Vulnerabilities (CVE)

Filtered by vendor Docker Subscribe
Filtered by product Docker
Total 51 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-20498 2 Docker, Ibm 2 Docker, Security Verify Access 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requets that could be used in further attacks against the system. IBM X-Force ID: 197972.
CVE-2021-20496 2 Docker, Ibm 3 Docker, Security Access Manager, Security Verify Access 2021-07-21 4.0 MEDIUM 4.9 MEDIUM
IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. IBM X-Force ID: 197966.
CVE-2021-20497 2 Docker, Ibm 2 Docker, Security Verify Access 2021-07-21 5.0 MEDIUM 7.5 HIGH
IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197969
CVE-2019-14271 1 Docker 1 Docker 2021-07-21 7.5 HIGH 9.8 CRITICAL
In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.
CVE-2021-20510 2 Docker, Ibm 2 Docker, Security Verify Access 2021-07-20 2.1 LOW 4.4 MEDIUM
IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299
CVE-2021-20533 2 Docker, Ibm 2 Docker, Security Verify Access 2021-07-20 6.5 MEDIUM 7.2 HIGH
IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 198813
CVE-2021-29699 2 Docker, Ibm 2 Docker, Security Verify Access 2021-07-20 6.0 MEDIUM 6.8 MEDIUM
IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. IBM X-Force ID: 200600.
CVE-2021-29742 2 Docker, Ibm 2 Docker, Security Verify Access 2021-07-20 5.2 MEDIUM 8.0 HIGH
IBM Security Verify Access Docker 10.0.0 could allow a user to impersonate another user on the system. IBM X-Force ID: 201483.
CVE-2021-20500 2 Docker, Ibm 2 Docker, Security Verify Access 2021-07-20 2.1 LOW 4.4 MEDIUM
IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. IBM X-Force ID: 197980.
CVE-2021-20524 2 Docker, Ibm 2 Docker, Security Verify Access 2021-07-20 3.5 LOW 4.8 MEDIUM
IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198661.
CVE-2021-20511 2 Docker, Ibm 2 Docker, Security Verify Access 2021-07-20 6.8 MEDIUM 4.9 MEDIUM
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 198300.
CVE-2021-20523 2 Docker, Ibm 2 Docker, Security Verify Access 2021-07-20 4.0 MEDIUM 2.7 LOW
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 198660
CVE-2021-20499 2 Docker, Ibm 2 Docker, Security Verify Access 2021-07-20 4.0 MEDIUM 2.7 LOW
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197973
CVE-2021-20534 2 Docker, Ibm 2 Docker, Security Verify Access 2021-07-20 4.9 MEDIUM 3.5 LOW
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 198814
CVE-2021-20537 2 Docker, Ibm 2 Docker, Security Verify Access 2021-07-20 4.0 MEDIUM 6.5 MEDIUM
IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID:198918
CVE-2021-21284 3 Debian, Docker, Netapp 3 Debian Linux, Docker, E-series Santricity Os Controller 2021-07-10 2.7 LOW 6.8 MEDIUM
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/<remapping>" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.
CVE-2021-21285 3 Debian, Docker, Netapp 3 Debian Linux, Docker, E-series Santricity Os Controller 2021-07-10 4.3 MEDIUM 6.5 MEDIUM
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.
CVE-2019-5736 13 Apache, Canonical, D2iq and 10 more 19 Mesos, Ubuntu Linux, Dc\/os and 16 more 2021-07-01 9.3 HIGH 8.6 HIGH
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
CVE-2017-7297 2 Docker, Rancher 2 Docker, Rancher 2021-04-30 6.5 MEDIUM 8.8 HIGH
Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. This is fixed in versions rancher/server:v1.2.4, rancher/server:v1.3.5, rancher/server:v1.4.3, and rancher/server:v1.5.3.
CVE-2021-3162 2 Apple, Docker 2 Macos, Docker 2021-01-22 4.6 MEDIUM 7.8 HIGH
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.