if an attacker knows the Dockerfile. Impact varies by Buildkit usage: 23.0 and earlier are broadly affecte...
CVE-2021-41091
CVE-2021-41091 concerns Moby (Docker Engine). A bug in the Docker Engine data directory (/var/lib/docker) left subdirectories with weak permissions, enabling unprivileged host users to traverse contents and, if containers held executables with elevated bits (e.g., setuid), to discover and run tho...
CVE-2022-36109
CVE-2022-36109 concerns a bug in Moby/Docker Engine where supplementary groups are not set up correctly inside a container. An attacker with access to a container could manipulate supplementary group access to bypass primary group restrictions, potentially exposing sensitive information or enabli...
CVE-2022-27652
CVE-2022-27652 relates to a security regression in cri-o/OpenShift container components where containers could be started with inheritable capabilities improperly. The Red Hat advisories note that the issue involves adding the fix for CVE-2022-27652 to certain OpenShift releases, and that older O...
CVE-2025-54410
CVE-2025-54410 affects Moby (Docker Engine, Mirantis Container Runtime, and downstreams). A firewalld-related issue causes Docker to fail to re-create iptables rules that isolate bridge networks when firewalld reloads, allowing containers to reach ports across bridge networks on the same host. Th...
CVE-2018-12608
Docker Moby before 17.06.0 is affected by a TLS authentication flaw: the engine validates client certificates against both the configured CA and system roots (on non‑Windows). This lets a client presenting a certificate signed by any system‑trusted root CA authenticate, instead of only certificat...