Filtered by vendor Docker
Subscriptions
Total
100 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-29575 | 1 Docker | 1 Elixir Alpine Docker Image | 2024-08-04 | 9.8 Critical |
The official elixir Docker images before 1.8.0-alpine (Alpine specific) contain a blank password for a root user. Systems using the elixir Linux Docker container deployed by affected versions of the Docker image may allow a remote attacker to achieve root access with a blank password. | ||||
CVE-2020-29581 | 1 Docker | 1 Spiped Alpine Docker Image | 2024-08-04 | 9.8 Critical |
The official spiped docker images before 1.5-alpine contain a blank password for a root user. Systems using the spiped docker container deployed by affected versions of the docker image may allow an remote attacker to achieve root access with a blank password. | ||||
CVE-2020-29591 | 1 Docker | 1 Registry | 2024-08-04 | 9.8 Critical |
Versions of the Official registry Docker images through 2.7.0 contain a blank password for the root user. Systems deployed using affected versions of the registry container may allow a remote attacker to achieve root access with a blank password. | ||||
CVE-2020-29580 | 1 Docker | 1 Storm Docker Image | 2024-08-04 | 9.8 Critical |
The official storm Docker images before 1.2.1 contain a blank password for a root user. Systems using the Storm Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password. | ||||
CVE-2020-29389 | 1 Docker | 1 Crux Linux Docker Image | 2024-08-04 | 9.8 Critical |
The official Crux Linux Docker images 3.0 through 3.4 contain a blank password for a root user. System using the Crux Linux Docker container deployed by affected versions of the Docker image may allow an attacker to achieve root access with a blank password. | ||||
CVE-2020-27534 | 1 Docker | 1 Docker | 2024-08-04 | 5.3 Medium |
util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call. | ||||
CVE-2020-15360 | 1 Docker | 1 Docker Desktop | 2024-08-04 | 7.8 High |
com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalation because of a lack of client verification. | ||||
CVE-2020-14300 | 2 Docker, Redhat | 3 Docker, Enterprise Linux Server, Rhel Extras Other | 2024-08-04 | 8.8 High |
The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in that update was the fix for CVE-2016-9962, that was previously corrected in the docker packages in Red Hat Enterprise Linux 7 Extras via RHSA-2017:0116 (https://access.redhat.com/errata/RHSA-2017:0116). The CVE-2020-14300 was assigned to this security regression and it is specific to the docker packages produced by Red Hat. The original issue - CVE-2016-9962 - could possibly allow a process inside container to compromise a process entering container namespace and execute arbitrary code outside of the container. This could lead to compromise of the container host or other containers running on the same container host. This issue only affects a single version of Docker, 1.13.1-108.git4ef4b30, shipped in Red Hat Enterprise Linux 7. Both earlier and later versions are not affected. | ||||
CVE-2020-14298 | 2 Docker, Redhat | 4 Docker, Enterprise Linux Server, Openshift Container Platform and 1 more | 2024-08-04 | 8.8 High |
The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the container host and other containers running on the same host. This issue only affects docker version 1.13.1-108.git4ef4b30.el7, shipped in Red Hat Enterprise Linux 7 Extras. Both earlier and later versions are not affected. | ||||
CVE-2020-13401 | 4 Broadcom, Debian, Docker and 1 more | 4 Sannav, Debian Linux, Engine and 1 more | 2024-08-04 | 6.0 Medium |
An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service. | ||||
CVE-2020-11492 | 2 Docker, Microsoft | 2 Docker Desktop, Windows | 2024-08-04 | 7.8 High |
An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. If a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a connection attempt from Docker Service (which runs as SYSTEM), and then impersonate their privileges. | ||||
CVE-2020-10665 | 1 Docker | 1 Desktop | 2024-08-04 | 6.7 Medium |
Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. This affects Docker Desktop Enterprise before 2.1.0.9, Docker Desktop for Windows Stable before 2.2.0.4, and Docker Desktop for Windows Edge before 2.2.2.0. | ||||
CVE-2021-45449 | 1 Docker | 1 Docker Desktop | 2024-08-04 | 5.5 Medium |
Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user's machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0, 4.3.1. Gaining access to this data would require having access to the user’s local files. | ||||
CVE-2021-44719 | 2 Apple, Docker | 3 Mac Os X, Macos, Docker Desktop | 2024-08-04 | 8.4 High |
Docker Desktop 4.3.0 has Incorrect Access Control. | ||||
CVE-2021-41092 | 2 Docker, Fedoraproject | 2 Command Line Interface, Fedora | 2024-08-04 | 5.4 Medium |
Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH. | ||||
CVE-2021-37841 | 1 Docker | 1 Desktop | 2024-08-04 | 7.8 High |
Docker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes. This security issue leads an attacker with low privilege to read, write and possibly even execute code inside the containers. | ||||
CVE-2021-21284 | 3 Debian, Docker, Netapp | 3 Debian Linux, Docker, E-series Santricity Os Controller | 2024-08-03 | 6.8 Medium |
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/<remapping>" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user. | ||||
CVE-2021-21285 | 3 Debian, Docker, Netapp | 3 Debian Linux, Docker, E-series Santricity Os Controller | 2024-08-03 | 6.5 Medium |
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing. | ||||
CVE-2021-3162 | 2 Apple, Docker | 2 Macos, Docker | 2024-08-03 | 7.8 High |
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation. | ||||
CVE-2022-38730 | 1 Docker | 1 Desktop | 2024-08-03 | 6.3 Medium |
Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class. This allows exploiting a symlink vulnerability in ..\dataRoot\network\files\local-kv.db because of a TOCTOU race condition. |