Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
docker vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2020-35186
The official adminer docker images prior to 4.7.0-fastcgi contain a blank password for a root user. System using the adminer docker container deployed by affected versions of the docker image may allow a remote malicious user to achieve root access with a blank password.
Docker Adminer
4.6
CVSSv2
CVE-2021-37841
Docker Desktop prior to 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes. This security issue lead...
Docker Desktop
5
CVSSv2
CVE-2015-9258
In Docker Notary prior to 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might (for example) be able to forge a signature by forcing a misinterpretation of an ...
Docker Notary
7.2
CVSSv2
CVE-2020-11492
An issue exists in Docker Desktop up to and including 2.2.0.5 on Windows. If a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a connection attempt from Docker Service (which runs as SYSTEM), and then impersonat...
Docker Docker Desktop
1 Github repository
5
CVSSv2
CVE-2022-23774
Docker Desktop prior to 4.4.4 on Windows allows malicious users to move arbitrary files.
Docker Docker Desktop
7.2
CVSSv2
CVE-2020-10665
Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. This affects Docker Desktop Enterprise prior to 2...
Docker Desktop
1 Github repository
NA
CVE-2023-40453
Docker Machine up to and including 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action (via escape sequence injection), or might have a data size that causes ...
Docker Machine
7.5
CVSSv2
CVE-2015-9259
In Docker Notary prior to 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce update files referring to ...
Docker Notary
3.6
CVSSv2
CVE-2022-26659
Docker Desktop installer on Windows in versions prior to 4.6.0 allows an malicious user to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run ele...
Docker Docker Desktop
4
CVSSv2
CVE-2017-1000094
Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. This functionality did not check permissions, allowing any user with Overall/Read permission to ge...
Jenkins Docker Commons
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »