Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
docker docker vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2019-10340
A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and previous versions in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through an...
Jenkins Docker
6.6
CVSSv2
CVE-2021-44719
Docker Desktop 4.3.0 has Incorrect Access Control.
Docker Docker Desktop
6.5
CVSSv2
CVE-2022-29184
GoCD is a continuous delivery server. In GoCD versions before 22.1.0, it is possible for existing authenticated users who have permissions to edit or create pipeline materials or pipeline configuration repositories to get remote code execution capability on the GoCD server via co...
Thoughtworks Gocd
6.5
CVSSv2
CVE-2022-20617
Jenkins Docker Commons Plugin 1.17 and previous versions does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job'...
Jenkins Docker Commons
6.5
CVSSv2
CVE-2021-20533
IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated malicious user to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 198813
Ibm Security Verify Access 10.0.0
6.5
CVSSv2
CVE-2020-24263
Portainer 1.24.1 and previous versions is affected by an insecure permissions vulnerability that may lead to remote arbitrary code execution. A non-admin user is allowed to spawn new containers with critical capabilities such as SYS_MODULE, which can be used to take over the Dock...
Portainer Portainer
6.5
CVSSv2
CVE-2021-20182
A privilege escalation flaw was found in openshift4/ose-docker-builder. The build container runs with high privileges using a chrooted environment instead of runc. If an attacker can gain access to this build container, they can potentially utilize the raw devices of the underlyi...
6.5
CVSSv2
CVE-2020-14144
The git hook feature in Gitea 1.1.0 up to and including 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood (e.g., one viewpoint is that the dangerousness of this feature should be documented immediately a...
Gitea Gitea
3 Github repositories
6.5
CVSSv2
CVE-2020-5239
In Mailu before version 1.7, an authenticated user can exploit a vulnerability in Mailu fetchmail script and gain full access to a Mailu instance. Mailu servers that have open registration or untrusted users are most impacted. The master and 1.7 branches are patched on our git re...
Mailu Mailu
1 Github repository
6.5
CVSSv2
CVE-2018-15514
HandleRequestAsync in Docker for Windows prior to 18.06.0-ce-rc3-win68 (edge) and prior to 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user...
Docker Docker 1.13.1
Docker Docker 1.13.0
Docker Docker 1.12.2
Docker Docker 1.12.1
Docker Docker 1.11.1
Docker Docker 1.11.0
Docker Docker 18.03.0
Docker Docker 18.02.0
Docker Docker 17.09.0
Docker Docker 17.07.0
Docker Docker 17.03.0
Docker Docker 1.12.5
Docker Docker 17.03.1
Docker Docker 18.03.1
Docker Docker 1.12.3
Docker Docker 1.12.0
Docker Docker 1.10.4.0
Docker Docker 1.10.2.14
Docker Docker 1.10.2.12
Docker Docker 1.10.1.42-1
Docker Docker 17.12.0
Docker Docker 17.11.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »