Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
docker vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-40453
Docker Machine up to and including 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action (via escape sequence injection), or might have a data size that causes ...
Docker Machine
4.3
CVSSv3
CVE-2019-10342
A missing permission check in Jenkins Docker Plugin 1.1.6 and previous versions in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
Jenkins Docker
7.8
CVSSv3
CVE-2021-37841
Docker Desktop prior to 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes. This security issue lead...
Docker Desktop
5.3
CVSSv3
CVE-2022-23774
Docker Desktop prior to 4.4.4 on Windows allows malicious users to move arbitrary files.
Docker Docker Desktop
7.5
CVSSv3
CVE-2015-9258
In Docker Notary prior to 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might (for example) be able to forge a signature by forcing a misinterpretation of an ...
Docker Notary
9.8
CVSSv3
CVE-2015-9259
In Docker Notary prior to 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce update files referring to ...
Docker Notary
7.1
CVSSv3
CVE-2022-26659
Docker Desktop installer on Windows in versions prior to 4.6.0 allows an malicious user to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run ele...
Docker Docker Desktop
6.5
CVSSv3
CVE-2019-10341
A missing permission check in Jenkins Docker Plugin 1.1.6 and previous versions in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, ca...
Jenkins Docker
6.3
CVSSv3
CVE-2022-38730
Docker Desktop for Windows prior to 4.6 allows malicious users to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class. This allows exploiting a symlink ...
Docker Desktop
7.8
CVSSv3
CVE-2020-11492
An issue exists in Docker Desktop up to and including 2.2.0.5 on Windows. If a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a connection attempt from Docker Service (which runs as SYSTEM), and then impersonat...
Docker Docker Desktop
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »