Vulnerabilities > Docker > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-09-25 CVE-2023-0626 Code Injection vulnerability in Docker Desktop
Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route. This issue affects Docker Desktop: before 4.12.0.
network
low complexity
docker CWE-94
critical
 9.8
9.8
2023-09-25 CVE-2023-0625 Code Injection vulnerability in Docker Desktop
Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: before 4.12.0.
network
low complexity
docker CWE-94
critical
 9.8
9.8
2020-12-17 CVE-2020-35184 Missing Authentication for Critical Function vulnerability in Docker Composer Docker Image
The official composer docker images before 1.8.3 contain a blank password for a root user.
network
low complexity
docker CWE-306
critical
 10.0
10
2020-12-17 CVE-2020-35186 Missing Authentication for Critical Function vulnerability in Docker Adminer
The official adminer docker images before 4.7.0-fastcgi contain a blank password for a root user.
network
low complexity
docker CWE-306
critical
 10.0
10
2020-12-17 CVE-2020-35195 Missing Authentication for Critical Function vulnerability in Docker Haproxy Docker Image
The official haproxy docker images before 1.8.18-alpine (Alpine specific) contain a blank password for a root user.
network
low complexity
docker CWE-306
critical
 10.0
10
2020-12-17 CVE-2020-35196 Missing Authentication for Critical Function vulnerability in Docker Rabbitmq Docker Image
The official rabbitmq docker images before 3.7.13-beta.1-management-alpine (Alpine specific) contain a blank password for a root user.
network
low complexity
docker CWE-306
critical
 10.0
10
2020-12-17 CVE-2020-35197 Missing Authentication for Critical Function vulnerability in Docker Memcached Docker Image
The official memcached docker images before 1.5.11-alpine (Alpine specific) contain a blank password for a root user.
network
low complexity
docker CWE-306
critical
 10.0
10
2020-12-17 CVE-2020-35185 Missing Authentication for Critical Function vulnerability in Docker Ghost Alpine Docker Image
The official ghost docker images before 2.16.1-alpine (Alpine specific) contain a blank password for a root user.
network
low complexity
docker CWE-306
critical
 10.0
10
2020-12-15 CVE-2020-35467 Missing Authentication for Critical Function vulnerability in Docker Docs
The Docker Docs Docker image through 2020-12-14 contains a blank password for the root user.
network
low complexity
docker CWE-306
critical
 10.0
10
2020-12-11 CVE-2020-29591 Weak Password Requirements vulnerability in Docker Registry
Versions of the Official registry Docker images through 2.7.0 contain a blank password for the root user.
network
low complexity
docker CWE-521
critical
 10.0
10