Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

docker docker 18.03.1 vulnerabilities and exploits

(subscribe to this query)
7.5
CVSSv3
CVE-2019-13509
In Docker CE and EE prior to 18.09.8 (as well as Docker EE prior to 17.06.2-ee-23 and 18.x prior to 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that include...
Docker Docker 17.03.2Docker Docker 17.06.2Docker Docker 18.03.1Docker Docker
7.5
CVSSv3
CVE-2018-15664
In Docker up to and including 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/...
Docker Docker 17.06.2-ceDocker Docker 17.07.0-ceDocker Docker 17.06.0-ceDocker Docker 17.09.0-ceDocker Docker 17.09.1-ce-Docker Docker 17.12.0-ceDocker Docker 17.12.1-ceDocker Docker 18.03.1-ceDocker Docker 18.04.0-ceDocker Docker 18.05.0-ceDocker Docker 17.06.1-ceDocker Docker 17.09.1-ceDocker Docker 17.10.0-ceDocker Docker 18.01.0-ceDocker Docker 18.02.0-ceDocker Docker 18.03.0-ceDocker Docker 18.06.0-ceDocker Docker 17.11.0-ceDocker Docker 18.06.1-ce
8.8
CVSSv3
CVE-2018-15514
HandleRequestAsync in Docker for Windows prior to 18.06.0-ce-rc3-win68 (edge) and prior to 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user...
Docker Docker 1.13.1Docker Docker 1.13.0Docker Docker 1.12.2Docker Docker 1.12.1Docker Docker 1.11.1Docker Docker 1.11.0Docker Docker 18.03.0Docker Docker 18.02.0Docker Docker 17.09.0Docker Docker 17.07.0Docker Docker 17.03.0Docker Docker 1.12.5Docker Docker 17.03.1Docker Docker 18.03.1Docker Docker 1.12.3Docker Docker 1.12.0Docker Docker 1.10.4.0Docker Docker 1.10.2.14Docker Docker 1.10.2.12Docker Docker 1.10.1.42-1Docker Docker 17.12.0Docker Docker 17.11.0
8.4
CVSSv3
CVE-2019-13139
In Docker prior to 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in comma...
Docker Docker
4.9
CVSSv3
CVE-2018-20699
Docker Engine prior to 18.09 allows malicious users to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go.
Docker EngineRedhat Enterprise Linux Server 7.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook