Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
docker vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2023-27482
homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or...
Home-assistant Supervisor
Home-assistant Home-assistant
8.8
CVSSv3
CVE-2023-26490
mailcow is a dockerized email package, with multiple containers linked in one bridged network. The Sync Job feature - which can be made available to standard users by assigning them the necessary permission - suffers from a shell command injection. A malicious user can abuse this...
Mailcow Mailcow\\ Dockerized
9.1
CVSSv3
CVE-2023-27290
Docker based datastores for IBM Instana (IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0) do not currently require authentication. Due to this, an attacker within the network could access the datastores with read/write access. IBM X-Force ID: 24...
Ibm Observability With Instana 243-0
Ibm Observability With Instana
2 Github repositories
7
CVSSv3
CVE-2023-27561
runc up to and including 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. N...
Linuxfoundation Runc
Redhat Enterprise Linux 8.0
Redhat Openshift Container Platform 4.0
Redhat Enterprise Linux 9.0
Debian Debian Linux 10.0
6.5
CVSSv3
CVE-2022-36775
IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and10.0.4.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an malicious user to conduct various attacks against the vulnerable system, includin...
Ibm Security Verify Access 10.0.1.0
Ibm Security Verify Access 10.0.2.0
Ibm Security Verify Access Docker 10.0.1.0
Ibm Security Verify Access Docker 10.0.2.0
Ibm Security Verify Access 10.0.0.0
Ibm Security Verify Access 10.0.3.0
Ibm Security Verify Access Docker 10.0.4.0
Ibm Security Verify Access Docker 10.0.3.0
Ibm Security Verify Access 10.0.4.0
Ibm Security Verify Access Docker 10.0.0.0
8.8
CVSSv3
CVE-2023-20076
A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote malicious user to execute arbitrary commands as root on the underlying host operating system. This vulnerability is due to incomplete sanitization of parameters that are passed i...
Cisco Ic3000 Industrial Compute Gateway
Cisco Ios Xe 17.10.0
Cisco Ios Xe
Cisco Iox -
Cisco Cgr1240 Firmware
Cisco Cgr1000 Firmware
Cisco Ir510 Wpan Firmware
Cisco 829 Industrial Integrated Services Router Firmware
Cisco 829 Industrial Integrated Services Router Firmware 15.9\\(3\\)m
Cisco 829 Industrial Integrated Services Router Firmware 15.9\\(3\\)m1
Cisco 829 Industrial Integrated Services Router Firmware 15.9\\(3\\)m2
Cisco 829 Industrial Integrated Services Router Firmware 15.9\\(3\\)m2a
Cisco 829 Industrial Integrated Services Router Firmware 15.9\\(3\\)m3
Cisco 829 Industrial Integrated Services Router Firmware 15.9\\(3\\)m4
Cisco 829 Industrial Integrated Services Router Firmware 15.9\\(3\\)m4a
Cisco 829 Industrial Integrated Services Router Firmware 15.9\\(3\\)m5
Cisco 829 Industrial Integrated Services Router Firmware 15.9\\(3\\)m6a
Cisco 829 Industrial Integrated Services Router Firmware 15.9\\(3\\)m6b
Cisco 807 Industrial Integrated Services Router Firmware
Cisco 807 Industrial Integrated Services Router Firmware 15.9\\(3\\)m
Cisco 807 Industrial Integrated Services Router Firmware 15.9\\(3\\)m1
Cisco 807 Industrial Integrated Services Router Firmware 15.9\\(3\\)m2
7.5
CVSSv3
CVE-2023-22746
CKAN is an open-source DMS (data management system) for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a custom value via environment va...
Okfn Ckan
NA
CVE-2022-37708
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
1 Github repository
5.3
CVSSv3
CVE-2022-39380
Wire web-app is part of Wire communications. Versions before 2022-11-02 are subject to Improper Handling of Exceptional Conditions. In the wire-webapp, certain combinations of Markdown formatting can trigger an unhandled error in the conversion to HTML representation. The error m...
Wire Wire-webapp
9.8
CVSSv3
CVE-2023-22495
Izanami is a shared configuration service well-suited for micro-service architecture implementation. Attackers can bypass the authentication in this application when deployed using the official Docker image. Because a hard coded secret is used to sign the authentication token (JW...
Maif Izanami
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »