Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
docker vulnerabilities and exploits
(subscribe to this query)
7.1
CVSSv3
CVE-2022-34292
Docker Desktop for Windows prior to 4.6.0 allows malicious users to overwrite any file through a symlink attack on the hyperv/create dockerBackendV2 API by controlling the DataFolder parameter for DockerDesktop.vhdx, a similar issue to CVE-2022-31647.
Docker Desktop
7.1
CVSSv3
CVE-2022-31647
Docker Desktop prior to 4.6.0 on Windows allows malicious users to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder parameter, a different vulnerability than CVE-2022-26659.
Docker Desktop
9.8
CVSSv3
CVE-2020-35467
The Docker Docs Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Docker Docs container may allow a remote malicious user to achieve root access with a blank password.
Docker Docs
1 Github repository
7.9
CVSSv3
CVE-2021-33183
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability container volume management component in Synology Docker prior to 18.09.0-0515 allows local users to read or write arbitrary files via unspecified vectors.
Synology Docker
9.8
CVSSv3
CVE-2015-9259
In Docker Notary prior to 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce update files referring to ...
Docker Notary
9.8
CVSSv3
CVE-2020-35186
The official adminer docker images prior to 4.7.0-fastcgi contain a blank password for a root user. System using the adminer docker container deployed by affected versions of the docker image may allow a remote malicious user to achieve root access with a blank password.
Docker Adminer
6.5
CVSSv3
CVE-2019-10341
A missing permission check in Jenkins Docker Plugin 1.1.6 and previous versions in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, ca...
Jenkins Docker
4.3
CVSSv3
CVE-2019-10342
A missing permission check in Jenkins Docker Plugin 1.1.6 and previous versions in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
Jenkins Docker
6.3
CVSSv3
CVE-2022-38730
Docker Desktop for Windows prior to 4.6 allows malicious users to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class. This allows exploiting a symlink ...
Docker Desktop
7.8
CVSSv3
CVE-2020-11492
An issue exists in Docker Desktop up to and including 2.2.0.5 on Windows. If a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a connection attempt from Docker Service (which runs as SYSTEM), and then impersonat...
Docker Docker Desktop
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »