Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
docker docker vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-37326
Docker Desktop for Windows prior to 4.6.0 allows malicious users to delete (or create) any file through the dockerBackendV2 windowscontainers/start API by controlling the pidfile field inside the DaemonJSON field in the WindowsContainerStartRequest class. This can indirectly lead...
Docker Desktop
446
VMScore
CVE-2022-23774
Docker Desktop prior to 4.4.4 on Windows allows malicious users to move arbitrary files.
Docker Docker Desktop
NA
CVE-2022-34292
Docker Desktop for Windows prior to 4.6.0 allows malicious users to overwrite any file through a symlink attack on the hyperv/create dockerBackendV2 API by controlling the DataFolder parameter for DockerDesktop.vhdx, a similar issue to CVE-2022-31647.
Docker Desktop
NA
CVE-2023-40453
Docker Machine up to and including 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action (via escape sequence injection), or might have a data size that causes ...
Docker Machine
NA
CVE-2022-38730
Docker Desktop for Windows prior to 4.6 allows malicious users to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class. This allows exploiting a symlink ...
Docker Desktop
NA
CVE-2022-31647
Docker Desktop prior to 4.6.0 on Windows allows malicious users to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder parameter, a different vulnerability than CVE-2022-26659.
Docker Desktop
320
VMScore
CVE-2022-26659
Docker Desktop installer on Windows in versions prior to 4.6.0 allows an malicious user to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run ele...
Docker Docker Desktop
890
VMScore
CVE-2020-35467
The Docker Docs Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Docker Docs container may allow a remote malicious user to achieve root access with a blank password.
Docker Docs
1 Github repository
890
VMScore
CVE-2020-35186
The official adminer docker images prior to 4.7.0-fastcgi contain a blank password for a root user. System using the adminer docker container deployed by affected versions of the docker image may allow a remote malicious user to achieve root access with a blank password.
Docker Adminer
320
VMScore
CVE-2021-33183
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability container volume management component in Synology Docker prior to 18.09.0-0515 allows local users to read or write arbitrary files via unspecified vectors.
Synology Docker
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »