Skip to main content

Docker

820 CVEs product

Monthly

CVE-2020-35469 CRITICAL Act Now

The Software AG Terracotta Server OSS Docker image 5.4.1 contains a blank password for the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Terracotta Server Oss
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-35468 CRITICAL Act Now

The Appbase streams Docker image 2.1.2 contains a blank password for the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Streams
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-35193 CRITICAL Act Now

The official sonarqube docker images before alpine (Alpine specific) contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Sonarqube Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-35467 CRITICAL Act Now

The Docker Docs Docker image through 2020-12-14 contains a blank password for the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Docs
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-35466 CRITICAL Act Now

The Blackfire Docker image through 2020-12-14 contains a blank password for the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Blackfire Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-35464 CRITICAL Act Now

Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank password for the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Cloud Agent
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-35463 CRITICAL Act Now

Version 1.0.0 of the Instana Dynamic APM Docker image contains a blank password for the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Dynamic Apm
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-35462 CRITICAL Act Now

Version 3.16.0 of the CoScale agent Docker image contains a blank password for the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Coscale Agent
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-29591 CRITICAL Act Now

Versions of the Official registry Docker images through 2.7.0 contain a blank password for the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Docker Brute Force Registry
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-29602 CRITICAL Act Now

The official irssi docker images before 1.1-alpine (Alpine specific) contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-29601 CRITICAL Act Now

The official notary docker images before signer-0.6.1-1 contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Notary Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-29581 CRITICAL Act Now

The official spiped docker images before 1.5-alpine contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Spiped Alpine Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-29580 CRITICAL Act Now

The official storm Docker images before 1.2.1 contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Storm Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-29579 CRITICAL Act Now

The official Express Gateway Docker images before 1.14.0 contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Express Gateway Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-29577 CRITICAL Act Now

The official znc docker images before 1.7.1-slim contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Znc Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-29576 CRITICAL Act Now

The official eggdrop Docker images before 1.8.4rc2 contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Eggdrop Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
3.0%
CVE-2020-29575 CRITICAL Act Now

The official elixir Docker images before 1.8.0-alpine (Alpine specific) contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Elixir Alpine Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-29564 CRITICAL Act Now

The official Consul Docker images 0.7.1 through 1.4.2 contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Consul Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
6.2%
CVE-2020-29578 CRITICAL Act Now

The official piwik Docker images before fpm-alpine (Alpine specific) contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Piwik Fpm Alpine Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-8564 Go MEDIUM PATCH This Month

In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Kubernetes Docker Information Disclosure
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-29389 CRITICAL Act Now

The official Crux Linux Docker images 3.0 through 3.4 contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Crux Linux Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-15257 Go MEDIUM PATCH This Month

containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity.

Kubernetes Microsoft Docker Information Disclosure Containerd +2
NVD GitHub
CVSS 3.1
5.2
EPSS
3.2%
CVE-2020-28348 Go MEDIUM PATCH This Month

HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Docker Path Traversal Nomad
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-26213 Go HIGH PATCH This Week

In teler before version 0.0.1, if you run teler inside a Docker container and encounter `errors.Exit` function, it will cause denial-of-service (`SIGSEGV`) because it doesn't get process ID and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Docker Teler
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-15157 Go MEDIUM PATCH This Month

In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Kubernetes Docker Information Disclosure Containerd Ubuntu Linux +1
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2020-13347 CRITICAL Act Now

A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Microsoft Docker Gitlab Path Traversal
NVD
CVSS 3.1
9.1
EPSS
2.3%
CVE-2020-3393 HIGH This Week

A vulnerability in the application-hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Docker Apple Ios Xe
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-14370 Go MEDIUM PATCH This Month

An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Docker Information Disclosure Podman Openshift Container Platform Enterprise Linux +1
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-15590 HIGH POC This Week

A vulnerability in the Private Internet Access (PIA) VPN Client for Linux 1.5 through 2.3+ allows remote attackers to bypass an intended VPN kill switch mechanism and read sensitive information via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Docker Linux Authentication Bypass Private Internet Access Vpn Client
NVD GitHub
CVSS 3.1
7.5
EPSS
2.5%
CVE-2020-14300 HIGH This Week

The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Docker Red Hat Enterprise Linux Server
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-14298 HIGH PATCH This Week

The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Information Disclosure Docker Red Hat Openshift Container Platform Enterprise Linux Server
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2020-15080 MEDIUM PATCH This Month

In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some files should not be in the release archive, and others should not be accessible. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Docker Information Disclosure Prestashop
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-15360 HIGH POC This Week

com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalation because of a lack of client verification. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Docker Privilege Escalation Authentication Bypass Docker Desktop
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-4062 CRITICAL PATCH Act Now

In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conjur Postgres database with an open port. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity.

Kubernetes Docker PostgreSQL Authentication Bypass Conjur Oss Helm Chart
NVD GitHub
CVSS 3.1
9.0
EPSS
1.4%
CVE-2020-8907 CRITICAL POC PATCH Act Now

A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Rated critical severity (CVSS 9.3), this vulnerability is low attack complexity. Public exploit code available.

Google Privilege Escalation Docker Guest Oslogin Leap
NVD GitHub
CVSS 4.0
9.3
EPSS
0.3%
CVE-2020-11492 HIGH This Week

An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Race Condition Microsoft Docker Information Disclosure Docker Desktop
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-13401 Go MEDIUM PATCH This Month

An issue was discovered in Docker Engine before 19.03.11. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Docker Engine Fedora Debian Linux +1
NVD GitHub
CVSS 3.1
6.0
EPSS
2.8%
CVE-2020-11878 CRITICAL Act Now

The Jitsi Meet (aka docker-jitsi-meet) stack on Docker before stable-4384-1 uses default passwords (such as passw0rd) for system accounts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Meet
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-11710 CRITICAL POC PATCH THREAT Act Now

An issue was discovered in docker-kong (for Kong) through 2.0.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Docker Information Disclosure Docker Kong
NVD GitHub
CVSS 3.1
9.8
EPSS
33.8%
CVE-2020-10952 MEDIUM This Month

GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Docker Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-5252 PyPI MEDIUM PATCH This Month

The command-line "safety" package for Python has a potential security issue. Rated medium severity (CVSS 4.1). No vendor patch available.

Python Docker Information Disclosure Safety
NVD GitHub
CVSS 3.1
4.1
EPSS
0.4%
CVE-2020-10665 MEDIUM POC This Month

Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Docker Desktop
NVD GitHub
CVSS 3.1
6.7
EPSS
1.4%
CVE-2020-7606 npm CRITICAL POC Act Now

docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Docker Docker Compose Remote Api
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-5239 HIGH This Week

In Mailu before version 1.7, an authenticated user can exploit a vulnerability in Mailu fetchmail script and gain full access to a Mailu instance. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Authentication Bypass Mailu
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-8945 Go HIGH POC PATCH This Week

The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Use After Free Memory Corruption Docker RCE Gpgme +8
NVD GitHub
CVSS 3.1
7.5
EPSS
5.1%
CVE-2019-16884 Go HIGH POC PATCH This Week

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Docker Runc Fedora Leap +6
NVD GitHub
CVSS 3.1
7.5
EPSS
4.4%
CVE-2019-15752 HIGH POC KEV THREAT Act Now

Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Docker Information Disclosure Geode
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
29.6%
CVE-2019-13139 HIGH POC PATCH This Week

In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Docker Command Injection
NVD GitHub
CVSS 3.0
8.4
EPSS
2.0%
CVE-2019-14806 PyPI HIGH PATCH This Week

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Docker Information Disclosure Werkzeug Leap
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2019-14271 Go CRITICAL PATCH Act Now

In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Docker Debian Linux Leap
NVD GitHub
CVSS 3.1
9.8
EPSS
18.8%
CVE-2019-1020014 MEDIUM PATCH This Month

docker-credential-helpers before 0.6.3 has a double free in the List functions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Docker Information Disclosure Credential Helpers Fedora Ubuntu Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-13509 Go HIGH PATCH This Week

In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure
NVD
CVSS 3.0
7.5
EPSS
3.7%
CVE-2019-10342 Maven MEDIUM PATCH This Month

A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Docker Jenkins
NVD
CVSS 3.1
4.3
EPSS
1.4%
CVE-2019-10341 Maven MEDIUM PATCH This Month

A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Docker Jenkins
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2019-10340 Maven HIGH PATCH This Week

A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Jenkins CSRF
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-5021 CRITICAL POC Act Now

Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Docker Information Disclosure Docker Alpine Leap Big Ip Controller
NVD
CVSS 3.1
9.8
EPSS
6.3%
CVE-2019-1003065 Maven HIGH This Week

Jenkins CloudShare Docker-Machine Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Jenkins Information Disclosure Cloudshare Docker Machine
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-0204 Maven HIGH PATCH This Week

A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Docker Apache Mesos Fuse
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2019-5736 HIGH POC PATCH THREAT Act Now

runc through version 1.0-rc6 (used in Docker before 18.09.2) contains a container escape vulnerability that allows attackers to overwrite the host runc binary. By exploiting a race condition during container exec, a malicious container process can gain root access to the host system, breaking the fundamental container isolation boundary.

Docker
NVD GitHub Exploit-DB
CVSS 3.1
8.6
EPSS
59.2%
Threat
7.0
CVE-2018-18548 PyPI MEDIUM POC This Month

ajenticp (aka Ajenti Docker control panel) for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Docker Ajenticp
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
3.6%
CVE-2018-3213 HIGH POC PATCH This Week

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Docker Images). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Oracle Authentication Bypass Docker Weblogic Server
NVD
CVSS 3.0
7.5
EPSS
4.4%
CVE-2018-12608 Go HIGH PATCH This Week

An issue was discovered in Docker Moby before 17.06.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Docker Moby
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-16398 HIGH PATCH This Week

In Twistlock AuthZ Broker 0.1, regular expressions are mishandled, as demonstrated by containers/aa/pause?aaa=\/start to bypass a policy in which "docker start" is allowed but "docker pause" is not. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Docker Authz Broker
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-15514 HIGH POC This Week

HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Deserialization Docker
NVD
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-11757 CRITICAL PATCH Act Now

In Docker Skeleton Runtime for Apache OpenWhisk, a Docker action inheriting the Docker tag openwhisk/dockerskeleton:1.3.0 (or earlier) may allow an attacker to replace the user function inside the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Docker Openwhisk
NVD GitHub
CVSS 3.0
9.8
EPSS
6.9%
CVE-2018-11756 CRITICAL PATCH Act Now

In PHP Runtime for Apache OpenWhisk, a Docker action inheriting one of the Docker tags openwhisk/action-php-v7.2:1.0.0 or openwhisk/action-php-v7.1:1.0.1 (or earlier) may allow an attacker to replace. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Docker PHP Openwhisk
NVD GitHub
CVSS 3.0
9.8
EPSS
8.2%
CVE-2018-10892 MEDIUM This Month

The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Docker Moby Openstack Enterprise Linux +2
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2018-1277 MEDIUM This Month

Cloud Foundry Garden-runC, versions prior to 1.13.0, does not correctly enforce disc quotas for Docker image layers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Docker Garden Runc Cf Deployment
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-10205 MEDIUM This Month

hyperstart 1.0.0 in HyperHQ Hyper has memory leaks in the container_setup_modules and hyper_rescan_scsi functions in container.c, related to runV 1.0.0 for Docker. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Docker Hyperstart
NVD GitHub
CVSS 3.0
5.3
EPSS
1.4%
CVE-2018-9862 HIGH PATCH This Week

util.c in runV 1.0.0 for Docker mishandles a numeric username, which allows attackers to obtain root access by leveraging the presence of an initial numeric value on an /etc/passwd line, and then. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Docker Runv
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-8059 HIGH This Week

The Djelibeybi configuration examples for use of NGINX in SUSE Portus 2.3, when applied to certain configurations involving Docker Compose, have a Missing SSL Certificate Validation issue because no. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Docker Nginx Portus
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-16539 Go MEDIUM PATCH This Month

The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Docker Information Disclosure Moby
NVD GitHub
CVSS 3.1
5.9
EPSS
0.4%
CVE-2017-14992 Go MEDIUM PATCH This Month

Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Docker
NVD GitHub
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-10940 HIGH Act Now

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Joyent Smart Data Center prior to agentsshar@1.0.0-release-20160901-20160901T051624Z-g3fd5adf. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 14.0% and no vendor patch available.

Path Traversal Docker RCE Triton Datacenter
NVD
CVSS 3.0
8.8
EPSS
14.0%
CVE-2014-0047 HIGH This Week

Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Docker Information Disclosure
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-1000094 Maven MEDIUM PATCH This Month

Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Docker Information Disclosure Docker Commons
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-11468 Go HIGH PATCH This Week

Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Docker Docker Registry Enterprise Linux Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2017-7669 Maven HIGH PATCH This Week

In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Docker Apache Information Disclosure Hadoop
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-0761 CRITICAL Act Now

Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runtime 1.6.x version prior to 1.6.17 contain a flaw in managing container files during Docker image preparation that could be used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Elastic Information Disclosure Garden Linux Cloud Foundry Elastic Runtime
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2017-7412 HIGH PATCH This Week

NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which allows local users to gain privileges by executing docker commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Docker Information Disclosure Nixos
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2017-6507 MEDIUM PATCH This Month

An issue was discovered in AppArmor before 2.12. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Docker Privilege Escalation Apparmor Ubuntu Core Ubuntu Touch
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2016-8954 CRITICAL PATCH Act Now

IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Docker IBM Authentication Bypass Dashdb Local
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2016-9962 Go MEDIUM PATCH This Month

RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. Rated medium severity (CVSS 6.4).

Race Condition Information Disclosure Docker
NVD GitHub
CVSS 3.0
6.4
EPSS
0.1%
CVE-2016-6595 MEDIUM This Month

The SwarmKit toolkit 1.12.0 for Docker allows remote authenticated users to cause a denial of service (prevention of cluster joins) via a long sequence of join and quit actions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Denial Of Service
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2016-9223 CRITICAL Act Now

A vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator (CCO; formerly CliQr) could allow an unauthenticated, remote attacker to install Docker containers with high. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Cisco Privilege Escalation Cloudcenter Orchestrator
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2016-8867 HIGH This Week

Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Privilege Escalation
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-3738 HIGH This Week

Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Red Hat Privilege Escalation Openshift
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2016-3697 Go HIGH PATCH This Week

libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Docker Privilege Escalation Runc Opensuse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2015-3631 Go LOW PATCH Monitor

Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity.

Docker Privilege Escalation
NVD
CVSS 2.0
3.6
EPSS
0.1%
CVE-2015-3630 Go HIGH PATCH This Week

Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Docker Privilege Escalation
NVD
CVSS 2.0
7.2
EPSS
0.1%
EPSS 2% CVSS 9.8
CRITICAL Act Now

The Software AG Terracotta Server OSS Docker image 5.4.1 contains a blank password for the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Terracotta Server Oss
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

The Appbase streams Docker image 2.1.2 contains a blank password for the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Streams
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

The official sonarqube docker images before alpine (Alpine specific) contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Sonarqube Docker Image
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

The Docker Docs Docker image through 2020-12-14 contains a blank password for the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Docs
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

The Blackfire Docker image through 2020-12-14 contains a blank password for the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Blackfire Docker Image
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank password for the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Cloud Agent
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

Version 1.0.0 of the Instana Dynamic APM Docker image contains a blank password for the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Dynamic Apm
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

Version 3.16.0 of the CoScale agent Docker image contains a blank password for the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Coscale Agent
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL Act Now

Versions of the Official registry Docker images through 2.7.0 contain a blank password for the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Docker Brute Force +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

The official irssi docker images before 1.1-alpine (Alpine specific) contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Docker Image
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

The official notary docker images before signer-0.6.1-1 contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Notary Docker Image
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

The official spiped docker images before 1.5-alpine contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Spiped Alpine Docker Image
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

The official storm Docker images before 1.2.1 contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Storm Docker Image
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

The official Express Gateway Docker images before 1.14.0 contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Express Gateway Docker Image
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

The official znc docker images before 1.7.1-slim contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Znc Docker Image
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL Act Now

The official eggdrop Docker images before 1.8.4rc2 contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Eggdrop Docker Image
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL Act Now

The official elixir Docker images before 1.8.0-alpine (Alpine specific) contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Elixir Alpine Docker Image
NVD GitHub
EPSS 6% CVSS 9.8
CRITICAL Act Now

The official Consul Docker images 0.7.1 through 1.4.2 contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Consul Docker Image
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

The official piwik Docker images before fpm-alpine (Alpine specific) contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Piwik Fpm Alpine Docker Image
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Kubernetes Docker Information Disclosure
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

The official Crux Linux Docker images 3.0 through 3.4 contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Crux Linux Docker Image
NVD GitHub
EPSS 3% CVSS 5.2
MEDIUM PATCH This Month

containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity.

Kubernetes Microsoft Docker +4
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Docker Path Traversal +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

In teler before version 0.0.1, if you run teler inside a Docker container and encounter `errors.Exit` function, it will cause denial-of-service (`SIGSEGV`) because it doesn't get process ID and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Docker +1
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Kubernetes Docker Information Disclosure +3
NVD GitHub
EPSS 2% CVSS 9.1
CRITICAL Act Now

A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Microsoft Docker +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability in the application-hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Docker +2
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Docker Information Disclosure Podman +3
NVD
EPSS 3% CVSS 7.5
HIGH POC This Week

A vulnerability in the Private Internet Access (PIA) VPN Client for Linux 1.5 through 2.3+ allows remote attackers to bypass an intended VPN kill switch mechanism and read sensitive information via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Docker Linux Authentication Bypass +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Docker Red Hat +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Information Disclosure Docker Red Hat +2
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some files should not be in the release archive, and others should not be accessible. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Docker Information Disclosure Prestashop
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalation because of a lack of client verification. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Docker Privilege Escalation Authentication Bypass +1
NVD
EPSS 1% CVSS 9.0
CRITICAL PATCH Act Now

In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conjur Postgres database with an open port. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity.

Kubernetes Docker PostgreSQL +2
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL POC PATCH Act Now

A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Rated critical severity (CVSS 9.3), this vulnerability is low attack complexity. Public exploit code available.

Google Privilege Escalation Docker +2
NVD GitHub
EPSS 1% CVSS 7.8
HIGH This Week

An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Race Condition Microsoft Docker +2
NVD
EPSS 3% CVSS 6.0
MEDIUM PATCH This Month

An issue was discovered in Docker Engine before 19.03.11. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Docker Engine +3
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

The Jitsi Meet (aka docker-jitsi-meet) stack on Docker before stable-4384-1 uses default passwords (such as passw0rd) for system accounts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Meet
NVD GitHub
EPSS 34% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

An issue was discovered in docker-kong (for Kong) through 2.0.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Docker Information Disclosure Docker Kong
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Docker Information Disclosure
NVD
EPSS 0% CVSS 4.1
MEDIUM PATCH This Month

The command-line "safety" package for Python has a potential security issue. Rated medium severity (CVSS 4.1). No vendor patch available.

Python Docker Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 6.7
MEDIUM POC This Month

Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Docker +1
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Docker Docker Compose Remote Api
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In Mailu before version 1.7, an authenticated user can exploit a vulnerability in Mailu fetchmail script and gain full access to a Mailu instance. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Authentication Bypass Mailu
NVD GitHub
EPSS 5% CVSS 7.5
HIGH POC PATCH This Week

The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Use After Free Memory Corruption Docker +10
NVD GitHub
EPSS 4% CVSS 7.5
HIGH POC PATCH This Week

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Docker Runc +8
NVD GitHub
EPSS 30% CVSS 7.8
HIGH POC KEV THREAT Act Now

Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Docker Information Disclosure Geode
NVD Exploit-DB
EPSS 2% CVSS 8.4
HIGH POC PATCH This Week

In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Docker Command Injection
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Docker Information Disclosure Werkzeug +1
NVD GitHub
EPSS 19% CVSS 9.8
CRITICAL PATCH Act Now

In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Docker Debian Linux +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

docker-credential-helpers before 0.6.3 has a double free in the List functions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Docker Information Disclosure Credential Helpers +2
NVD GitHub
EPSS 4% CVSS 7.5
HIGH PATCH This Week

In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Docker Jenkins
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Docker Jenkins
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Jenkins CSRF
NVD
EPSS 6% CVSS 9.8
CRITICAL POC Act Now

Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Docker Information Disclosure Docker Alpine +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Jenkins CloudShare Docker-Machine Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Jenkins Information Disclosure +1
NVD
EPSS 3% CVSS 7.8
HIGH PATCH This Week

A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Docker Apache +2
NVD
EPSS 59% 7.0 CVSS 8.6
HIGH POC PATCH THREAT Act Now

runc through version 1.0-rc6 (used in Docker before 18.09.2) contains a container escape vulnerability that allows attackers to overwrite the host runc binary. By exploiting a race condition during container exec, a malicious container process can gain root access to the host system, breaking the fundamental container isolation boundary.

Docker
NVD GitHub Exploit-DB
EPSS 4% CVSS 6.1
MEDIUM POC This Month

ajenticp (aka Ajenti Docker control panel) for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Docker Ajenticp
NVD Exploit-DB
EPSS 4% CVSS 7.5
HIGH POC PATCH This Week

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Docker Images). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Oracle Authentication Bypass Docker +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Docker Moby before 17.06.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Docker +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

In Twistlock AuthZ Broker 0.1, regular expressions are mishandled, as demonstrated by containers/aa/pause?aaa=\/start to bypass a policy in which "docker start" is allowed but "docker pause" is not. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Docker Authz Broker
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Deserialization Docker
NVD
EPSS 7% CVSS 9.8
CRITICAL PATCH Act Now

In Docker Skeleton Runtime for Apache OpenWhisk, a Docker action inheriting the Docker tag openwhisk/dockerskeleton:1.3.0 (or earlier) may allow an attacker to replace the user function inside the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Docker +1
NVD GitHub
EPSS 8% CVSS 9.8
CRITICAL PATCH Act Now

In PHP Runtime for Apache OpenWhisk, a Docker action inheriting one of the Docker tags openwhisk/action-php-v7.2:1.0.0 or openwhisk/action-php-v7.1:1.0.1 (or earlier) may allow an attacker to replace. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Docker +2
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Docker Moby +4
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

Cloud Foundry Garden-runC, versions prior to 1.13.0, does not correctly enforce disc quotas for Docker image layers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Docker Garden Runc +1
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

hyperstart 1.0.0 in HyperHQ Hyper has memory leaks in the container_setup_modules and hyper_rescan_scsi functions in container.c, related to runV 1.0.0 for Docker. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Docker Hyperstart
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

util.c in runV 1.0.0 for Docker mishandles a numeric username, which allows attackers to obtain root access by leveraging the presence of an initial numeric value on an /etc/passwd line, and then. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Docker Runv
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

The Djelibeybi configuration examples for use of NGINX in SUSE Portus 2.3, when applied to certain configurations involving Docker Compose, have a Missing SSL Certificate Validation issue because no. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Docker Nginx +1
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Docker Information Disclosure Moby
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Docker
NVD GitHub
EPSS 14% CVSS 8.8
HIGH Act Now

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Joyent Smart Data Center prior to agentsshar@1.0.0-release-20160901-20160901T051624Z-g3fd5adf. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 14.0% and no vendor patch available.

Path Traversal Docker RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Docker Information Disclosure
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Docker Information Disclosure Docker Commons
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Docker Docker Registry +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Docker Apache Information Disclosure +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runtime 1.6.x version prior to 1.6.17 contain a flaw in managing container files during Docker image preparation that could be used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Elastic Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which allows local users to gain privileges by executing docker commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Docker Information Disclosure Nixos
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

An issue was discovered in AppArmor before 2.12. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Docker Privilege Escalation Apparmor +2
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Docker IBM Authentication Bypass +1
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. Rated medium severity (CVSS 6.4).

Race Condition Information Disclosure Docker
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

The SwarmKit toolkit 1.12.0 for Docker allows remote authenticated users to cause a denial of service (prevention of cluster joins) via a long sequence of join and quit actions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Denial Of Service
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator (CCO; formerly CliQr) could allow an unauthenticated, remote attacker to install Docker containers with high. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Cisco Privilege Escalation +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Privilege Escalation
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Red Hat Privilege Escalation +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Docker Privilege Escalation Runc +1
NVD GitHub
EPSS 0% CVSS 3.6
LOW PATCH Monitor

Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity.

Docker Privilege Escalation
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Docker Privilege Escalation
NVD
Prev Page 9 of 10 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy