Vulnerabilities > Docker

DATE CVE VULNERABILITY TITLE RISK
2022-02-19 CVE-2022-25365 Unspecified vulnerability in Docker
Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files.
local
low complexity
docker
7.8
2022-02-01 CVE-2022-23774 Unspecified vulnerability in Docker Desktop
Docker Desktop before 4.4.4 on Windows allows attackers to move arbitrary files.
network
low complexity
docker
5.3
2022-01-12 CVE-2021-45449 Information Exposure Through Log Files vulnerability in Docker Desktop 4.3.0/4.3.1
Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user's machine during login.
local
low complexity
docker CWE-532
5.5
2021-10-04 CVE-2021-41092 Docker CLI is the command line interface for the docker container runtime.
network
low complexity
docker fedoraproject
7.5
2021-08-12 CVE-2021-37841 Incorrect Permission Assignment for Critical Resource vulnerability in Docker Desktop
Docker Desktop before 3.6.0 suffers from incorrect access control.
local
low complexity
docker CWE-732
7.8
2021-02-02 CVE-2021-21285 Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon.
network
low complexity
docker debian netapp CWE-754
6.5
2021-02-02 CVE-2021-21284 Path Traversal vulnerability in multiple products
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root.
low complexity
docker debian netapp CWE-22
6.8
2021-01-15 CVE-2021-3162 Improper Certificate Validation vulnerability in Docker
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
local
low complexity
docker CWE-295
7.8
2020-12-30 CVE-2020-27534 Path Traversal vulnerability in Docker
util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call.
network
low complexity
docker CWE-22
5.3
2020-12-17 CVE-2020-35197 Missing Authentication for Critical Function vulnerability in Docker Memcached Docker Image
The official memcached docker images before 1.5.11-alpine (Alpine specific) contain a blank password for a root user.
network
low complexity
docker CWE-306
critical
9.8