VulnerableCode Package Details - pkg:deb/debian/docker.io@1.3.3~dfsg1-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-8uuk-1592-syg2	Path Traversal in Docker Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile.	CVE-2014-9356 GHSA-vj3f-3286-r4pf
VCID-cey6-s9jk-s7cf	Arbitrary Code Execution Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction.	CVE-2014-9357 GHSA-997c-fj8j-rq5h
VCID-gsez-t7u3-dubr	Directory Traversal in Docker Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation or (2) "registry communications."	CVE-2014-9358 GHSA-qmmc-jppf-32wv

Vulnerability

Summary

Aliases

VCID-8uuk-1592-syg2

Path Traversal in Docker Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile.

CVE-2014-9356
GHSA-vj3f-3286-r4pf

VCID-cey6-s9jk-s7cf

Arbitrary Code Execution Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction.

CVE-2014-9357
GHSA-997c-fj8j-rq5h

VCID-gsez-t7u3-dubr

Directory Traversal in Docker Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation or (2) "registry communications."

CVE-2014-9358
GHSA-qmmc-jppf-32wv

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T11:28:38.191656+00:00	Debian Importer	Fixing	VCID-cey6-s9jk-s7cf	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:01:09.737490+00:00	Debian Importer	Fixing	VCID-gsez-t7u3-dubr	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:58:37.802898+00:00	Debian Importer	Fixing	VCID-8uuk-1592-syg2	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T07:49:16.167573+00:00	Debian Importer	Fixing	VCID-cey6-s9jk-s7cf	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:02:51.408844+00:00	Debian Importer	Fixing	VCID-gsez-t7u3-dubr	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:01:16.381505+00:00	Debian Importer	Fixing	VCID-8uuk-1592-syg2	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-02T17:11:46.504940+00:00	Debian Importer	Fixing	VCID-cey6-s9jk-s7cf	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:03:34.809444+00:00	Debian Importer	Fixing	VCID-gsez-t7u3-dubr	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:03:25.866089+00:00	Debian Importer	Fixing	VCID-8uuk-1592-syg2	https://security-tracker.debian.org/tracker/data/json	38.1.0