Latest docker docker Vulnerabilities

CVE-2022-34883
OS Command Injection vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to execute arbitrary OS commands. This issue affects: Hitachi RAID Manager Stor...
Hitachi RAID Manager Storage Replication Adapter>=02.01.04<02.03.02
Hitachi RAID Manager Storage Replication Adapter=02.05.00
Microsoft Windows
Docker Docker
CVE-2022-34882
Information Exposure Through an Error Message vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to gain sensitive information. This issue affects: Hit...
Hitachi RAID Manager Storage Replication Adapter>=02.01.04<02.03.02
Hitachi RAID Manager Storage Replication Adapter=02.05.00
Microsoft Windows
Docker Docker
CVE-2022-25365
Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774.
Docker Docker<4.5.1
Microsoft Windows
CVE-2021-29699
IBM Security Access Manager Docker could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user.
IBM Security Verify Access Docker<=10.0.0
IBM Security Verify Access=10.0.0
Docker Docker
CVE-2021-20499
IBM Security Access Manager Docker could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in ...
IBM Security Verify Access Docker<=10.0.0
IBM Security Verify Access=10.0.0
Docker Docker
CVE-2021-20510
IBM Security Access Manager Docker stores user credentials in plain clear text which can be read by a local user.
IBM Security Verify Access Docker<=10.0.0
IBM Security Verify Access=10.0.0
Docker Docker
CVE-2021-20497
IBM Security Access Manager Docker uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
IBM Security Verify Access Docker<=10.0.0
IBM Security Verify Access=10.0.0
Docker Docker
CVE-2021-20500
IBM Security Access Manager Docker could reveal highly sensitive information to a local privileged user.
IBM Security Verify Access Docker<=10.0.0
IBM Security Verify Access=10.0.0
Docker Docker
CVE-2021-20496
IBM Security Access Manager Docker could allow an authenticated user to bypass input due to improper input validation.
IBM Security Verify Access Docker<=10.0.0
IBM Security Verify Access=10.0.0
Docker Docker
CVE-2021-20537
IBM iConnect Access (SaMD) contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or...
IBM Security Verify Access Docker<=10.0.0
IBM Security Verify Access=10.0.0
Docker Docker
CVE-2021-20523
IBM Security Access Manager Docker could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in ...
IBM Security Verify Access Docker<=10.0.0
IBM Security Verify Access=10.0.0
Docker Docker
CVE-2021-20524
IBM Security Access Manager Docker is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pote...
IBM Security Verify Access Docker<=10.0.0
IBM Security Verify Access=10.0.0
Docker Docker
CVE-2021-29742
IBM Security Access Manager Appliance could allow a user to impersonate another user on the system.
IBM Security Verify Access Docker<=10.0.0
IBM Security Verify Access=10.0.0
Docker Docker
CVE-2021-20533
IBM Security Access Manager Docker could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
IBM Security Verify Access Docker<=10.0.0
IBM Security Verify Access=10.0.0
Docker Docker
CVE-2021-20498
IBM Security Access Manager Docker reveals version information in HTTP requets that could be used in further attacks against the system.
IBM Security Verify Access Docker<=10.0.0
IBM Security Verify Access=10.0.0
Docker Docker
CVE-2021-21285
### Impact Pulling an intentionally malformed Docker image manifest crashes the `dockerd` daemon. ### Patches Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing. #...
Docker Docker<19.03.15
Docker Docker>=20.0.0<20.10.3
Debian Debian Linux=10.0
NetApp E-Series SANtricity OS Controller>=11.0<=11.60.3
debian/docker.io
IBM Security Guardium<=10.5
and 7 more
CVE-2021-21284
### Impact When using `--userns-remap`, if the root user in the remapped namespace has access to the host filesystem they can modify files under `/var/lib/docker/<remapping>` that cause writing files...
Docker Docker<19.03.15
Docker Docker>=20.0.0<20.10.3
Debian Debian Linux=10.0
NetApp E-Series SANtricity OS Controller>=11.0.0<=11.60.3
debian/docker.io
IBM Security Guardium<=10.5
and 7 more
CVE-2021-3162
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
Docker Docker<2.5.0.0
Apple macOS
CVE-2020-27534
util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.Te...
Docker Docker<19.03.9
go/github.com/moby/moby<19.03.9
go/github.com/docker/docker<19.03.9
CVE-2020-14300
The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrec...
Docker Docker=1.13.1
Redhat Enterprise Linux Server=7.0
CVE-2020-14298
Docker Docker=1.13.1
Redhat Openshift Container Platform>=3.0<=3.7.61
Redhat Enterprise Linux Server=7.0
CVE-2014-5278
A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs.
Docker Docker<1.2.0
CVE-2014-0048
An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways.
debian/docker.io
Docker Docker<1.5.0
Apache Geode=1.12.0
CVE-2014-8179
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject...
Docker Cs Engine<1.6.2-cs7
Docker Docker<1.8.3
Oracle Java Runtime Environment (JRE)=13.2
CVE-2014-8178
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a craf...
Docker Cs Engine<1.6.2-cs7
Docker Docker<1.8.3
Opensuse Opensuse=13.2
CVE-2019-16884
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a ma...
redhat/runc<0:1.0.0-67.rc10.el7_8
redhat/docker<2:1.13.1-161.git64e9980.el7_8
redhat/runc<0:1.0.0-62.rc8.rhaos4.1.git3cbe540.el8
redhat/runc<0:1.0.0-63.rc8.el8
ubuntu/runc<1.0.0~
ubuntu/runc<1.0.0~
and 36 more
CVE-2019-15752
Docker Desktop Community Edition Privilege Escalation Vulnerability
Docker Docker<2.1.0.1
Microsoft Windows
CVE-2019-13139
In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "doc...
Docker Docker<18.09.4
debian/docker.io
CVE-2019-14271
In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the content...
Docker Docker>=19.03<19.03.1
Debian Debian Linux=10.0
openSUSE Leap=15.0
openSUSE Leap=15.1
debian/docker.io
go/github.com/moby/moby>=19.03.0<19.03.1
CVE-2019-13509
In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a ...
Docker Docker>=18.09.0<18.09.8
Docker Docker=17.03.2-1
Docker Docker=17.03.2-2
Docker Docker=17.03.2-3
Docker Docker=17.03.2-4
Docker Docker=17.03.2-5
and 35 more
CVE-2018-15664
In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to...
ubuntu/docker.io<18.09.7-0ubuntu1~18.04.3
ubuntu/docker.io<18.09.7-0ubuntu1~18.10.3
ubuntu/docker.io<18.09.7-0ubuntu1~19.04.4
ubuntu/docker.io<18.09.07
ubuntu/docker.io<18.09.7-0ubuntu1~16.04.4
=17.06.0-ce
and 128 more
CVE-2019-5736
runc has a vulnerability in the usage of system file descriptors that allows for container escape and access to the host filesystem. An attacker can exploit this by convincing users to run malicious o...
ubuntu/runc<1.0.0~
ubuntu/runc<1.0.0~
ubuntu/runc<1.0.0~
ubuntu/docker.io<18.06.1-0ubuntu1.2~18.04.1
ubuntu/docker.io<18.06.1-0ubuntu1.2
ubuntu/docker.io<18.06.1-0ubuntu1.2~16.04.1
and 44 more
CVE-2018-15514
HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the ...
Docker Docker=1.10.0.0-0
Docker Docker=1.10.1.42-1
Docker Docker=1.10.2.12
Docker Docker=1.10.2.14
Docker Docker=1.10.4.0
Docker Docker=1.10.6
and 98 more
CVE-2018-10892
The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disab...
Docker Docker>=1.11<=18.03.1
Docker Docker>=1.11<=18.03.1
Mobyproject Moby>=1.11<=17.03.2
Redhat Openstack=12
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux Server=7.0
and 2 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203