Vendor CVEs
Docker
All CVEs
93 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-0633 | 0.00 | — | 0.00 | Sep 25, 2023 | In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE).This issue affects Docker Desktop: before 4.12.0. | |||
| CVE-2023-0627 | 0.00 | — | 0.00 | Sep 25, 2023 | Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X. | |||
| CVE-2023-0626 | 0.00 | — | 0.01 | Sep 25, 2023 | Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route. This issue affects Docker Desktop: before 4.12.0. | |||
| CVE-2023-0625 | 0.00 | — | 0.01 | Sep 25, 2023 | Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: before 4.12.0. | |||
| CVE-2023-5166 | 0.00 | — | 0.01 | Sep 25, 2023 | Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: before 4.23.0. | |||
| CVE-2023-5165 | 0.00 | — | 0.00 | Sep 25, 2023 | Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business… | |||
| CVE-2023-40453 | 0.00 | — | 0.01 | Aug 14, 2023 | Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action (via escape sequence injection), or might have a data size that causes a denial of… | |||
| CVE-2022-38730 | 0.00 | — | 0.00 | Apr 27, 2023 | Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class. This allows exploiting a symlink… | |||
| CVE-2022-31647 | 0.00 | — | 0.00 | Apr 27, 2023 | Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder parameter, a different vulnerability than CVE-2022-26659. | |||
| CVE-2023-1802 | 0.00 | — | 0.01 | Apr 6, 2023 | In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental… | |||
| CVE-2023-0629 | 0.00 | — | 0.00 | Mar 13, 2023 | Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/docker_engine_linux on Windows, via the -H (--host) CLI flag or the DOCKER_HOST environment… | |||
| CVE-2023-0628 | 0.00 | — | 0.00 | Mar 13, 2023 | Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL. | |||
| CVE-2021-44719 | 0.00 | — | 0.00 | May 25, 2022 | Docker Desktop 4.3.0 has Incorrect Access Control. | |||
| CVE-2022-27650 | 0.00 | — | 0.01 | Apr 4, 2022 | A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker… | |||
| CVE-2022-26659 | 0.00 | — | 0.00 | Mar 25, 2022 | Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run elevated,… | |||
| CVE-2022-25365 | 0.00 | — | 0.01 | Feb 19, 2022 | Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774. | |||
| CVE-2022-23774 | 0.00 | — | 0.01 | Feb 1, 2022 | Docker Desktop before 4.4.4 on Windows allows attackers to move arbitrary files. | |||
| CVE-2021-45449 | 0.00 | — | 0.00 | Jan 12, 2022 | Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user's machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0, 4.3.1. Gaining access… | |||
| CVE-2021-41092 | 0.00 | — | 0.02 | Oct 4, 2021 | Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or… | |||
| CVE-2021-37841 | 0.00 | — | 0.01 | Aug 12, 2021 | Docker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes. This security issue leads… | |||
| CVE-2021-3162 | 0.00 | — | 0.00 | Jan 15, 2021 | Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation. | |||
| CVE-2020-35467 | 0.00 | — | 0.02 | Dec 15, 2020 | The Docker Docs Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Docker Docs container may allow a remote attacker to achieve root access with a blank password. | |||
| CVE-2020-29591 | 0.00 | — | 0.03 | Dec 11, 2020 | Versions of the Official registry Docker images through 2.7.0 contain a blank password for the root user. Systems deployed using affected versions of the registry container may allow a remote attacker to achieve root access with a blank password. | |||
| CVE-2020-15360 | 0.00 | — | 0.01 | Jun 27, 2020 | com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalation because of a lack of client verification. | |||
| CVE-2020-11492 | 0.00 | — | 0.01 | Jun 5, 2020 | An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. If a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a connection attempt from Docker Service (which runs as SYSTEM), and then impersonate… | |||
| CVE-2020-10665 | 0.00 | — | 0.01 | Mar 18, 2020 | Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. This affects Docker Desktop Enterprise before… | |||
| CVE-2014-5278 | 0.00 | — | 0.02 | Feb 7, 2020 | A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs. | |||
| CVE-2014-0048 | 0.00 | — | 0.07 | Jan 2, 2020 | An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways. | |||
| CVE-2014-8179 | 0.00 | — | 0.03 | Dec 4, 2019 | Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation. | |||
| CVE-2014-8178 | 0.00 | — | 0.00 | Dec 4, 2019 | Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands. | |||
| CVE-2019-13139 | 0.00 | — | 0.02 | Aug 22, 2019 | In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in command injection into the… | |||
| CVE-2019-1020014 | 0.00 | — | 0.00 | Jul 29, 2019 | docker-credential-helpers before 0.6.3 has a double free in the List functions. | |||
| CVE-2019-5736 | 0.00 | — | 0.99 | Feb 11, 2019 | runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new… | |||
| CVE-2018-20699 | 0.00 | — | 0.02 | Jan 12, 2019 | Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go. | |||
| CVE-2018-10892 | Med | 0.00 | 5.3 | 0.01 | Jul 6, 2018 | The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness. | ||
| CVE-2015-3631 | 0.00 | — | 0.01 | May 18, 2015 | Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc. | |||
| CVE-2015-3630 | 0.00 | — | 0.01 | May 18, 2015 | Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image. | |||
| CVE-2015-3627 | 0.00 | — | 0.01 | May 18, 2015 | Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image. | |||
| CVE-2014-9358 | 0.00 | — | 0.03 | Dec 16, 2014 | Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation or (2) "registry communications." | |||
| CVE-2014-6408 | 0.00 | — | 0.03 | Dec 12, 2014 | Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image. | |||
| CVE-2014-6407 | 0.00 | — | 0.05 | Dec 12, 2014 | Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation. | |||
| CVE-2014-5277 | 0.00 | — | 0.02 | Nov 17, 2014 | Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client… | |||
| CVE-2014-3499 | 0.00 | — | 0.00 | Jul 11, 2014 | Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors. |
- CVE-2023-0633Sep 25, 2023risk 0.00cvss —epss 0.00
In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE).This issue affects Docker Desktop: before 4.12.0.
- CVE-2023-0627Sep 25, 2023risk 0.00cvss —epss 0.00
Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X.
- CVE-2023-0626Sep 25, 2023risk 0.00cvss —epss 0.01
Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route. This issue affects Docker Desktop: before 4.12.0.
- CVE-2023-0625Sep 25, 2023risk 0.00cvss —epss 0.01
Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: before 4.12.0.
- CVE-2023-5166Sep 25, 2023risk 0.00cvss —epss 0.01
Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: before 4.23.0.
- CVE-2023-5165Sep 25, 2023risk 0.00cvss —epss 0.00
Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business…
- CVE-2023-40453Aug 14, 2023risk 0.00cvss —epss 0.01
Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action (via escape sequence injection), or might have a data size that causes a denial of…
- CVE-2022-38730Apr 27, 2023risk 0.00cvss —epss 0.00
Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class. This allows exploiting a symlink…
- CVE-2022-31647Apr 27, 2023risk 0.00cvss —epss 0.00
Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder parameter, a different vulnerability than CVE-2022-26659.
- CVE-2023-1802Apr 6, 2023risk 0.00cvss —epss 0.01
In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental…
- CVE-2023-0629Mar 13, 2023risk 0.00cvss —epss 0.00
Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/docker_engine_linux on Windows, via the -H (--host) CLI flag or the DOCKER_HOST environment…
- CVE-2023-0628Mar 13, 2023risk 0.00cvss —epss 0.00
Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL.
- CVE-2021-44719May 25, 2022risk 0.00cvss —epss 0.00
Docker Desktop 4.3.0 has Incorrect Access Control.
- CVE-2022-27650Apr 4, 2022risk 0.00cvss —epss 0.01
A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker…
- CVE-2022-26659Mar 25, 2022risk 0.00cvss —epss 0.00
Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run elevated,…
- CVE-2022-25365Feb 19, 2022risk 0.00cvss —epss 0.01
Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774.
- CVE-2022-23774Feb 1, 2022risk 0.00cvss —epss 0.01
Docker Desktop before 4.4.4 on Windows allows attackers to move arbitrary files.
- CVE-2021-45449Jan 12, 2022risk 0.00cvss —epss 0.00
Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user's machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0, 4.3.1. Gaining access…
- CVE-2021-41092Oct 4, 2021risk 0.00cvss —epss 0.02
Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or…
- CVE-2021-37841Aug 12, 2021risk 0.00cvss —epss 0.01
Docker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes. This security issue leads…
- CVE-2021-3162Jan 15, 2021risk 0.00cvss —epss 0.00
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
- CVE-2020-35467Dec 15, 2020risk 0.00cvss —epss 0.02
The Docker Docs Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Docker Docs container may allow a remote attacker to achieve root access with a blank password.
- CVE-2020-29591Dec 11, 2020risk 0.00cvss —epss 0.03
Versions of the Official registry Docker images through 2.7.0 contain a blank password for the root user. Systems deployed using affected versions of the registry container may allow a remote attacker to achieve root access with a blank password.
- CVE-2020-15360Jun 27, 2020risk 0.00cvss —epss 0.01
com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalation because of a lack of client verification.
- CVE-2020-11492Jun 5, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. If a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a connection attempt from Docker Service (which runs as SYSTEM), and then impersonate…
- CVE-2020-10665Mar 18, 2020risk 0.00cvss —epss 0.01
Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. This affects Docker Desktop Enterprise before…
- CVE-2014-5278Feb 7, 2020risk 0.00cvss —epss 0.02
A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs.
- CVE-2014-0048Jan 2, 2020risk 0.00cvss —epss 0.07
An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways.
- CVE-2014-8179Dec 4, 2019risk 0.00cvss —epss 0.03
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation.
- CVE-2014-8178Dec 4, 2019risk 0.00cvss —epss 0.00
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands.
- CVE-2019-13139Aug 22, 2019risk 0.00cvss —epss 0.02
In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in command injection into the…
- CVE-2019-1020014Jul 29, 2019risk 0.00cvss —epss 0.00
docker-credential-helpers before 0.6.3 has a double free in the List functions.
- CVE-2019-5736Feb 11, 2019risk 0.00cvss —epss 0.99
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new…
- CVE-2018-20699Jan 12, 2019risk 0.00cvss —epss 0.02
Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go.
- risk 0.00cvss 5.3epss 0.01
The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness.
- CVE-2015-3631May 18, 2015risk 0.00cvss —epss 0.01
Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc.
- CVE-2015-3630May 18, 2015risk 0.00cvss —epss 0.01
Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image.
- CVE-2015-3627May 18, 2015risk 0.00cvss —epss 0.01
Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.
- CVE-2014-9358Dec 16, 2014risk 0.00cvss —epss 0.03
Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation or (2) "registry communications."
- CVE-2014-6408Dec 12, 2014risk 0.00cvss —epss 0.03
Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image.
- CVE-2014-6407Dec 12, 2014risk 0.00cvss —epss 0.05
Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.
- CVE-2014-5277Nov 17, 2014risk 0.00cvss —epss 0.02
Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client…
- CVE-2014-3499Jul 11, 2014risk 0.00cvss —epss 0.00
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.
Page 2 of 2