Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
docker docker vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2015-9259
In Docker Notary prior to 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce update files referring to ...
Docker Notary
7.5
CVSSv2
CVE-2016-8954
IBM dashDB Local uses hard-coded credentials that could allow a remote malicious user to gain access to the Docker container or database.
Ibm Dashdb Local 1.1.0
Ibm Dashdb Local 1.2.1
Ibm Dashdb Local 1.3.0
Ibm Dashdb Local 1.2.0
Ibm Dashdb Local 1.3.1
Ibm Dashdb Local 1.0.0
Ibm Dashdb Local 1.1.1
7.5
CVSSv2
CVE-2014-6407
Docker prior to 1.3.2 allows remote malicious users to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.
Docker Docker
Docker Docker 1.3.0
Docker Docker 1.0.0
1 Article
7.2
CVSSv2
CVE-2022-32481
Dell PowerProtect Cyber Recovery, versions before 19.11, contain a privilege escalation vulnerability on virtual appliance deployments. A lower-privileged authenticated user can chain docker commands to escalate privileges to root leading to complete system takeover.
Dell Powerprotect Cyber Recovery
7.2
CVSSv2
CVE-2020-3393
A vulnerability in the application-hosting subsystem of Cisco IOS XE Software could allow an authenticated, local malicious user to elevate privileges to root on an affected device. The attacker could execute IOS XE commands outside the application-hosting subsystem Docker contai...
Cisco Ios Xe 16.12.1
7.2
CVSSv2
CVE-2020-11492
An issue exists in Docker Desktop up to and including 2.2.0.5 on Windows. If a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a connection attempt from Docker Service (which runs as SYSTEM), and then impersonat...
Docker Docker Desktop
1 Github repository
7.2
CVSSv2
CVE-2020-10665
Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. This affects Docker Desktop Enterprise prior to 2...
Docker Desktop
1 Github repository
7.2
CVSSv2
CVE-2018-9862
util.c in runV 1.0.0 for Docker mishandles a numeric username, which allows malicious users to obtain root access by leveraging the presence of an initial numeric value on an /etc/passwd line, and then issuing a "docker exec" command with that value in the -u argument, ...
Hyper Runv 1.0.0
1 Github repository
7.2
CVSSv2
CVE-2017-7412
NixOS 17.03 prior to 17.03.887 has a world-writable Docker socket, which allows local users to gain privileges by executing docker commands.
Nixos Nixos 17.03
7.2
CVSSv2
CVE-2016-2779
runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
Kernel Util-linux 2.24.2-1
11 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »