Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
docker docker vulnerabilities and exploits
(subscribe to this query)
828
VMScore
CVE-2019-15752
Docker Desktop Community Edition prior to 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate ...
Docker Docker
756
VMScore
CVE-2014-9356
Path traversal vulnerability in Docker prior to 1.3.3 allows remote malicious users to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile.
Docker Docker
169
VMScore
CVE-2014-8178
Docker Engine prior to 1.8.3 and CS Docker Engine prior to 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for malicious users to poison the image cache via a crafted image in pull or push commands.
Docker Cs Engine
Docker Docker
Opensuse Opensuse 13.2
445
VMScore
CVE-2014-8179
Docker Engine prior to 1.8.3 and CS Docker Engine prior to 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows malicious users to inject new attributes in a JSON object and bypass pull-by-digest validation.
Docker Cs Engine
Docker Docker
Opensuse Opensuse 13.2
NA
CVE-2023-28109
Play With Docker is a browser-based Docker playground. Versions 0.0.2 and prior are vulnerable to domain hijacking. Because CORS configuration was not correct, an attacker could use `play-with-docker.com` as an example and set the origin header in an http request as `evil-play-wi...
Play-with-docker Play With Docker 0.0.1
Play-with-docker Play With Docker 0.0.2
890
VMScore
CVE-2020-29577
The official znc docker images prior to 1.7.1-slim contain a blank password for a root user. Systems using the znc docker container deployed by affected versions of the Docker image may allow an remote malicious user to achieve root access with a blank password.
Znc Znc Docker Image 1.6
Znc Znc Docker Image 1.6-slim
Znc Znc Docker Image 1.6.4
Znc Znc Docker Image 1.6.4-slim
Znc Znc Docker Image 1.6.5
Znc Znc Docker Image 1.6.5-slim
Znc Znc Docker Image 1.6.6
Znc Znc Docker Image 1.6.6-slim
Znc Znc Docker Image 1.7.0
Znc Znc Docker Image 1.7.0-slim
Znc Znc Docker Image 1.7.1-slim
890
VMScore
CVE-2020-29576
The official eggdrop Docker images prior to 1.8.4rc2 contain a blank password for a root user. Systems using the Eggdrop Docker container deployed by affected versions of the Docker image may allow an remote malicious user to achieve root access with a blank password.
Eggheads Eggdrop Docker Image 1.6
Eggheads Eggdrop Docker Image 1.6.21
Eggheads Eggdrop Docker Image 1.8.0
Eggheads Eggdrop Docker Image 1.8.1
Eggheads Eggdrop Docker Image 1.8.2
Eggheads Eggdrop Docker Image 1.8.3
Eggheads Eggdrop Docker Image 1.8.4
NA
CVE-2023-5165
Docker Desktop prior to 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business cu...
Docker Docker Desktop
NA
CVE-2023-5166
Docker Desktop prior to 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: prior to 4.23.0.
Docker Docker Desktop
NA
CVE-2023-0625
Docker Desktop prior to 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: prior to 4.12.0.
Docker Docker Desktop
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »