NotCVE - vendor:"Docker"

Page 5 of 108 results (0.003 seconds)

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-20511

https://notcve.org/view.php?id=CVE-2021-20511

15 Jul 2021 — IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 198300. IBM Security Verify Access Docker versión 10.0.0, podría permitir a un atacante remoto saltar los directorios del sistema. Un atacante podría enviar una petición de URL especialmente diseñada que contenga secuencias de "dot dot" (/../) para visua... • https://exchange.xforce.ibmcloud.com/vulnerabilities/198300 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-20510

https://notcve.org/view.php?id=CVE-2021-20510

15 Jul 2021 — IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299 IBM Security Verify Access Docker versión 10.0.0, almacena unas credenciales de usuario en texto sin cifrar que puede ser leído por un usuario local. IBM X-Force ID: 198299 • https://exchange.xforce.ibmcloud.com/vulnerabilities/198299 • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-20500

https://notcve.org/view.php?id=CVE-2021-20500

15 Jul 2021 — IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. IBM X-Force ID: 197980. IBM Security Verify Access Docker versión 10.0.0, podría revelar información altamente confidencial a un usuario local privilegiado. IBM X-Force ID: 197980 • https://exchange.xforce.ibmcloud.com/vulnerabilities/197980 •

CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-20499

https://notcve.org/view.php?id=CVE-2021-20499

15 Jul 2021 — IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197973 IBM Security Verify Access Docker versión 10.0.0, podría permitir a un atacante remoto obtener información confidencial cuando es devuelto un mensaje de error técnico detallado en el navegador. Esta información podría ser usada en otros ataques con... • https://exchange.xforce.ibmcloud.com/vulnerabilities/197973 • CWE-209: Generation of Error Message Containing Sensitive Information •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-20498

https://notcve.org/view.php?id=CVE-2021-20498

15 Jul 2021 — IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requests that could be used in further attacks against the system. IBM X-Force ID: 197972. IBM Security Verify Access Docker 10.0.0 revela información de la versión en las solicitudes HTTP que podría utilizarse en otros ataques contra el sistema. ID de IBM X-Force: 197972 • https://exchange.xforce.ibmcloud.com/vulnerabilities/197972 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-20497

https://notcve.org/view.php?id=CVE-2021-20497

15 Jul 2021 — IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197969 IBM Security Verify Access Docker versión 10.0.0, usa algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 197969 • https://exchange.xforce.ibmcloud.com/vulnerabilities/197969 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-20496

https://notcve.org/view.php?id=CVE-2021-20496

15 Jul 2021 — IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. IBM X-Force ID: 197966. IBM Security Verify Access Docker versión 10.0.0, podría permitir a un usuario autenticado omitir la entrada debido a una comprobación inapropiada de entrada. IBM X-Force ID: 197966 • https://exchange.xforce.ibmcloud.com/vulnerabilities/197966 • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 1

CVE-2021-27886 – Docker Dashboard Remote Command Execution

https://notcve.org/view.php?id=CVE-2021-27886

01 Mar 2021 — rakibtg Docker Dashboard before 2021-02-28 allows command injection in backend/utilities/terminal.js via shell metacharacters in the command parameter of an API request. NOTE: this is NOT a Docker, Inc. product. rakibtg Docker Dashboard antes del 28 de febrero de 2021, permite la inyección de comandos en el archivo backend/utilities/terminal.js por medio de metacaracteres de shell en el parámetro del comando de una petición de la API. NOTA: este NO es un producto de Docker, Inc Docker Dashboard suffers... • https://packetstorm.news/files/id/163416 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2021-21284 – privilege escalation in Moby

https://notcve.org/view.php?id=CVE-2021-21284

02 Feb 2021 — In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user. En Docker versione... • https://docs.docker.com/engine/release-notes/#20103 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2021-21285 – Docker daemon crash during image pull of malicious image

https://notcve.org/view.php?id=CVE-2021-21285

02 Feb 2021 — In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing. En Docker versiones anteriores a 9.03.15, 20.10.3, se presenta una vulnerabilidad en la que al extraer un manifiesto de imagen de Docker malformado intencionalmente, bloquea al demonio dockerd. Las versiones 20.10.3 y 19.03.15 contienen parches que impiden al ... • https://docs.docker.com/engine/release-notes/#20103 • CWE-400: Uncontrolled Resource Consumption CWE-754: Improper Check for Unusual or Exceptional Conditions •

1...3 4 5 6 7