Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
docker engine vulnerabilities and exploits
(subscribe to this query)
8.4
CVSSv3
CVE-2019-13139
In Docker prior to 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in comma...
Docker Docker
5.3
CVSSv3
CVE-2020-27534
util/binfmt_misc/check.go in Builder in Docker Engine prior to 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call.
Docker Docker
7.8
CVSSv3
CVE-2015-3629
Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.
Docker Libcontainer 1.6.0
Opensuse Opensuse 13.2
7.5
CVSSv3
CVE-2021-41092
Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHel...
Docker Command Line Interface
Fedoraproject Fedora 34
Fedoraproject Fedora 35
9.8
CVSSv3
CVE-2018-20871
In Univa Grid Engine prior to 8.6.3, when configured for Docker jobs and execd spooling on root_squash, weak file permissions ("other" write access) occur in certain cases (GE-6890).
Univa Grid Engine 8.6.3
9.8
CVSSv3
CVE-2016-9223
A vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator (CCO; formerly CliQr) could allow an unauthenticated, remote malicious user to install Docker containers with high privileges on the affected system. Affected Products: This vulnerability affect ...
Cisco Cloudcenter Orchestrator 4.6.1
Cisco Cloudcenter Orchestrator 4.6.0
Cisco Cloudcenter Orchestrator 4.5.0
Cisco Cloudcenter Orchestrator 4.4.0
6.3
CVSSv3
CVE-2021-41089
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the h...
Mobyproject Moby
Fedoraproject Fedora 34
Fedoraproject Fedora 35
1 Github repository
6.3
CVSSv3
CVE-2021-41091
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivilege...
Mobyproject Moby
Fedoraproject Fedora 34
Fedoraproject Fedora 35
3 Github repositories
7.5
CVSSv3
CVE-2018-12608
An issue exists in Docker Moby prior to 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-t...
Mobyproject Moby
6.3
CVSSv3
CVE-2022-36109
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they...
Mobyproject Moby
Fedoraproject Fedora 36
Fedoraproject Fedora 37
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »