Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
docker docker vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2019-0204
A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1. A malicious actor can ...
Apache Mesos
Apache Mesos 1.8.0
Redhat Fuse 7.5.0
9.3
CVSSv2
CVE-2018-8115
A remote code execution vulnerability exists when the Windows Host Compute Service Shim (hcsshim) library fails to properly validate input while importing a container image, aka "Windows Host Compute Service Shim Remote Code Execution Vulnerability." This affects Window...
Microsoft Windows Host Compute Service Shim
2 Github repositories
2 Articles
9.3
CVSSv2
CVE-2014-5280
boot2docker 1.2 and previous versions allows malicious users to conduct cross-site request forgery (CSRF) attacks by leveraging Docker daemons enabling TCP connections without TLS authentication.
Boot2docker Boot2docker
1 Github repository
9
CVSSv2
CVE-2021-1560
Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote malicious user to perform a command injection attack on an affected device. These vulnerabilities are due to insufficient input sanitization when executing affected commands. A high-privil...
Cisco Dna Spaces\\ Connector
9
CVSSv2
CVE-2021-1559
Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote malicious user to perform a command injection attack on an affected device. These vulnerabilities are due to insufficient input sanitization when executing affected commands. A high-privil...
Cisco Dna Spaces\\ Connector
9
CVSSv2
CVE-2020-13347
A command injection vulnerability exists in Gitlab runner versions before 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the malicious user to run arbitrary commands on Windows host, via DOCKER_AUTH_CONFIG build v...
Gitlab Gitlab
9
CVSSv2
CVE-2014-5279
The Docker daemon managed by boot2docker 1.2 and previous versions improperly enables unauthenticated TCP connections by default, which makes it easier for remote malicious users to gain privileges or execute arbitrary code from children containers.
Boot2docker Boot2docker
9
CVSSv2
CVE-2017-10940
This vulnerability allows remote malicious users to execute arbitrary code on vulnerable installations of Joyent Smart Data Center prior to agentsshar@1.0.0-release-20160901-20160901T051624Z-g3fd5adf (e469cf49-4de3-4658-8419-ab42837916ad). An attacker must first obtain the abilit...
Joyent Triton Datacenter -
8.5
CVSSv2
CVE-2014-9356
Path traversal vulnerability in Docker prior to 1.3.3 allows remote malicious users to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile.
Docker Docker
8.5
CVSSv2
CVE-2017-7669
In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root.
Apache Hadoop 2.8.0
Apache Hadoop 3.0.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »