Vulnerabilities > Docker

DATE CVE VULNERABILITY TITLE RISK
2021-10-04 CVE-2021-41092 Information Exposure vulnerability in Docker Command Line Interface
Docker CLI is the command line interface for the docker container runtime.
network
low complexity
docker CWE-200
5.0
2021-02-02 CVE-2021-21285 Resource Exhaustion vulnerability in multiple products
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon.
4.3
2021-02-02 CVE-2021-21284 Path Traversal vulnerability in multiple products
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root.
low complexity
docker debian netapp CWE-22
2.7
2021-01-15 CVE-2021-3162 Improper Privilege Management vulnerability in Docker
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
local
low complexity
docker CWE-269
4.6
2020-12-30 CVE-2020-27534 Path Traversal vulnerability in Docker
util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call.
network
low complexity
docker CWE-22
5.0
2020-12-17 CVE-2020-35197 Missing Authentication for Critical Function vulnerability in Docker Memcached Docker Image
The official memcached docker images before 1.5.11-alpine (Alpine specific) contain a blank password for a root user.
network
low complexity
docker CWE-306
critical
10.0
2020-12-17 CVE-2020-35196 Missing Authentication for Critical Function vulnerability in Docker Rabbitmq Docker Image
The official rabbitmq docker images before 3.7.13-beta.1-management-alpine (Alpine specific) contain a blank password for a root user.
network
low complexity
docker CWE-306
critical
10.0
2020-12-17 CVE-2020-35195 Missing Authentication for Critical Function vulnerability in Docker Haproxy Docker Image
The official haproxy docker images before 1.8.18-alpine (Alpine specific) contain a blank password for a root user.
network
low complexity
docker CWE-306
critical
10.0
2020-12-17 CVE-2020-35186 Missing Authentication for Critical Function vulnerability in Docker Adminer
The official adminer docker images before 4.7.0-fastcgi contain a blank password for a root user.
network
low complexity
docker CWE-306
critical
10.0
2020-12-17 CVE-2020-35184 Missing Authentication for Critical Function vulnerability in Docker Composer Docker Image
The official composer docker images before 1.8.3 contain a blank password for a root user.
network
low complexity
docker CWE-306
critical
10.0