Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
docker docker vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2019-15752
Docker Desktop Community Edition prior to 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate ...
Docker Docker
9.3
CVSSv2
CVE-2019-0204
A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1. A malicious actor can ...
Apache Mesos
Apache Mesos 1.8.0
Redhat Fuse 7.5.0
9.3
CVSSv2
CVE-2018-8115
A remote code execution vulnerability exists when the Windows Host Compute Service Shim (hcsshim) library fails to properly validate input while importing a container image, aka "Windows Host Compute Service Shim Remote Code Execution Vulnerability." This affects Window...
Microsoft Windows Host Compute Service Shim
2 Github repositories
2 Articles
9.3
CVSSv2
CVE-2014-5280
boot2docker 1.2 and previous versions allows malicious users to conduct cross-site request forgery (CSRF) attacks by leveraging Docker daemons enabling TCP connections without TLS authentication.
Boot2docker Boot2docker
1 Github repository
9
CVSSv2
CVE-2021-1559
Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote malicious user to perform a command injection attack on an affected device. These vulnerabilities are due to insufficient input sanitization when executing affected commands. A high-privil...
Cisco Dna Spaces\\ Connector
9
CVSSv2
CVE-2021-1560
Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote malicious user to perform a command injection attack on an affected device. These vulnerabilities are due to insufficient input sanitization when executing affected commands. A high-privil...
Cisco Dna Spaces\\ Connector
9
CVSSv2
CVE-2020-13347
A command injection vulnerability exists in Gitlab runner versions before 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the malicious user to run arbitrary commands on Windows host, via DOCKER_AUTH_CONFIG build v...
Gitlab Gitlab
9
CVSSv2
CVE-2014-5279
The Docker daemon managed by boot2docker 1.2 and previous versions improperly enables unauthenticated TCP connections by default, which makes it easier for remote malicious users to gain privileges or execute arbitrary code from children containers.
Boot2docker Boot2docker
9
CVSSv2
CVE-2017-10940
This vulnerability allows remote malicious users to execute arbitrary code on vulnerable installations of Joyent Smart Data Center prior to agentsshar@1.0.0-release-20160901-20160901T051624Z-g3fd5adf (e469cf49-4de3-4658-8419-ab42837916ad). An attacker must first obtain the abilit...
Joyent Triton Datacenter -
8.5
CVSSv2
CVE-2014-9356
Path traversal vulnerability in Docker prior to 1.3.3 allows remote malicious users to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile.
Docker Docker
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »