Aggregates CVE and security vulnerability intelligence across all Docker-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk input validation, vendor risk cross-site scripting, and vendor risk file inclusion; exposure may include vendor impact session compromise in vendor surface image processing contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2020-35195 | The official haproxy docker images before 1.8.18-alpine (Alpine specific) contain a blank password for a root user. System using the haproxy docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | [email protected] | 9.8 | 2.01% | 2020-12-17 | 2024-11-21 |
| CVE-2020-35186 | The official adminer docker images before 4.7.0-fastcgi contain a blank password for a root user. System using the adminer docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | [email protected] | 9.8 | 2.01% | 2020-12-17 | 2024-11-21 |
| CVE-2020-35184 | The official composer docker images before 1.8.3 contain a blank password for a root user. System using the composer docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | [email protected] | 9.8 | 2.01% | 2020-12-17 | 2024-11-21 |
| CVE-2020-35185 | The official ghost docker images before 2.16.1-alpine (Alpine specific) contain a blank password for a root user. System using the ghost docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | [email protected] | 9.8 | 2.01% | 2020-12-17 | 2024-11-21 |
| CVE-2020-35467 | The Docker Docs Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Docker Docs container may allow a remote attacker to achieve root access with a blank password. | [email protected] | 9.8 | 2.08% | 2020-12-15 | 2024-11-21 |
| CVE-2020-29591 | Versions of the Official registry Docker images through 2.7.0 contain a blank password for the root user. Systems deployed using affected versions of the registry container may allow a remote attacker to achieve root access with a blank password. | [email protected] | 9.8 | 2.66% | 2020-12-11 | 2024-11-21 |
| CVE-2020-29601 | The official notary docker images before signer-0.6.1-1 contain a blank password for a root user. System using the notary docker container deployed by affected versions of the docker image may allow an remote attacker to achieve root access with a blank password. | [email protected] | 9.8 | 2.07% | 2020-12-08 | 2024-11-21 |
| CVE-2020-29581 | The official spiped docker images before 1.5-alpine contain a blank password for a root user. Systems using the spiped docker container deployed by affected versions of the docker image may allow an remote attacker to achieve root access with a blank password. | [email protected] | 9.8 | 2.07% | 2020-12-08 | 2024-11-21 |
| CVE-2020-29580 | The official storm Docker images before 1.2.1 contain a blank password for a root user. Systems using the Storm Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password. | [email protected] | 9.8 | 2.07% | 2020-12-08 | 2024-11-21 |
| CVE-2020-29575 | The official elixir Docker images before 1.8.0-alpine (Alpine specific) contain a blank password for a root user. Systems using the elixir Linux Docker container deployed by affected versions of the Docker image may allow a remote attacker to achieve root access with a blank password. | [email protected] | 9.8 | 2.07% | 2020-12-08 | 2024-11-21 |
| CVE-2020-29389 | The official Crux Linux Docker images 3.0 through 3.4 contain a blank password for a root user. System using the Crux Linux Docker container deployed by affected versions of the Docker image may allow an attacker to achieve root access with a blank password. | [email protected] | 9.8 | 0.39% | 2020-12-02 | 2024-11-21 |
| CVE-2020-14300 | The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in that update was the fix for CVE-2016-9962, that was previously corrected in the docker packages in Red Hat Enterprise Linux 7 Extras via RHSA-2017:0116 (https://access.redhat.com/errata/RHSA-2017:0116). | [email protected] | 8.8 | 0.36% | 2020-07-13 | 2024-11-21 |
| CVE-2020-14298 | The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the container host and other containers running on the same host. This issue only affects docker version 1.13.1-108.git4ef4b30.el7, shipped in Red Hat Enterprise Linux 7 Extras. Both earlier and later versi | [email protected] | 8.8 | 0.14% | 2020-07-13 | 2024-11-21 |
| CVE-2020-15360 | com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalation because of a lack of client verification. | [email protected] | 7.8 | 0.06% | 2020-06-27 | 2024-11-21 |
| CVE-2020-11492 | An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. If a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a connection attempt from Docker Service (which runs as SYSTEM), and then impersonate their privileges. | [email protected] | 7.8 | 5.60% | 2020-06-05 | 2024-11-21 |
| CVE-2020-13401 | An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service. | [email protected] | 6.0 | 12.87% | 2020-06-02 | 2024-11-21 |
| CVE-2020-10665 | Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. This affects Docker Desktop Enterprise before 2.1.0.9, Docker Desktop for Windows Stable before 2.2.0.4, and Docker Desktop for Windows Edge before 2.2.2.0. | [email protected] | 6.7 | 0.60% | 2020-03-18 | 2024-11-21 |
| CVE-2014-5278 | A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs. | [email protected] | 5.3 | 0.30% | 2020-02-07 | 2024-11-21 |
| CVE-2014-0048 | An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways. | [email protected] | 9.8 | 3.32% | 2020-01-02 | 2024-11-21 |
| CVE-2014-8179 | Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation. | [email protected] | 7.5 | 1.60% | 2019-12-17 | 2024-11-21 |