Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
docker docker vulnerabilities and exploits
(subscribe to this query)
828
VMScore
CVE-2019-15752
Docker Desktop Community Edition prior to 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate ...
Docker Docker
828
VMScore
CVE-2019-0204
A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1. A malicious actor can ...
Apache Mesos
Apache Mesos 1.8.0
Redhat Fuse 7.5.0
828
VMScore
CVE-2014-5280
boot2docker 1.2 and previous versions allows malicious users to conduct cross-site request forgery (CSRF) attacks by leveraging Docker daemons enabling TCP connections without TLS authentication.
Boot2docker Boot2docker
1 Github repository
801
VMScore
CVE-2021-1559
Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote malicious user to perform a command injection attack on an affected device. These vulnerabilities are due to insufficient input sanitization when executing affected commands. A high-privil...
Cisco Dna Spaces Connector
801
VMScore
CVE-2021-1560
Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote malicious user to perform a command injection attack on an affected device. These vulnerabilities are due to insufficient input sanitization when executing affected commands. A high-privil...
Cisco Dna Spaces Connector
801
VMScore
CVE-2020-13347
A command injection vulnerability exists in Gitlab runner versions before 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the malicious user to run arbitrary commands on Windows host, via DOCKER_AUTH_CONFIG build v...
Gitlab Gitlab
801
VMScore
CVE-2014-5279
The Docker daemon managed by boot2docker 1.2 and previous versions improperly enables unauthenticated TCP connections by default, which makes it easier for remote malicious users to gain privileges or execute arbitrary code from children containers.
Boot2docker Boot2docker
801
VMScore
CVE-2017-10940
This vulnerability allows remote malicious users to execute arbitrary code on vulnerable installations of Joyent Smart Data Center prior to agentsshar@1.0.0-release-20160901-20160901T051624Z-g3fd5adf (e469cf49-4de3-4658-8419-ab42837916ad). An attacker must first obtain the abilit...
Joyent Triton Datacenter -
756
VMScore
CVE-2014-9356
Path traversal vulnerability in Docker prior to 1.3.3 allows remote malicious users to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile.
Docker Docker
756
VMScore
CVE-2017-7669
In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root.
Apache Hadoop 3.0.0
Apache Hadoop 2.8.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »