Filtered by vendor Docker
Subscriptions
Total
103 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-11492 | 2 Docker, Microsoft | 2 Docker Desktop, Windows | 2024-08-04 | 7.8 High |
| An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. If a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a connection attempt from Docker Service (which runs as SYSTEM), and then impersonate their privileges. | ||||
| CVE-2020-10665 | 1 Docker | 1 Desktop | 2024-08-04 | 6.7 Medium |
| Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. This affects Docker Desktop Enterprise before 2.1.0.9, Docker Desktop for Windows Stable before 2.2.0.4, and Docker Desktop for Windows Edge before 2.2.2.0. | ||||
| CVE-2021-45449 | 1 Docker | 1 Docker Desktop | 2024-08-04 | 5.5 Medium |
| Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user's machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0, 4.3.1. Gaining access to this data would require having access to the user’s local files. | ||||
| CVE-2021-44719 | 2 Apple, Docker | 3 Mac Os X, Macos, Docker Desktop | 2024-08-04 | 8.4 High |
| Docker Desktop 4.3.0 has Incorrect Access Control. | ||||
| CVE-2021-41092 | 2 Docker, Fedoraproject | 2 Command Line Interface, Fedora | 2024-08-04 | 5.4 Medium |
| Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH. | ||||
| CVE-2021-37841 | 1 Docker | 1 Desktop | 2024-08-04 | 7.8 High |
| Docker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes. This security issue leads an attacker with low privilege to read, write and possibly even execute code inside the containers. | ||||
| CVE-2021-21284 | 3 Debian, Docker, Netapp | 3 Debian Linux, Docker, E-series Santricity Os Controller | 2024-08-03 | 6.8 Medium |
| In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/<remapping>" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user. | ||||
| CVE-2021-21285 | 3 Debian, Docker, Netapp | 3 Debian Linux, Docker, E-series Santricity Os Controller | 2024-08-03 | 6.5 Medium |
| In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing. | ||||
| CVE-2021-3162 | 2 Apple, Docker | 2 Macos, Docker | 2024-08-03 | 7.8 High |
| Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation. | ||||
| CVE-2022-38730 | 1 Docker | 1 Desktop | 2024-08-03 | 6.3 Medium |
| Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class. This allows exploiting a symlink vulnerability in ..\dataRoot\network\files\local-kv.db because of a TOCTOU race condition. | ||||
| CVE-2022-37326 | 1 Docker | 1 Desktop | 2024-08-03 | 7.8 High |
| Docker Desktop for Windows before 4.6.0 allows attackers to delete (or create) any file through the dockerBackendV2 windowscontainers/start API by controlling the pidfile field inside the DaemonJSON field in the WindowsContainerStartRequest class. This can indirectly lead to privilege escalation. | ||||
| CVE-2022-34883 | 3 Docker, Hitachi, Microsoft | 3 Docker, Raid Manager Storage Replication Adapter, Windows | 2024-08-03 | 7.2 High |
| OS Command Injection vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to execute arbitrary OS commands. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker. | ||||
| CVE-2022-34882 | 3 Docker, Hitachi, Microsoft | 3 Docker, Raid Manager Storage Replication Adapter, Windows | 2024-08-03 | 9 Critical |
| Information Exposure Through an Error Message vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to gain sensitive information. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker. | ||||
| CVE-2022-34292 | 1 Docker | 1 Desktop | 2024-08-03 | 7.1 High |
| Docker Desktop for Windows before 4.6.0 allows attackers to overwrite any file through a symlink attack on the hyperv/create dockerBackendV2 API by controlling the DataFolder parameter for DockerDesktop.vhdx, a similar issue to CVE-2022-31647. | ||||
| CVE-2022-31647 | 1 Docker | 1 Desktop | 2024-08-03 | 7.1 High |
| Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder parameter, a different vulnerability than CVE-2022-26659. | ||||
| CVE-2022-26659 | 2 Docker, Microsoft | 2 Docker Desktop, Windows | 2024-08-03 | 7.1 High |
| Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run elevated, will write its log files to a location not writable by non-administrator users. | ||||
| CVE-2022-25365 | 2 Docker, Microsoft | 2 Docker, Windows | 2024-08-03 | 7.8 High |
| Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774. | ||||
| CVE-2022-23774 | 2 Docker, Microsoft | 2 Docker Desktop, Windows | 2024-08-03 | 5.3 Medium |
| Docker Desktop before 4.4.4 on Windows allows attackers to move arbitrary files. | ||||
| CVE-2023-1802 | 1 Docker | 1 Desktop | 2024-08-02 | 5.9 Medium |
| In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected. | ||||
| CVE-2023-0628 | 1 Docker | 1 Docker Desktop | 2024-08-02 | 6.1 Medium |
| Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL. | ||||