Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
docker vulnerabilities and exploits
(subscribe to this query)
828
VMScore
CVE-2019-15752
Docker Desktop Community Edition prior to 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate ...
Docker Docker
411
VMScore
CVE-2019-13139
In Docker prior to 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in comma...
Docker Docker
169
VMScore
CVE-2014-8178
Docker Engine prior to 1.8.3 and CS Docker Engine prior to 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for malicious users to poison the image cache via a crafted image in pull or push commands.
Docker Cs Engine
Docker Docker
Opensuse Opensuse 13.2
445
VMScore
CVE-2014-8179
Docker Engine prior to 1.8.3 and CS Docker Engine prior to 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows malicious users to inject new attributes in a JSON object and bypass pull-by-digest validation.
Docker Cs Engine
Docker Docker
Opensuse Opensuse 13.2
NA
CVE-2023-28109
Play With Docker is a browser-based Docker playground. Versions 0.0.2 and prior are vulnerable to domain hijacking. Because CORS configuration was not correct, an attacker could use `play-with-docker.com` as an example and set the origin header in an http request as `evil-play-wi...
Play-with-docker Play With Docker 0.0.1
Play-with-docker Play With Docker 0.0.2
890
VMScore
CVE-2020-29577
The official znc docker images prior to 1.7.1-slim contain a blank password for a root user. Systems using the znc docker container deployed by affected versions of the Docker image may allow an remote malicious user to achieve root access with a blank password.
Znc Znc Docker Image 1.6
Znc Znc Docker Image 1.6-slim
Znc Znc Docker Image 1.6.4
Znc Znc Docker Image 1.6.4-slim
Znc Znc Docker Image 1.6.5
Znc Znc Docker Image 1.6.5-slim
Znc Znc Docker Image 1.6.6
Znc Znc Docker Image 1.6.6-slim
Znc Znc Docker Image 1.7.0
Znc Znc Docker Image 1.7.0-slim
Znc Znc Docker Image 1.7.1-slim
NA
CVE-2023-5166
Docker Desktop prior to 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: prior to 4.23.0.
Docker Docker Desktop
NA
CVE-2023-5165
Docker Desktop prior to 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business cu...
Docker Docker Desktop
NA
CVE-2023-0625
Docker Desktop prior to 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: prior to 4.12.0.
Docker Docker Desktop
NA
CVE-2023-0626
Docker Desktop prior to 4.12.0 is vulnerable to RCE via query parameters in message-box route. This issue affects Docker Desktop: prior to 4.12.0.
Docker Docker Desktop
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »