📦

docker

Vendor: docker

Actively Exploited 1 CISA KEV List

PoC / Exploits 4 Code Available

Total RCEs 9 Remote Access

Total CVEs 124 Total Indexed

Avg. EPSS 4.74% Exploit Prob.

Latest CVE CVE-2022-34883 Sep 06

Security Vulnerability Index

Page 1 / 13

7.2 CVSS

CVE-2022-34883

RCE

OS Command Injection vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to execute arbitrary OS commands. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker.

EPSS: 1.17%

Severity: HIGH

Sep 06, 2022

9.0 CVSS

CVE-2022-34882

Information Exposure Through an Error Message vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to gain sensitive information. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker.

EPSS: 0.34%

Severity: CRITICAL

Sep 06, 2022

7.8 CVSS

CVE-2022-25365

Exploit Found

Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774.

EPSS: 1.41%

Severity: HIGH

Feb 19, 2022

8.0 CVSS

CVE-2021-29742

IBM Security Verify Access Docker 10.0.0 could allow a user to impersonate another user on the system. IBM X-Force ID: 201483.

EPSS: 0.20%

Severity: HIGH

Jul 15, 2021

6.8 CVSS

CVE-2021-29699

IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. IBM X-Force ID: 200600.

EPSS: 0.36%

Severity: MEDIUM

Jul 15, 2021

6.5 CVSS

CVE-2021-20537

IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID:198918

EPSS: 0.07%

Severity: MEDIUM

Jul 15, 2021

3.5 CVSS

CVE-2021-20534

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 198814

EPSS: 0.10%

Severity: LOW

Jul 15, 2021

7.2 CVSS

CVE-2021-20533

RCE

IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 198813

EPSS: 0.37%

Severity: HIGH

Jul 15, 2021

4.8 CVSS

CVE-2021-20524

IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198661.

EPSS: 0.17%

Severity: MEDIUM

Jul 15, 2021

2.7 CVSS

CVE-2021-20523

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 198660

EPSS: 0.20%

Severity: LOW

Jul 15, 2021

Displaying 10 of 124 Total Entries

1 2 3 4 5 ... 13

Total 13 Sections