Vulnerabilities (CVE)

Filtered by vendor Docker Subscribe
Total 96 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-20524 2 Docker, Ibm 2 Docker, Security Verify Access 2023-12-10 3.5 LOW 4.8 MEDIUM
IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198661.
CVE-2020-35185 1 Docker 1 Ghost Alpine Docker Image 2023-12-10 10.0 HIGH 9.8 CRITICAL
The official ghost docker images before 2.16.1-alpine (Alpine specific) contain a blank password for a root user. System using the ghost docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
CVE-2020-29575 1 Docker 1 Elixir Alpine Docker Image 2023-12-10 10.0 HIGH 9.8 CRITICAL
The official elixir Docker images before 1.8.0-alpine (Alpine specific) contain a blank password for a root user. Systems using the elixir Linux Docker container deployed by affected versions of the Docker image may allow a remote attacker to achieve root access with a blank password.
CVE-2020-35195 1 Docker 1 Haproxy Docker Image 2023-12-10 10.0 HIGH 9.8 CRITICAL
The official haproxy docker images before 1.8.18-alpine (Alpine specific) contain a blank password for a root user. System using the haproxy docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
CVE-2021-3162 2 Apple, Docker 2 Macos, Docker 2023-12-10 4.6 MEDIUM 7.8 HIGH
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2020-29580 1 Docker 1 Storm Docker Image 2023-12-10 10.0 HIGH 9.8 CRITICAL
The official storm Docker images before 1.2.1 contain a blank password for a root user. Systems using the Storm Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password.
CVE-2020-35467 1 Docker 1 Docs 2023-12-10 10.0 HIGH 9.8 CRITICAL
The Docker Docs Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Docker Docs container may allow a remote attacker to achieve root access with a blank password.
CVE-2021-21284 3 Debian, Docker, Netapp 3 Debian Linux, Docker, E-series Santricity Os Controller 2023-12-10 2.7 LOW 6.8 MEDIUM
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/<remapping>" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.
CVE-2020-29389 1 Docker 1 Crux Linux Docker Image 2023-12-10 10.0 HIGH 9.8 CRITICAL
The official Crux Linux Docker images 3.0 through 3.4 contain a blank password for a root user. System using the Crux Linux Docker container deployed by affected versions of the Docker image may allow an attacker to achieve root access with a blank password.
CVE-2020-35184 1 Docker 1 Composer Docker Image 2023-12-10 10.0 HIGH 9.8 CRITICAL
The official composer docker images before 1.8.3 contain a blank password for a root user. System using the composer docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
CVE-2020-29591 1 Docker 1 Registry 2023-12-10 10.0 HIGH 9.8 CRITICAL
Versions of the Official registry Docker images through 2.7.0 contain a blank password for the root user. Systems deployed using affected versions of the registry container may allow a remote attacker to achieve root access with a blank password.
CVE-2021-21285 3 Debian, Docker, Netapp 3 Debian Linux, Docker, E-series Santricity Os Controller 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.
CVE-2020-27534 1 Docker 1 Docker 2023-12-10 5.0 MEDIUM 5.3 MEDIUM
util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call.
CVE-2020-35197 1 Docker 1 Memcached Docker Image 2023-12-10 10.0 HIGH 9.8 CRITICAL
The official memcached docker images before 1.5.11-alpine (Alpine specific) contain a blank password for a root user. System using the memcached docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
CVE-2020-35196 1 Docker 1 Rabbitmq Docker Image 2023-12-10 10.0 HIGH 9.8 CRITICAL
The official rabbitmq docker images before 3.7.13-beta.1-management-alpine (Alpine specific) contain a blank password for a root user. System using the rabbitmq docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
CVE-2020-29581 1 Docker 1 Spiped Alpine Docker Image 2023-12-10 10.0 HIGH 9.8 CRITICAL
The official spiped docker images before 1.5-alpine contain a blank password for a root user. Systems using the spiped docker container deployed by affected versions of the docker image may allow an remote attacker to achieve root access with a blank password.
CVE-2020-29601 1 Docker 1 Notary Docker Image 2023-12-10 10.0 HIGH 9.8 CRITICAL
The official notary docker images before signer-0.6.1-1 contain a blank password for a root user. System using the notary docker container deployed by affected versions of the docker image may allow an remote attacker to achieve root access with a blank password.
CVE-2020-35186 1 Docker 1 Adminer 2023-12-10 10.0 HIGH 9.8 CRITICAL
The official adminer docker images before 4.7.0-fastcgi contain a blank password for a root user. System using the adminer docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
CVE-2020-14298 2 Docker, Redhat 3 Docker, Enterprise Linux Server, Openshift Container Platform 2023-12-10 4.6 MEDIUM 8.8 HIGH
The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the container host and other containers running on the same host. This issue only affects docker version 1.13.1-108.git4ef4b30.el7, shipped in Red Hat Enterprise Linux 7 Extras. Both earlier and later versions are not affected.
CVE-2020-14300 2 Docker, Redhat 2 Docker, Enterprise Linux Server 2023-12-10 4.6 MEDIUM 8.8 HIGH
The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in that update was the fix for CVE-2016-9962, that was previously corrected in the docker packages in Red Hat Enterprise Linux 7 Extras via RHSA-2017:0116 (https://access.redhat.com/errata/RHSA-2017:0116). The CVE-2020-14300 was assigned to this security regression and it is specific to the docker packages produced by Red Hat. The original issue - CVE-2016-9962 - could possibly allow a process inside container to compromise a process entering container namespace and execute arbitrary code outside of the container. This could lead to compromise of the container host or other containers running on the same container host. This issue only affects a single version of Docker, 1.13.1-108.git4ef4b30, shipped in Red Hat Enterprise Linux 7. Both earlier and later versions are not affected.