U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:docker:docker:-:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 35 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2022-34883

OS Command Injection vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to execute arbitrary OS commands. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker.

Published: September 06, 2022; 3:15:07 AM -0400
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2022-34882

Information Exposure Through an Error Message vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to gain sensitive information. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker.

Published: September 06, 2022; 3:15:07 AM -0400
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2022-25365

Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774.

Published: February 18, 2022; 9:15:06 PM -0500
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2021-29742

IBM Security Verify Access Docker 10.0.0 could allow a user to impersonate another user on the system. IBM X-Force ID: 201483.

Published: July 15, 2021; 2:15:09 PM -0400
V3.1: 8.0 HIGH
V2.0: 5.2 MEDIUM
CVE-2021-29699

IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. IBM X-Force ID: 200600.

Published: July 15, 2021; 2:15:09 PM -0400
V3.1: 6.8 MEDIUM
V2.0: 6.0 MEDIUM
CVE-2021-20537

IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID:198918

Published: July 15, 2021; 2:15:09 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2021-20534

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 198814

Published: July 15, 2021; 2:15:09 PM -0400
V3.1: 3.5 LOW
V2.0: 4.9 MEDIUM
CVE-2021-20533

IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 198813

Published: July 15, 2021; 2:15:09 PM -0400
V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2021-20524

IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198661.

Published: July 15, 2021; 2:15:08 PM -0400
V3.1: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2021-20523

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 198660

Published: July 15, 2021; 2:15:08 PM -0400
V3.1: 2.7 LOW
V2.0: 4.0 MEDIUM
CVE-2021-20511

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 198300.

Published: July 15, 2021; 2:15:08 PM -0400
V3.1: 4.9 MEDIUM
V2.0: 6.8 MEDIUM
CVE-2021-20510

IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299

Published: July 15, 2021; 2:15:08 PM -0400
V3.1: 4.4 MEDIUM
V2.0: 2.1 LOW
CVE-2021-20500

IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. IBM X-Force ID: 197980.

Published: July 15, 2021; 2:15:08 PM -0400
V3.1: 4.4 MEDIUM
V2.0: 2.1 LOW
CVE-2021-20499

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197973

Published: July 15, 2021; 2:15:08 PM -0400
V3.1: 2.7 LOW
V2.0: 4.0 MEDIUM
CVE-2021-20498

IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requests that could be used in further attacks against the system. IBM X-Force ID: 197972.

Published: July 15, 2021; 2:15:08 PM -0400
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2021-20497

IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197969

Published: July 15, 2021; 2:15:08 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2021-20496

IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. IBM X-Force ID: 197966.

Published: July 15, 2021; 2:15:08 PM -0400
V3.1: 4.9 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2021-21285

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.

Published: February 02, 2021; 1:15:12 PM -0500
V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2021-21284

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/<remapping>" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.

Published: February 02, 2021; 1:15:11 PM -0500
V3.1: 6.8 MEDIUM
V2.0: 2.7 LOW
CVE-2020-27534

util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call.

Published: December 30, 2020; 6:15:15 PM -0500
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM