Vulnerabilities (CVE)

Filtered by vendor Docker Subscribe
Total 80 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-20498 2 Docker, Ibm 2 Docker, Security Verify Access 2022-07-28 5.0 MEDIUM 5.3 MEDIUM
IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requests that could be used in further attacks against the system. IBM X-Force ID: 197972.
CVE-2021-3162 2 Apple, Docker 2 Macos, Docker 2022-07-12 4.6 MEDIUM 7.8 HIGH
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2020-11492 2 Docker, Microsoft 2 Docker Desktop, Windows 2022-07-12 7.2 HIGH 7.8 HIGH
An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. If a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a connection attempt from Docker Service (which runs as SYSTEM), and then impersonate their privileges.
CVE-2020-15360 1 Docker 1 Docker Desktop 2022-07-12 4.6 MEDIUM 7.8 HIGH
com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalation because of a lack of client verification.
CVE-2021-37841 1 Docker 1 Desktop 2022-07-12 4.6 MEDIUM 7.8 HIGH
Docker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes. This security issue leads an attacker with low privilege to read, write and possibly even execute code inside the containers.
CVE-2021-20500 2 Docker, Ibm 2 Docker, Security Verify Access 2022-07-12 2.1 LOW 4.4 MEDIUM
IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. IBM X-Force ID: 197980.
CVE-2022-26659 2 Docker, Microsoft 2 Docker Desktop, Windows 2022-06-23 3.6 LOW 7.1 HIGH
Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run elevated, will write its log files to a location not writable by non-administrator users.
CVE-2021-41092 2 Docker, Fedoraproject 2 Command Line Interface, Fedora 2022-06-14 5.0 MEDIUM 7.5 HIGH
Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH.
CVE-2021-44719 2 Apple, Docker 3 Mac Os X, Macos, Docker Desktop 2022-06-09 6.6 MEDIUM 8.4 HIGH
Docker Desktop 4.3.0 has Incorrect Access Control.
CVE-2022-25365 2 Docker, Microsoft 2 Docker, Windows 2022-06-03 4.6 MEDIUM 7.8 HIGH
Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774.
CVE-2021-21284 3 Debian, Docker, Netapp 3 Debian Linux, Docker, E-series Santricity Os Controller 2022-04-29 2.7 LOW 6.8 MEDIUM
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/<remapping>" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.
CVE-2021-21285 3 Debian, Docker, Netapp 3 Debian Linux, Docker, E-series Santricity Os Controller 2022-04-29 4.3 MEDIUM 6.5 MEDIUM
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.
CVE-2020-10665 1 Docker 1 Desktop 2022-04-22 7.2 HIGH 6.7 MEDIUM
Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. This affects Docker Desktop Enterprise before 2.1.0.9, Docker Desktop for Windows Stable before 2.2.0.4, and Docker Desktop for Windows Edge before 2.2.2.0.
CVE-2019-14271 3 Debian, Docker, Opensuse 3 Debian Linux, Docker, Leap 2022-04-18 7.5 HIGH 9.8 CRITICAL
In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.
CVE-2019-16884 6 Canonical, Docker, Fedoraproject and 3 more 10 Ubuntu Linux, Docker, Fedora and 7 more 2022-04-06 5.0 MEDIUM 7.5 HIGH
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.
CVE-2022-23774 2 Docker, Microsoft 2 Docker Desktop, Windows 2022-02-04 5.0 MEDIUM 5.3 MEDIUM
Docker Desktop before 4.4.4 on Windows allows attackers to move arbitrary files.
CVE-2021-45449 1 Docker 1 Docker Desktop 2022-01-19 2.1 LOW 5.5 MEDIUM
Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user's machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0, 4.3.1. Gaining access to this data would require having access to the user’s local files.
CVE-2019-5736 13 Apache, Canonical, D2iq and 10 more 19 Mesos, Ubuntu Linux, Dc\/os and 16 more 2021-12-16 9.3 HIGH 8.6 HIGH
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
CVE-2021-29742 2 Docker, Ibm 2 Docker, Security Verify Access 2021-09-29 5.2 MEDIUM 8.0 HIGH
IBM Security Verify Access Docker 10.0.0 could allow a user to impersonate another user on the system. IBM X-Force ID: 201483.
CVE-2021-29699 2 Docker, Ibm 2 Docker, Security Verify Access 2021-09-29 6.0 MEDIUM 6.8 MEDIUM
IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. IBM X-Force ID: 200600.