Skip to main content

Docker

820 CVEs product

Monthly

CVE-2023-0629 HIGH This Week

Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Docker Docker Desktop
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-0628 HIGH This Week

Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Docker Docker Desktop
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-27482 CRITICAL POC THREAT Act Now

homeassistant is an open source home automation tool. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Authentication Bypass Docker Home Assistant Supervisor
NVD GitHub
CVSS 3.1
10.0
EPSS
72.0%
CVE-2023-26490 HIGH POC This Week

mailcow is a dockerized email package, with multiple containers linked in one bridged network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

OpenSSL Command Injection Docker Mailcow
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2023-27290 CRITICAL POC Act Now

Docker based datastores for IBM Instana (IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0) do not currently require authentication. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Docker Authentication Bypass IBM Observability With Instana
NVD Exploit-DB
CVSS 3.1
9.1
EPSS
8.6%
CVE-2023-22746 HIGH PATCH This Week

CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Docker Ckan
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-22495 CRITICAL POC Act Now

Izanami is a shared configuration service well-suited for micro-service architecture implementation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Docker Izanami
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-22475 MEDIUM PATCH This Month

Canarytokens is an open source tool which helps track activity and actions on your network. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Docker Canarytokens
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-46157 PHP HIGH POC PATCH This Week

Akeneo PIM is an open source Product Information Management (PIM). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apache PHP Code Injection Docker RCE +1
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-22984 npm MEDIUM POC PATCH This Month

The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Docker Python Command Injection Snyk Cli Snyk Cocoapods Cli +6
NVD GitHub
CVSS 3.1
6.3
EPSS
3.0%
CVE-2022-41939 HIGH POC PATCH This Week

knative.dev/func is is a client library and CLI enabling the development and deployment of Kubernetes functions. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Docker Information Disclosure Kubernetes Knative Func
NVD GitHub
CVSS 3.1
7.4
EPSS
0.9%
CVE-2022-45385 Maven HIGH PATCH This Week

A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Jenkins Cloudbees Docker Hub Registry Notification
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-0324 HIGH This Week

There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Buffer Overflow Software For Open Networking In The Cloud
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-43679 MEDIUM This Month

The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Owncloud
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-39321 CRITICAL PATCH Act Now

GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Docker Command Injection Runner
NVD GitHub
CVSS 3.1
9.9
EPSS
1.5%
CVE-2022-39206 CRITICAL POC PATCH Act Now

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Docker Code Injection Onedev
NVD GitHub
CVSS 3.1
9.9
EPSS
1.7%
CVE-2022-36109 Go MEDIUM PATCH This Month

Moby is an open-source project created by Docker to enable software containerization. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Docker Moby Fedora
NVD GitHub
CVSS 3.1
6.3
EPSS
0.8%
CVE-2022-34883 HIGH This Week

OS Command Injection vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to execute arbitrary OS commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Docker Command Injection Raid Manager Storage Replication Adapter
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-34882 MEDIUM This Month

Information Exposure Through an Error Message vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to gain sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Docker Raid Manager Storage Replication Adapter
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-34372 CRITICAL PATCH Act Now

Dell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an authentication bypass vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Docker Dell Authentication Bypass Powerprotect Cyber Recovery
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2022-38362 PyPI HIGH PATCH This Week

Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Docker Apache Airflow Providers Docker
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-32481 HIGH PATCH This Week

Dell PowerProtect Cyber Recovery, versions prior to 19.11, contain a privilege escalation vulnerability on virtual appliance deployments. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Dell Docker Powerprotect Cyber Recovery
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-29168 MEDIUM This Month

Wire is a secure messaging application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Docker Wire Webapp
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-30137 MEDIUM PATCH This Month

Executive Summary An Elevation of Privilege (EOP) vulnerability has been identified within Service Fabric clusters that run Docker containers. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

RCE Docker Service Fabric
NVD
CVSS 3.1
6.7
EPSS
1.2%
CVE-2022-31066 Go MEDIUM PATCH This Month

EdgeX Foundry is an open source project for building a common open framework for Internet of Things edge computing. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Docker Information Disclosure Edgex Foundry
NVD GitHub
CVSS 3.1
4.4
EPSS
0.3%
CVE-2022-29186 CRITICAL PATCH Act Now

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Debian Docker Rundeck
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29184 HIGH PATCH This Week

GoCD is a continuous delivery server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Docker Gocd
NVD GitHub
CVSS 3.1
8.8
EPSS
3.6%
CVE-2022-29180 Go CRITICAL PATCH Act Now

A vulnerability in which attackers could forge HTTP requests to manipulate the `charm` data directory to access or delete anything on the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Docker Charm
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-24799 MEDIUM PATCH This Month

wire-webapp is the web application interface for the wire messaging service. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Docker Wire Webapp
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-27652 Go MEDIUM PATCH This Month

A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Docker Cri O Fedora Moby +1
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-27651 Go MEDIUM PATCH This Month

A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Docker Buildah Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
6.8
EPSS
1.2%
CVE-2022-27650 HIGH PATCH This Week

A flaw was found in crun where containers were incorrectly started with non-empty default permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Docker Crun Fedora Openshift Container Platform +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-27649 Go HIGH PATCH This Week

A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Docker Podman Developer Tools Openshift Container Platform +11
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-26659 HIGH This Week

Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Docker Docker Desktop
NVD GitHub
CVSS 3.1
7.1
EPSS
0.4%
CVE-2022-24769 Go MEDIUM PATCH This Month

Moby is an open-source project created by Docker to enable and accelerate software containerization. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Docker Moby Fedora Runc +1
NVD GitHub
CVSS 3.1
5.9
EPSS
0.5%
CVE-2022-25365 HIGH PATCH This Week

Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Microsoft Docker
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-43842 MEDIUM PATCH This Month

Wiki.js is a wiki app built on Node.js. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Node.js Docker XSS File Upload Wiki Js
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-39939 MEDIUM This Month

An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting from 13.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Denial Of Service Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-23732 CRITICAL POC Act Now

This affects all versions of package docker-cli-js. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Docker Command Injection Docker Cli Js
NVD
CVSS 3.1
9.0
EPSS
1.8%
CVE-2021-43196 HIGH This Week

In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Teamcity
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-41130 MEDIUM PATCH This Month

Extensible Service Proxy, a.k.a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Google Docker Authentication Bypass Extensible Service Proxy
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2021-35497 HIGH This Week

The FTL Server (tibftlserver) and Docker images containing tibftlserver components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, TIBCO. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Docker Privilege Escalation Activespaces Eftl Ftl
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2021-41091 Go MEDIUM PATCH This Month

Moby is an open-source project created by Docker to enable software containerization. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity.

Docker Information Disclosure Moby Fedora
NVD GitHub
CVSS 3.1
6.3
EPSS
2.7%
CVE-2021-41089 Go MEDIUM PATCH This Month

Moby is an open-source project created by Docker to enable software containerization. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity.

Docker Information Disclosure Moby Fedora
NVD GitHub
CVSS 3.1
6.3
EPSS
0.3%
CVE-2021-41092 Go HIGH PATCH This Week

Docker CLI is the command line interface for the docker container runtime. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Docker Information Disclosure Command Line Interface Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-21681 Maven MEDIUM PATCH This Month

Jenkins Nomad Plugin 0.7.4 and earlier stores Docker passwords unencrypted in the global config.xml file on the Jenkins controller where they can be viewed by users with access to the Jenkins. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Docker Jenkins Information Disclosure Nomad
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-39159 PyPI CRITICAL PATCH Act Now

BinderHub is a kubernetes-based cloud service that allows users to share reproducible interactive computing environments from code repositories. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Docker Kubernetes RCE Code Injection Binderhub
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-37353 CRITICAL Act Now

Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in table_population.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker PHP SSRF Nagios Xi Docker Wizard
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2021-37841 HIGH This Week

Docker Desktop before 3.6.0 suffers from incorrect access control. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Docker Microsoft Information Disclosure Desktop
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-29742 HIGH PATCH This Week

IBM Security Verify Access Docker 10.0.0 could allow a user to impersonate another user on the system. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity.

Docker IBM Information Disclosure Security Verify Access
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2021-29699 MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Docker IBM File Upload Security Verify Access
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2021-20537 MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Docker IBM Authentication Bypass Security Verify Access
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-20534 LOW PATCH Monitor

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.

Docker IBM Open Redirect Security Verify Access
NVD
CVSS 3.1
3.5
EPSS
0.5%
CVE-2021-20533 HIGH PATCH This Week

IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Docker IBM Information Disclosure Security Verify Access
NVD
CVSS 3.1
7.2
EPSS
1.8%
CVE-2021-20524 MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Docker IBM XSS Security Verify Access
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-20523 LOW PATCH Monitor

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Docker IBM Information Disclosure Security Verify Access
NVD
CVSS 3.1
2.7
EPSS
1.0%
CVE-2021-20511 MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Docker IBM Path Traversal Security Verify Access
NVD
CVSS 3.1
4.9
EPSS
1.9%
CVE-2021-20510 MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Docker IBM Information Disclosure Security Verify Access
NVD
CVSS 3.1
4.4
EPSS
0.5%
CVE-2021-20500 MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Docker IBM Information Disclosure Security Verify Access
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2021-20499 LOW PATCH Monitor

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Docker IBM Information Disclosure Security Verify Access
NVD
CVSS 3.1
2.7
EPSS
1.0%
CVE-2021-20498 MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requests that could be used in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Docker IBM Information Disclosure Security Verify Access
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-20497 HIGH PATCH This Week

IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Docker IBM Information Disclosure Security Verify Access
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-20496 MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Docker IBM Authentication Bypass Security Verify Access
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2021-20439 HIGH PATCH This Week

IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Docker IBM Authentication Bypass Security Access Manager Security Verify Access
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-33183 HIGH This Week

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability container volume management component in Synology Docker before 18.09.0-0515 allows local users to read or. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. No vendor patch available.

Synology Docker Path Traversal
NVD
CVSS 3.1
7.9
EPSS
0.3%
CVE-2021-1560 HIGH This Week

Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected device. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Docker Command Injection Dna Spaces
NVD
CVSS 3.1
7.2
EPSS
2.7%
CVE-2021-1559 HIGH This Week

Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected device. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Docker Command Injection Dna Spaces
NVD
CVSS 3.1
7.2
EPSS
2.7%
CVE-2021-29475 CRITICAL PATCH Act Now

HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Docker RCE Code Injection Hedgedoc
NVD GitHub
CVSS 3.1
10.0
EPSS
1.2%
CVE-2021-29641 HIGH POC This Week

Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Docker RCE PHP Apache File Upload +1
NVD
CVSS 3.1
8.8
EPSS
4.9%
CVE-2021-29251 MEDIUM This Month

BTCPay Server before 1.0.7.1 mishandles the policy setting in which users can register (in Server Settings > Policies). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Information Disclosure Btcpay Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-21979 HIGH POC This Week

In Bitnami Containers, all Laravel container versions prior to: 6.20.0-debian-10-r107 for Laravel 6, 7.30.1-debian-10-r108 for Laravel 7 and 8.5.11-debian-10-r0 for Laravel 8, the file /tmp/app/.env. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Debian Docker PHP Authentication Bypass Containers
NVD GitHub
CVSS 3.1
7.3
EPSS
0.6%
CVE-2021-27886 CRITICAL PATCH Act Now

rakibtg Docker Dashboard before 2021-02-28 allows command injection in backend/utilities/terminal.js via shell metacharacters in the command parameter of an API request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Docker Command Injection Docker Dashboard
NVD GitHub
CVSS 3.1
9.8
EPSS
45.6%
CVE-2021-20182 HIGH PATCH This Week

A privilege escalation flaw was found in openshift4/ose-docker-builder. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Docker Privilege Escalation Path Traversal Information Disclosure Openshift Container Platform
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-21285 Go MEDIUM PATCH This Month

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Docker Denial Of Service Debian Linux E Series Santricity Os Controller
NVD GitHub
CVSS 3.1
6.5
EPSS
3.3%
CVE-2021-21284 Go MEDIUM PATCH This Month

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Docker Privilege Escalation Path Traversal Debian Linux E Series Santricity Os Controller
NVD GitHub
CVSS 3.1
6.8
EPSS
1.1%
CVE-2021-3193 CRITICAL Act Now

Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Apache Information Disclosure Nagios Xi
NVD
CVSS 3.1
9.8
EPSS
9.8%
CVE-2021-3162 HIGH This Week

Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Docker Apple Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1645 MEDIUM This Month

Windows Docker Information Disclosure Vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Docker Microsoft Information Disclosure Windows 10 Windows Server 2016 +1
NVD
CVSS 3.1
5.0
EPSS
7.3%
CVE-2020-27534 Go MEDIUM PATCH This Month

util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Path Traversal
NVD GitHub
CVSS 3.1
5.3
EPSS
1.7%
CVE-2020-35197 CRITICAL Act Now

The official memcached docker images before 1.5.11-alpine (Alpine specific) contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Memcached Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-35196 CRITICAL Act Now

The official rabbitmq docker images before 3.7.13-beta.1-management-alpine (Alpine specific) contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Rabbitmq Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-35195 CRITICAL Act Now

The official haproxy docker images before 1.8.18-alpine (Alpine specific) contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Haproxy Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-35192 CRITICAL Act Now

The official vault docker images before 0.11.6 contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Docker Authentication Bypass Vault
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-35191 CRITICAL Act Now

The official drupal docker images before 8.5.10-fpm-alpine (Alpine specific) contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Drupal Docker Images
NVD GitHub
CVSS 3.1
9.8
EPSS
4.6%
CVE-2020-35190 CRITICAL Act Now

The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Plone
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-35186 CRITICAL Act Now

The official adminer docker images before 4.7.0-fastcgi contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Adminer
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-35184 CRITICAL Act Now

The official composer docker images before 1.8.3 contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Composer Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
3.0%
CVE-2020-35189 CRITICAL Act Now

The official kong docker images before 1.0.2-alpine (Alpine specific) contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Kong Alpine Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-35187 CRITICAL Act Now

The official telegraf docker images before 1.9.4-alpine (Alpine specific) contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Telegraf
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-35185 CRITICAL Act Now

The official ghost docker images before 2.16.1-alpine (Alpine specific) contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Ghost Alpine Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
EPSS 0% CVSS 7.1
HIGH This Week

Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Docker +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Docker Docker Desktop
NVD
EPSS 72% CVSS 10.0
CRITICAL POC THREAT Act Now

homeassistant is an open source home automation tool. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Authentication Bypass Docker +2
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

mailcow is a dockerized email package, with multiple containers linked in one bridged network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

OpenSSL Command Injection Docker +1
NVD GitHub
EPSS 9% CVSS 9.1
CRITICAL POC Act Now

Docker based datastores for IBM Instana (IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0) do not currently require authentication. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Docker Authentication Bypass IBM +1
NVD Exploit-DB
EPSS 1% CVSS 7.5
HIGH PATCH This Week

CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Docker Ckan
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Izanami is a shared configuration service well-suited for micro-service architecture implementation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Docker Izanami
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Canarytokens is an open source tool which helps track activity and actions on your network. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Docker Canarytokens
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Akeneo PIM is an open source Product Information Management (PIM). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apache PHP Code Injection +3
NVD GitHub
EPSS 3% CVSS 6.3
MEDIUM POC PATCH This Month

The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Docker Python Command Injection +8
NVD GitHub
EPSS 1% CVSS 7.4
HIGH POC PATCH This Week

knative.dev/func is is a client library and CLI enabling the development and deployment of Kubernetes functions. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Docker Information Disclosure Kubernetes +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Jenkins +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Buffer Overflow Software For Open Networking In The Cloud
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Owncloud
NVD
EPSS 1% CVSS 9.9
CRITICAL PATCH Act Now

GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Docker Command Injection Runner
NVD GitHub
EPSS 2% CVSS 9.9
CRITICAL POC PATCH Act Now

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Docker Code Injection Onedev
NVD GitHub
EPSS 1% CVSS 6.3
MEDIUM PATCH This Month

Moby is an open-source project created by Docker to enable software containerization. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Docker Moby +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

OS Command Injection vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to execute arbitrary OS commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Docker Command Injection +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Information Exposure Through an Error Message vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to gain sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Docker +1
NVD
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

Dell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an authentication bypass vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Docker Dell Authentication Bypass +1
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Docker +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Dell PowerProtect Cyber Recovery, versions prior to 19.11, contain a privilege escalation vulnerability on virtual appliance deployments. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Dell Docker +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Wire is a secure messaging application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Docker +1
NVD GitHub
EPSS 1% CVSS 6.7
MEDIUM PATCH This Month

Executive Summary An Elevation of Privilege (EOP) vulnerability has been identified within Service Fabric clusters that run Docker containers. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

RCE Docker Service Fabric
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

EdgeX Foundry is an open source project for building a common open framework for Internet of Things edge computing. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Docker Information Disclosure Edgex Foundry
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Debian Docker +1
NVD GitHub
EPSS 4% CVSS 8.8
HIGH PATCH This Week

GoCD is a continuous delivery server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Docker +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A vulnerability in which attackers could forge HTTP requests to manipulate the `charm` data directory to access or delete anything on the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Docker Charm
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

wire-webapp is the web application interface for the wire messaging service. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Docker +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Docker Cri O +3
NVD GitHub
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Docker Buildah +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A flaw was found in crun where containers were incorrectly started with non-empty default permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Docker Crun +3
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Docker Podman +13
NVD GitHub
EPSS 0% CVSS 7.1
HIGH This Week

Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Docker +1
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Moby is an open-source project created by Docker to enable and accelerate software containerization. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Docker Moby +3
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Microsoft Docker
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Wiki.js is a wiki app built on Node.js. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Node.js Docker XSS +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting from 13.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Denial Of Service Gitlab
NVD
EPSS 2% CVSS 9.0
CRITICAL POC Act Now

This affects all versions of package docker-cli-js. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Docker Command Injection Docker Cli Js
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Teamcity
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Extensible Service Proxy, a.k.a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Google Docker Authentication Bypass +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

The FTL Server (tibftlserver) and Docker images containing tibftlserver components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, TIBCO. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Docker Privilege Escalation Activespaces +2
NVD
EPSS 3% CVSS 6.3
MEDIUM PATCH This Month

Moby is an open-source project created by Docker to enable software containerization. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity.

Docker Information Disclosure Moby +1
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Moby is an open-source project created by Docker to enable software containerization. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity.

Docker Information Disclosure Moby +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Docker CLI is the command line interface for the docker container runtime. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Docker Information Disclosure Command Line Interface +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Jenkins Nomad Plugin 0.7.4 and earlier stores Docker passwords unencrypted in the global config.xml file on the Jenkins controller where they can be viewed by users with access to the Jenkins. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Docker Jenkins Information Disclosure +1
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

BinderHub is a kubernetes-based cloud service that allows users to share reproducible interactive computing environments from code repositories. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Docker Kubernetes RCE +2
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL Act Now

Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in table_population.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker PHP SSRF +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Docker Desktop before 3.6.0 suffers from incorrect access control. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Docker Microsoft Information Disclosure +1
NVD
EPSS 0% CVSS 8.0
HIGH PATCH This Week

IBM Security Verify Access Docker 10.0.0 could allow a user to impersonate another user on the system. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity.

Docker IBM Information Disclosure +1
NVD
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Docker IBM File Upload +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Docker IBM Authentication Bypass +1
NVD
EPSS 1% CVSS 3.5
LOW PATCH Monitor

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.

Docker IBM Open Redirect +1
NVD
EPSS 2% CVSS 7.2
HIGH PATCH This Week

IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Docker IBM Information Disclosure +1
NVD
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Docker IBM XSS +1
NVD
EPSS 1% CVSS 2.7
LOW PATCH Monitor

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Docker IBM Information Disclosure +1
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Docker IBM Path Traversal +1
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Docker IBM Information Disclosure +1
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Docker IBM Information Disclosure +1
NVD
EPSS 1% CVSS 2.7
LOW PATCH Monitor

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Docker IBM Information Disclosure +1
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requests that could be used in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Docker IBM Information Disclosure +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Docker IBM Information Disclosure +1
NVD
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Docker IBM Authentication Bypass +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Docker IBM Authentication Bypass +2
NVD
EPSS 0% CVSS 7.9
HIGH This Week

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability container volume management component in Synology Docker before 18.09.0-0515 allows local users to read or. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. No vendor patch available.

Synology Docker Path Traversal
NVD
EPSS 3% CVSS 7.2
HIGH This Week

Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected device. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Docker Command Injection +1
NVD
EPSS 3% CVSS 7.2
HIGH This Week

Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected device. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Docker Command Injection +1
NVD
EPSS 1% CVSS 10.0
CRITICAL PATCH Act Now

HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Docker RCE Code Injection +1
NVD GitHub
EPSS 5% CVSS 8.8
HIGH POC This Week

Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Docker RCE PHP +3
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

BTCPay Server before 1.0.7.1 mishandles the policy setting in which users can register (in Server Settings > Policies). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Information Disclosure Btcpay Server
NVD GitHub
EPSS 1% CVSS 7.3
HIGH POC This Week

In Bitnami Containers, all Laravel container versions prior to: 6.20.0-debian-10-r107 for Laravel 6, 7.30.1-debian-10-r108 for Laravel 7 and 8.5.11-debian-10-r0 for Laravel 8, the file /tmp/app/.env. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Debian Docker PHP +2
NVD GitHub
EPSS 46% CVSS 9.8
CRITICAL PATCH Act Now

rakibtg Docker Dashboard before 2021-02-28 allows command injection in backend/utilities/terminal.js via shell metacharacters in the command parameter of an API request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Docker Command Injection Docker Dashboard
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A privilege escalation flaw was found in openshift4/ose-docker-builder. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Docker Privilege Escalation Path Traversal +2
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Docker Denial Of Service Debian Linux +1
NVD GitHub
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Docker Privilege Escalation Path Traversal +2
NVD GitHub
EPSS 10% CVSS 9.8
CRITICAL Act Now

Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Apache Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Docker Apple Privilege Escalation
NVD
EPSS 7% CVSS 5.0
MEDIUM This Month

Windows Docker Information Disclosure Vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Docker Microsoft Information Disclosure +3
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Path Traversal
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

The official memcached docker images before 1.5.11-alpine (Alpine specific) contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Memcached Docker Image
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

The official rabbitmq docker images before 3.7.13-beta.1-management-alpine (Alpine specific) contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Rabbitmq Docker Image
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

The official haproxy docker images before 1.8.18-alpine (Alpine specific) contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Haproxy Docker Image
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL Act Now

The official vault docker images before 0.11.6 contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Docker Authentication Bypass +1
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL Act Now

The official drupal docker images before 8.5.10-fpm-alpine (Alpine specific) contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Drupal Docker Images
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Plone
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL Act Now

The official adminer docker images before 4.7.0-fastcgi contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Adminer
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL Act Now

The official composer docker images before 1.8.3 contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Composer Docker Image
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

The official kong docker images before 1.0.2-alpine (Alpine specific) contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Kong Alpine Docker Image
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

The official telegraf docker images before 1.9.4-alpine (Alpine specific) contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Telegraf
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL Act Now

The official ghost docker images before 2.16.1-alpine (Alpine specific) contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Ghost Alpine Docker Image
NVD GitHub
Prev Page 8 of 10 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy