Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
docker vulnerabilities and exploits
(subscribe to this query)
3.6
CVSSv2
CVE-2015-3631
Docker Engine prior to 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc.
Docker Docker
8.5
CVSSv2
CVE-2014-9356
Path traversal vulnerability in Docker prior to 1.3.3 allows remote malicious users to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile.
Docker Docker
1.9
CVSSv2
CVE-2014-8178
Docker Engine prior to 1.8.3 and CS Docker Engine prior to 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for malicious users to poison the image cache via a crafted image in pull or push commands.
Docker Cs Engine
Docker Docker
Opensuse Opensuse 13.2
5
CVSSv2
CVE-2014-8179
Docker Engine prior to 1.8.3 and CS Docker Engine prior to 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows malicious users to inject new attributes in a JSON object and bypass pull-by-digest validation.
Docker Cs Engine
Docker Docker
Opensuse Opensuse 13.2
NA
CVE-2023-28109
Play With Docker is a browser-based Docker playground. Versions 0.0.2 and prior are vulnerable to domain hijacking. Because CORS configuration was not correct, an attacker could use `play-with-docker.com` as an example and set the origin header in an http request as `evil-play-wi...
Play-with-docker Play With Docker 0.0.1
Play-with-docker Play With Docker 0.0.2
10
CVSSv2
CVE-2020-29577
The official znc docker images prior to 1.7.1-slim contain a blank password for a root user. Systems using the znc docker container deployed by affected versions of the Docker image may allow an remote malicious user to achieve root access with a blank password.
Znc Znc Docker Image 1.6
Znc Znc Docker Image 1.6-slim
Znc Znc Docker Image 1.6.4
Znc Znc Docker Image 1.6.4-slim
Znc Znc Docker Image 1.6.5
Znc Znc Docker Image 1.6.5-slim
Znc Znc Docker Image 1.6.6
Znc Znc Docker Image 1.6.6-slim
Znc Znc Docker Image 1.7.0
Znc Znc Docker Image 1.7.0-slim
Znc Znc Docker Image 1.7.1-slim
NA
CVE-2023-5165
Docker Desktop prior to 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business cu...
Docker Docker Desktop
NA
CVE-2023-5166
Docker Desktop prior to 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: prior to 4.23.0.
Docker Docker Desktop
NA
CVE-2023-0625
Docker Desktop prior to 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: prior to 4.12.0.
Docker Docker Desktop
NA
CVE-2023-0626
Docker Desktop prior to 4.12.0 is vulnerable to RCE via query parameters in message-box route. This issue affects Docker Desktop: prior to 4.12.0.
Docker Docker Desktop
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »