Latest Docker Vulnerabilities

CVE-2023-40453
Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action (vi...
<=0.16.2
CVE-2023-5166
Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: before 4.23.0.
Docker Docker Desktop<4.23.0
CVE-2023-5165
Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching ...
Docker Docker Desktop>=4.13.0<4.23.0
CVE-2023-0627
Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X.
Docker Docker Desktop>=4.11.0<4.12.0
CVE-2023-0625
Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: before 4.12.0.
Docker Docker Desktop<4.12.0
CVE-2023-0626
Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route. This issue affects Docker Desktop: before 4.12.0.
Docker Docker Desktop<4.12.0
CVE-2023-0633
In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE).This issue affects Docker Desktop: before 4.12.0.
Docker Docker Desktop<4.12.0
CVE-2022-38730
Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in t...
Docker Desktop<4.6.0
CVE-2022-34292
Docker Desktop for Windows before 4.6.0 allows attackers to overwrite any file through a symlink attack on the hyperv/create dockerBackendV2 API by controlling the DataFolder parameter for DockerDeskt...
Docker Desktop<4.6.0
CVE-2022-37326
Docker Desktop for Windows before 4.6.0 allows attackers to delete (or create) any file through the dockerBackendV2 windowscontainers/start API by controlling the pidfile field inside the DaemonJSON f...
Docker Desktop<4.6.0
CVE-2022-31647
Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder parameter, a different vulnerability than CVE-...
Docker Desktop<4.6.0
CVE-2023-1802
In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targeted network sniffing attack can lead to a d...
Docker Desktop=4.17.0
Docker Desktop=4.17.1
CVE-2023-0628
Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:...
Docker Docker Desktop<4.17.0
CVE-2022-34882
Information Exposure Through an Error Message vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to gain sensitive information. This issue affects: Hit...
Hitachi RAID Manager Storage Replication Adapter>=02.01.04<02.03.02
Hitachi RAID Manager Storage Replication Adapter=02.05.00
Microsoft Windows
Docker Docker
CVE-2022-34883
OS Command Injection vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to execute arbitrary OS commands. This issue affects: Hitachi RAID Manager Stor...
Hitachi RAID Manager Storage Replication Adapter>=02.01.04<02.03.02
Hitachi RAID Manager Storage Replication Adapter=02.05.00
Microsoft Windows
Docker Docker
CVE-2021-44719
Docker Desktop 4.3.0 has Incorrect Access Control.
Docker Docker Desktop<4.5.0
Apple Mac OS X
Apple macOS
CVE-2022-26659
Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file....
Docker Docker Desktop<4.6.0
Microsoft Windows
CVE-2022-25365
Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774.
Docker Docker<4.5.1
Microsoft Windows
CVE-2022-23774
Docker Desktop before 4.4.4 on Windows allows attackers to move arbitrary files.
Docker Docker Desktop<4.4.4
Microsoft Windows
CVE-2021-45449
Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user's machine during login. This only affects users if they are on Docker Desktop...
Docker Docker Desktop=4.3.0
Docker Docker Desktop=4.3.1
CVE-2021-41092
Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configura...
Docker Command Line Interface<20.10.9
Fedoraproject Fedora=34
Fedoraproject Fedora=35
CVE-2021-37841
Docker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise i...
Docker Desktop<3.6.0
CVE-2021-20533
IBM Security Access Manager Docker could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
IBM Security Verify Access Docker<=10.0.0
IBM Security Verify Access=10.0.0
Docker Docker
CVE-2021-20498
IBM Security Access Manager Docker reveals version information in HTTP requets that could be used in further attacks against the system.
IBM Security Verify Access Docker<=10.0.0
IBM Security Verify Access=10.0.0
Docker Docker
CVE-2021-20500
IBM Security Access Manager Docker could reveal highly sensitive information to a local privileged user.
IBM Security Verify Access Docker<=10.0.0
IBM Security Verify Access=10.0.0
Docker Docker
CVE-2021-20496
IBM Security Access Manager Docker could allow an authenticated user to bypass input due to improper input validation.
IBM Security Verify Access Docker<=10.0.0
IBM Security Verify Access=10.0.0
Docker Docker
CVE-2021-20537
IBM iConnect Access (SaMD) contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or...
IBM Security Verify Access Docker<=10.0.0
IBM Security Verify Access=10.0.0
Docker Docker
CVE-2021-20523
IBM Security Access Manager Docker could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in ...
IBM Security Verify Access Docker<=10.0.0
IBM Security Verify Access=10.0.0
Docker Docker
CVE-2021-20524
IBM Security Access Manager Docker is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pote...
IBM Security Verify Access Docker<=10.0.0
IBM Security Verify Access=10.0.0
Docker Docker
CVE-2021-29742
IBM Security Access Manager Appliance could allow a user to impersonate another user on the system.
IBM Security Verify Access Docker<=10.0.0
IBM Security Verify Access=10.0.0
Docker Docker
CVE-2021-29699
IBM Security Access Manager Docker could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user.
IBM Security Verify Access Docker<=10.0.0
IBM Security Verify Access=10.0.0
Docker Docker
CVE-2021-20499
IBM Security Access Manager Docker could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in ...
IBM Security Verify Access Docker<=10.0.0
IBM Security Verify Access=10.0.0
Docker Docker
CVE-2021-20510
IBM Security Access Manager Docker stores user credentials in plain clear text which can be read by a local user.
IBM Security Verify Access Docker<=10.0.0
IBM Security Verify Access=10.0.0
Docker Docker
CVE-2021-20497
IBM Security Access Manager Docker uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
IBM Security Verify Access Docker<=10.0.0
IBM Security Verify Access=10.0.0
Docker Docker
CVE-2021-21285
### Impact Pulling an intentionally malformed Docker image manifest crashes the `dockerd` daemon. ### Patches Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing. #...
Docker Docker<19.03.15
Docker Docker>=20.0.0<20.10.3
Debian Debian Linux=10.0
NetApp E-Series SANtricity OS Controller>=11.0<=11.60.3
debian/docker.io
IBM Security Guardium<=10.5
and 7 more
CVE-2021-21284
### Impact When using `--userns-remap`, if the root user in the remapped namespace has access to the host filesystem they can modify files under `/var/lib/docker/<remapping>` that cause writing files...
Docker Docker<19.03.15
Docker Docker>=20.0.0<20.10.3
Debian Debian Linux=10.0
NetApp E-Series SANtricity OS Controller>=11.0.0<=11.60.3
debian/docker.io
IBM Security Guardium<=10.5
and 7 more
CVE-2021-3162
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
Docker Docker<2.5.0.0
Apple macOS
CVE-2020-27534
util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.Te...
Docker Docker<19.03.9
go/github.com/moby/moby<19.03.9
go/github.com/docker/docker<19.03.9
CVE-2020-35197
The official memcached docker images before 1.5.11-alpine (Alpine specific) contain a blank password for a root user. System using the memcached docker container deployed by affected versions of the d...
<1.5.11
CVE-2020-35195
The official haproxy docker images before 1.8.18-alpine (Alpine specific) contain a blank password for a root user. System using the haproxy docker container deployed by affected versions of the docke...
Docker Haproxy Docker Image<1.8.18
CVE-2020-35196
The official rabbitmq docker images before 3.7.13-beta.1-management-alpine (Alpine specific) contain a blank password for a root user. System using the rabbitmq docker container deployed by affected v...
<=3.7.12
CVE-2020-35186
The official adminer docker images before 4.7.0-fastcgi contain a blank password for a root user. System using the adminer docker container deployed by affected versions of the docker image may allow ...
Docker Adminer>=4.2.5-fastcgi<4.7.0-fastcgi
CVE-2020-35184
The official composer docker images before 1.8.3 contain a blank password for a root user. System using the composer docker container deployed by affected versions of the docker image may allow a remo...
<1.8.3
CVE-2020-35185
The official ghost docker images before 2.16.1-alpine (Alpine specific) contain a blank password for a root user. System using the ghost docker container deployed by affected versions of the docker im...
<2.16.1
CVE-2020-35467
The Docker Docs Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Docker Docs container may allow a remote attacker to achiev...
<=2020-12-14
CVE-2020-29591
Versions of the Official registry Docker images through 2.7.0 contain a blank password for the root user. Systems deployed using affected versions of the registry container may allow a remote attacker...
Docker Registry=2.5
Docker Registry=2.5.0
Docker Registry=2.5.0-rc
Docker Registry=2.5.0-rc2
Docker Registry=2.5.1
Docker Registry=2.6.0
and 4 more
CVE-2020-29581
The official spiped docker images before 1.5-alpine contain a blank password for a root user. Systems using the spiped docker container deployed by affected versions of the docker image may allow an r...
Docker Spiped Alpine Docker Image<1.5
CVE-2020-29580
The official storm Docker images before 1.2.1 contain a blank password for a root user. Systems using the Storm Docker container deployed by affected versions of the Docker image may allow an remote a...
Docker Storm Docker Image<1.2.1
CVE-2020-29601
The official notary docker images before signer-0.6.1-1 contain a blank password for a root user. System using the notary docker container deployed by affected versions of the docker image may allow a...
Docker Notary Docker Image<signer-0.6.1-1
CVE-2020-29575
The official elixir Docker images before 1.8.0-alpine (Alpine specific) contain a blank password for a root user. Systems using the elixir Linux Docker container deployed by affected versions of the D...
Docker Elixir Alpine Docker Image<1.8.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203