Filtered by vendor Docker Subscriptions
Total 103 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-26659 2 Docker, Microsoft 2 Docker Desktop, Windows 2024-11-21 7.1 High
Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run elevated, will write its log files to a location not writable by non-administrator users.
CVE-2022-25365 2 Docker, Microsoft 2 Docker, Windows 2024-11-21 7.8 High
Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774.
CVE-2022-23774 2 Docker, Microsoft 2 Docker Desktop, Windows 2024-11-21 5.3 Medium
Docker Desktop before 4.4.4 on Windows allows attackers to move arbitrary files.
CVE-2021-45449 1 Docker 1 Docker Desktop 2024-11-21 5.5 Medium
Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user's machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0, 4.3.1. Gaining access to this data would require having access to the user’s local files.
CVE-2021-44719 2 Apple, Docker 3 Mac Os X, Macos, Docker Desktop 2024-11-21 8.4 High
Docker Desktop 4.3.0 has Incorrect Access Control.
CVE-2021-41092 2 Docker, Fedoraproject 2 Command Line Interface, Fedora 2024-11-21 5.4 Medium
Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH.
CVE-2021-3162 2 Apple, Docker 2 Macos, Docker 2024-11-21 7.8 High
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-37841 1 Docker 1 Desktop 2024-11-21 7.8 High
Docker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes. This security issue leads an attacker with low privilege to read, write and possibly even execute code inside the containers.
CVE-2021-29742 2 Docker, Ibm 2 Docker, Security Verify Access 2024-11-21 8.0 High
IBM Security Verify Access Docker 10.0.0 could allow a user to impersonate another user on the system. IBM X-Force ID: 201483.
CVE-2021-29699 2 Docker, Ibm 2 Docker, Security Verify Access 2024-11-21 6.8 Medium
IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. IBM X-Force ID: 200600.
CVE-2021-21285 3 Debian, Docker, Netapp 3 Debian Linux, Docker, E-series Santricity Os Controller 2024-11-21 6.5 Medium
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.
CVE-2021-21284 3 Debian, Docker, Netapp 3 Debian Linux, Docker, E-series Santricity Os Controller 2024-11-21 6.8 Medium
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/<remapping>" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.
CVE-2021-20537 2 Docker, Ibm 2 Docker, Security Verify Access 2024-11-21 6.5 Medium
IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID:198918
CVE-2021-20534 2 Docker, Ibm 2 Docker, Security Verify Access 2024-11-21 3.5 Low
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 198814
CVE-2021-20533 2 Docker, Ibm 2 Docker, Security Verify Access 2024-11-21 7.2 High
IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 198813
CVE-2021-20524 2 Docker, Ibm 2 Docker, Security Verify Access 2024-11-21 4.8 Medium
IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198661.
CVE-2021-20523 2 Docker, Ibm 2 Docker, Security Verify Access 2024-11-21 2.7 Low
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 198660
CVE-2021-20511 2 Docker, Ibm 2 Docker, Security Verify Access 2024-11-21 4.9 Medium
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 198300.
CVE-2021-20510 2 Docker, Ibm 2 Docker, Security Verify Access 2024-11-21 4.4 Medium
IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299
CVE-2021-20500 2 Docker, Ibm 2 Docker, Security Verify Access 2024-11-21 4.4 Medium
IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. IBM X-Force ID: 197980.