Filtered by vendor Docker
Subscribe
Total
80 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-20498 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2022-07-28 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requests that could be used in further attacks against the system. IBM X-Force ID: 197972. | |||||
CVE-2021-3162 | 2 Apple, Docker | 2 Macos, Docker | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation. | |||||
CVE-2020-11492 | 2 Docker, Microsoft | 2 Docker Desktop, Windows | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. If a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a connection attempt from Docker Service (which runs as SYSTEM), and then impersonate their privileges. | |||||
CVE-2020-15360 | 1 Docker | 1 Docker Desktop | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalation because of a lack of client verification. | |||||
CVE-2021-37841 | 1 Docker | 1 Desktop | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
Docker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes. This security issue leads an attacker with low privilege to read, write and possibly even execute code inside the containers. | |||||
CVE-2021-20500 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2022-07-12 | 2.1 LOW | 4.4 MEDIUM |
IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. IBM X-Force ID: 197980. | |||||
CVE-2022-26659 | 2 Docker, Microsoft | 2 Docker Desktop, Windows | 2022-06-23 | 3.6 LOW | 7.1 HIGH |
Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run elevated, will write its log files to a location not writable by non-administrator users. | |||||
CVE-2021-41092 | 2 Docker, Fedoraproject | 2 Command Line Interface, Fedora | 2022-06-14 | 5.0 MEDIUM | 7.5 HIGH |
Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH. | |||||
CVE-2021-44719 | 2 Apple, Docker | 3 Mac Os X, Macos, Docker Desktop | 2022-06-09 | 6.6 MEDIUM | 8.4 HIGH |
Docker Desktop 4.3.0 has Incorrect Access Control. | |||||
CVE-2022-25365 | 2 Docker, Microsoft | 2 Docker, Windows | 2022-06-03 | 4.6 MEDIUM | 7.8 HIGH |
Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774. | |||||
CVE-2021-21284 | 3 Debian, Docker, Netapp | 3 Debian Linux, Docker, E-series Santricity Os Controller | 2022-04-29 | 2.7 LOW | 6.8 MEDIUM |
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/<remapping>" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user. | |||||
CVE-2021-21285 | 3 Debian, Docker, Netapp | 3 Debian Linux, Docker, E-series Santricity Os Controller | 2022-04-29 | 4.3 MEDIUM | 6.5 MEDIUM |
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing. | |||||
CVE-2020-10665 | 1 Docker | 1 Desktop | 2022-04-22 | 7.2 HIGH | 6.7 MEDIUM |
Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. This affects Docker Desktop Enterprise before 2.1.0.9, Docker Desktop for Windows Stable before 2.2.0.4, and Docker Desktop for Windows Edge before 2.2.2.0. | |||||
CVE-2019-14271 | 3 Debian, Docker, Opensuse | 3 Debian Linux, Docker, Leap | 2022-04-18 | 7.5 HIGH | 9.8 CRITICAL |
In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container. | |||||
CVE-2019-16884 | 6 Canonical, Docker, Fedoraproject and 3 more | 10 Ubuntu Linux, Docker, Fedora and 7 more | 2022-04-06 | 5.0 MEDIUM | 7.5 HIGH |
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. | |||||
CVE-2022-23774 | 2 Docker, Microsoft | 2 Docker Desktop, Windows | 2022-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
Docker Desktop before 4.4.4 on Windows allows attackers to move arbitrary files. | |||||
CVE-2021-45449 | 1 Docker | 1 Docker Desktop | 2022-01-19 | 2.1 LOW | 5.5 MEDIUM |
Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user's machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0, 4.3.1. Gaining access to this data would require having access to the user’s local files. | |||||
CVE-2019-5736 | 13 Apache, Canonical, D2iq and 10 more | 19 Mesos, Ubuntu Linux, Dc\/os and 16 more | 2021-12-16 | 9.3 HIGH | 8.6 HIGH |
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe. | |||||
CVE-2021-29742 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2021-09-29 | 5.2 MEDIUM | 8.0 HIGH |
IBM Security Verify Access Docker 10.0.0 could allow a user to impersonate another user on the system. IBM X-Force ID: 201483. | |||||
CVE-2021-29699 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2021-09-29 | 6.0 MEDIUM | 6.8 MEDIUM |
IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. IBM X-Force ID: 200600. |