Vulnerabilidades em Docker
31 resultadosCVE-2025-62725HIGHDocker Compose Vulnerable to Path Traversal via OCI Artifact Layer AnnotationsEPSS 13.7%CVE-2014-8179—Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON reEPSS 2.7%CVE-2025-9074CRITICALDocker Desktop allows unauthenticated access to Docker Engine API from containersEPSS 1.6%CVE-2021-41092MEDIUMDocker CLI leaks private registry credentials to registry-1.docker.ioEPSS 1.5%CVE-2024-8695CRITICALA remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2.EPSS 1.3%CVE-2024-8696HIGHA remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2.EPSS 1.2%CVE-2023-1802MEDIUMIn Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failedEPSS 0.5%CVE-2014-8178—Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes EPSS 0.5%CVE-2024-9348HIGHDocker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build viewEPSS 0.5%CVE-2025-15558HIGHDocker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation VulnerabilityEPSS 0.4%CVE-2019-1020014—docker-credential-helpers before 0.6.3 has a double free in the List functions.EPSS 0.4%CVE-2025-64443HIGHDNS Rebinding vulnerability present when running MCP Gateway in sse or streaming modeEPSS 0.4%CVE-2026-33990MEDIUMDocker Model Runner OCI Registry Client Vulnerable to Server-Side Request Forgery (SSRF)EPSS 0.3%CVE-2026-28400HIGHDocker Model Runner Unauthenticated Runtime Flag Injection via _configure EndpointEPSS 0.2%CVE-2026-5843HIGHDocker Model Runner container-to-host code execution via MLX-LM model_file importlib loadingEPSS 0.2%CVE-2026-5817HIGHDocker Model Runner container-to-host code execution via unsandboxed trust_remote_code in Python inference backendsEPSS 0.2%CVE-2026-6406HIGHDocker Desktop Enhanced Container Isolation bypass via --use-api-socket CLI flagEPSS 0.2%CVE-2025-3224HIGHElevation of Privilege in Docker Desktop for Windows during Upgrade due to Insecure Directory DeletionEPSS 0.2%CVE-2026-2664MEDIUMOut of bounds read vulnerability in grpcfuse kernel moduleEPSS 0.2%CVE-2025-13743LOWExpired Personal Access Tokens (PATs) are recorded in Docker Desktop diagnostic logsEPSS 0.2%