Filtered by vendor Docker
Subscribe
Total
96 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44719 | 2 Apple, Docker | 3 Mac Os X, Macos, Docker Desktop | 2023-12-10 | 6.6 MEDIUM | 8.4 HIGH |
| Docker Desktop 4.3.0 has Incorrect Access Control. | |||||
| CVE-2022-26659 | 2 Docker, Microsoft | 2 Docker Desktop, Windows | 2023-12-10 | 3.6 LOW | 7.1 HIGH |
| Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run elevated, will write its log files to a location not writable by non-administrator users. | |||||
| CVE-2022-25365 | 2 Docker, Microsoft | 2 Docker, Windows | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774. | |||||
| CVE-2022-23774 | 2 Docker, Microsoft | 2 Docker Desktop, Windows | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Docker Desktop before 4.4.4 on Windows allows attackers to move arbitrary files. | |||||
| CVE-2021-45449 | 1 Docker | 1 Docker Desktop | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user's machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0, 4.3.1. Gaining access to this data would require having access to the user’s local files. | |||||
| CVE-2021-41092 | 2 Docker, Fedoraproject | 2 Command Line Interface, Fedora | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH. | |||||
| CVE-2021-20523 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2023-12-10 | 4.0 MEDIUM | 2.7 LOW |
| IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 198660 | |||||
| CVE-2021-20534 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2023-12-10 | 4.9 MEDIUM | 3.5 LOW |
| IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 198814 | |||||
| CVE-2021-20496 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. IBM X-Force ID: 197966. | |||||
| CVE-2021-20500 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2023-12-10 | 2.1 LOW | 4.4 MEDIUM |
| IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. IBM X-Force ID: 197980. | |||||
| CVE-2021-20511 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2023-12-10 | 6.8 MEDIUM | 4.9 MEDIUM |
| IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 198300. | |||||
| CVE-2021-20533 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
| IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 198813 | |||||
| CVE-2021-20537 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID:198918 | |||||
| CVE-2021-29742 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2023-12-10 | 5.2 MEDIUM | 8.0 HIGH |
| IBM Security Verify Access Docker 10.0.0 could allow a user to impersonate another user on the system. IBM X-Force ID: 201483. | |||||
| CVE-2021-20497 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197969 | |||||
| CVE-2021-29699 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2023-12-10 | 6.0 MEDIUM | 6.8 MEDIUM |
| IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. IBM X-Force ID: 200600. | |||||
| CVE-2021-20498 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requests that could be used in further attacks against the system. IBM X-Force ID: 197972. | |||||
| CVE-2021-20510 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2023-12-10 | 2.1 LOW | 4.4 MEDIUM |
| IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299 | |||||
| CVE-2021-20499 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2023-12-10 | 4.0 MEDIUM | 2.7 LOW |
| IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197973 | |||||
| CVE-2021-37841 | 1 Docker | 1 Desktop | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| Docker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes. This security issue leads an attacker with low privilege to read, write and possibly even execute code inside the containers. | |||||