Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
docker vulnerabilities and exploits
(subscribe to this query)
409
VMScore
CVE-2021-37841
Docker Desktop prior to 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes. This security issue lead...
Docker Desktop
641
VMScore
CVE-2020-11492
An issue exists in Docker Desktop up to and including 2.2.0.5 on Windows. If a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a connection attempt from Docker Service (which runs as SYSTEM), and then impersonat...
Docker Docker Desktop
1 Github repository
NA
CVE-2022-37326
Docker Desktop for Windows prior to 4.6.0 allows malicious users to delete (or create) any file through the dockerBackendV2 windowscontainers/start API by controlling the pidfile field inside the DaemonJSON field in the WindowsContainerStartRequest class. This can indirectly lead...
Docker Desktop
NA
CVE-2022-34292
Docker Desktop for Windows prior to 4.6.0 allows malicious users to overwrite any file through a symlink attack on the hyperv/create dockerBackendV2 API by controlling the DataFolder parameter for DockerDesktop.vhdx, a similar issue to CVE-2022-31647.
Docker Desktop
NA
CVE-2023-40453
Docker Machine up to and including 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action (via escape sequence injection), or might have a data size that causes ...
Docker Machine
NA
CVE-2022-38730
Docker Desktop for Windows prior to 4.6 allows malicious users to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class. This allows exploiting a symlink ...
Docker Desktop
446
VMScore
CVE-2022-23774
Docker Desktop prior to 4.4.4 on Windows allows malicious users to move arbitrary files.
Docker Docker Desktop
NA
CVE-2022-31647
Docker Desktop prior to 4.6.0 on Windows allows malicious users to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder parameter, a different vulnerability than CVE-2022-26659.
Docker Desktop
320
VMScore
CVE-2022-26659
Docker Desktop installer on Windows in versions prior to 4.6.0 allows an malicious user to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run ele...
Docker Docker Desktop
356
VMScore
CVE-2017-1000094
Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. This functionality did not check permissions, allowing any user with Overall/Read permission to ge...
Jenkins Docker Commons
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »