Filtered by vendor Docker
Subscribe
Search
Total
81 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-40453 | 1 Docker | 1 Machine | 2023-11-14 | N/A | 6.5 MEDIUM |
| Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action (via escape sequence injection), or might have a data size that causes a denial of service to a bastion node. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2021-44719 | 2 Apple, Docker | 3 Mac Os X, Macos, Docker Desktop | 2023-08-08 | 6.6 MEDIUM | 8.4 HIGH |
| Docker Desktop 4.3.0 has Incorrect Access Control. | |||||
| CVE-2021-20498 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2022-07-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requests that could be used in further attacks against the system. IBM X-Force ID: 197972. | |||||
| CVE-2020-11492 | 2 Docker, Microsoft | 2 Docker Desktop, Windows | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. If a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a connection attempt from Docker Service (which runs as SYSTEM), and then impersonate their privileges. | |||||
| CVE-2021-3162 | 2 Apple, Docker | 2 Macos, Docker | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation. | |||||
| CVE-2021-20500 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2022-07-12 | 2.1 LOW | 4.4 MEDIUM |
| IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. IBM X-Force ID: 197980. | |||||
| CVE-2020-15360 | 1 Docker | 1 Docker Desktop | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalation because of a lack of client verification. | |||||
| CVE-2021-37841 | 1 Docker | 1 Desktop | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Docker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes. This security issue leads an attacker with low privilege to read, write and possibly even execute code inside the containers. | |||||
| CVE-2022-26659 | 2 Docker, Microsoft | 2 Docker Desktop, Windows | 2022-06-23 | 3.6 LOW | 7.1 HIGH |
| Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run elevated, will write its log files to a location not writable by non-administrator users. | |||||
| CVE-2021-41092 | 2 Docker, Fedoraproject | 2 Command Line Interface, Fedora | 2022-06-14 | 5.0 MEDIUM | 7.5 HIGH |
| Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH. | |||||
| CVE-2022-25365 | 2 Docker, Microsoft | 2 Docker, Windows | 2022-06-03 | 4.6 MEDIUM | 7.8 HIGH |
| Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774. | |||||
| CVE-2021-21284 | 3 Debian, Docker, Netapp | 3 Debian Linux, Docker, E-series Santricity Os Controller | 2022-04-29 | 2.7 LOW | 6.8 MEDIUM |
| In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/<remapping>" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user. | |||||
| CVE-2021-21285 | 3 Debian, Docker, Netapp | 3 Debian Linux, Docker, E-series Santricity Os Controller | 2022-04-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing. | |||||
| CVE-2019-16884 | 2 Docker, Linuxfoundation | 2 Docker, Runc | 2022-02-21 | 5.0 MEDIUM | 7.5 HIGH |
| runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. | |||||
| CVE-2022-23774 | 2 Docker, Microsoft | 2 Docker Desktop, Windows | 2022-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Docker Desktop before 4.4.4 on Windows allows attackers to move arbitrary files. | |||||
| CVE-2021-45449 | 1 Docker | 1 Docker Desktop | 2022-01-19 | 2.1 LOW | 5.5 MEDIUM |
| Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user's machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0, 4.3.1. Gaining access to this data would require having access to the user’s local files. | |||||
| CVE-2019-5736 | 13 Apache, Canonical, D2iq and 10 more | 19 Mesos, Ubuntu Linux, Dc\/os and 16 more | 2021-12-16 | 9.3 HIGH | 8.6 HIGH |
| runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe. | |||||
| CVE-2021-29699 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2021-09-29 | 6.0 MEDIUM | 6.8 MEDIUM |
| IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. IBM X-Force ID: 200600. | |||||
| CVE-2021-29742 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2021-09-29 | 5.2 MEDIUM | 8.0 HIGH |
| IBM Security Verify Access Docker 10.0.0 could allow a user to impersonate another user on the system. IBM X-Force ID: 201483. | |||||
| CVE-2021-20523 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2021-09-29 | 4.0 MEDIUM | 2.7 LOW |
| IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 198660 | |||||
| CVE-2021-20524 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2021-09-29 | 3.5 LOW | 4.8 MEDIUM |
| IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198661. | |||||
| CVE-2021-20533 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2021-09-29 | 6.5 MEDIUM | 7.2 HIGH |
| IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 198813 | |||||
| CVE-2021-20534 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2021-09-29 | 4.9 MEDIUM | 3.5 LOW |
| IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 198814 | |||||
| CVE-2021-20537 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2021-09-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID:198918 | |||||
| CVE-2021-20499 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2021-09-29 | 4.0 MEDIUM | 2.7 LOW |
| IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197973 | |||||
| CVE-2021-20510 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2021-09-29 | 2.1 LOW | 4.4 MEDIUM |
| IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299 | |||||
| CVE-2021-20511 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2021-09-29 | 6.8 MEDIUM | 4.9 MEDIUM |
| IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 198300. | |||||
| CVE-2021-20497 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2021-09-29 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197969 | |||||
| CVE-2021-20496 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2021-09-29 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. IBM X-Force ID: 197966. | |||||
| CVE-2019-14271 | 1 Docker | 1 Docker | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container. | |||||
| CVE-2020-10665 | 1 Docker | 1 Desktop | 2021-07-21 | 7.2 HIGH | 6.7 MEDIUM |
| Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. This affects Docker Desktop Enterprise before 2.1.0.9, Docker Desktop for Windows Stable before 2.2.0.4, and Docker Desktop for Windows Edge before 2.2.2.0. | |||||
| CVE-2020-35184 | 1 Docker | 1 Composer Docker Image | 2021-07-08 | 10.0 HIGH | 9.8 CRITICAL |
| The official composer docker images before 1.8.3 contain a blank password for a root user. System using the composer docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2019-1020014 | 1 Docker | 1 Credential Helpers | 2021-01-14 | 2.1 LOW | 5.5 MEDIUM |
| docker-credential-helpers before 0.6.3 has a double free in the List functions. | |||||
| CVE-2020-27534 | 1 Docker | 1 Docker | 2021-01-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call. | |||||
| CVE-2016-3697 | 3 Docker, Linuxfoundation, Opensuse | 3 Docker, Runc, Opensuse | 2021-01-05 | 2.1 LOW | 7.8 HIGH |
| libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container. | |||||
| CVE-2020-29575 | 1 Docker | 1 Elixir Alpine Docker Image | 2020-12-22 | 10.0 HIGH | 9.8 CRITICAL |
| The official elixir Docker images before 1.8.0-alpine (Alpine specific) contain a blank password for a root user. Systems using the elixir Linux Docker container deployed by affected versions of the Docker image may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-29389 | 1 Docker | 1 Crux Linux Docker Image | 2020-12-22 | 10.0 HIGH | 9.8 CRITICAL |
| The official Crux Linux Docker images 3.0 through 3.4 contain a blank password for a root user. System using the Crux Linux Docker container deployed by affected versions of the Docker image may allow an attacker to achieve root access with a blank password. | |||||
| CVE-2020-35197 | 1 Docker | 1 Memcached Docker Image | 2020-12-22 | 10.0 HIGH | 9.8 CRITICAL |
| The official memcached docker images before 1.5.11-alpine (Alpine specific) contain a blank password for a root user. System using the memcached docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35196 | 1 Docker | 1 Rabbitmq Docker Image | 2020-12-22 | 10.0 HIGH | 9.8 CRITICAL |
| The official rabbitmq docker images before 3.7.13-beta.1-management-alpine (Alpine specific) contain a blank password for a root user. System using the rabbitmq docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-29580 | 1 Docker | 1 Storm Docker Image | 2020-12-22 | 10.0 HIGH | 9.8 CRITICAL |
| The official storm Docker images before 1.2.1 contain a blank password for a root user. Systems using the Storm Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-29581 | 1 Docker | 1 Spiped Alpine Docker Image | 2020-12-22 | 10.0 HIGH | 9.8 CRITICAL |
| The official spiped docker images before 1.5-alpine contain a blank password for a root user. Systems using the spiped docker container deployed by affected versions of the docker image may allow an remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35195 | 1 Docker | 1 Haproxy Docker Image | 2020-12-21 | 10.0 HIGH | 9.8 CRITICAL |
| The official haproxy docker images before 1.8.18-alpine (Alpine specific) contain a blank password for a root user. System using the haproxy docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35185 | 1 Docker | 1 Ghost Alpine Docker Image | 2020-12-18 | 10.0 HIGH | 9.8 CRITICAL |
| The official ghost docker images before 2.16.1-alpine (Alpine specific) contain a blank password for a root user. System using the ghost docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35467 | 1 Docker | 1 Docs | 2020-12-18 | 10.0 HIGH | 9.8 CRITICAL |
| The Docker Docs Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Docker Docs container may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-35186 | 1 Docker | 1 Adminer | 2020-12-17 | 10.0 HIGH | 9.8 CRITICAL |
| The official adminer docker images before 4.7.0-fastcgi contain a blank password for a root user. System using the adminer docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-29591 | 1 Docker | 1 Registry | 2020-12-15 | 10.0 HIGH | 9.8 CRITICAL |
| Versions of the Official registry Docker images through 2.7.0 contain a blank password for the root user. Systems deployed using affected versions of the registry container may allow a remote attacker to achieve root access with a blank password. | |||||
| CVE-2020-29601 | 1 Docker | 1 Notary Docker Image | 2020-12-09 | 10.0 HIGH | 9.8 CRITICAL |
| The official notary docker images before signer-0.6.1-1 contain a blank password for a root user. System using the notary docker container deployed by affected versions of the docker image may allow an remote attacker to achieve root access with a blank password. | |||||
| CVE-2017-11468 | 1 Docker | 1 Docker Registry | 2020-09-18 | 5.0 MEDIUM | 7.5 HIGH |
| Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint. | |||||
| CVE-2018-10892 | 4 Docker, Mobyproject, Opensuse and 1 more | 6 Docker, Moby, Leap and 3 more | 2020-08-31 | 5.0 MEDIUM | 5.3 MEDIUM |
| The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness. | |||||
| CVE-2014-0048 | 1 Docker | 1 Docker | 2020-08-31 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways. | |||||