Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
docker vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-41327
WireMock is a tool for mocking HTTP services. WireMock can be configured to only permit proxying (and therefore recording) to certain addresses. This is achieved via a list of allowed address rules and a list of denied address rules, where the allowed list is evaluated first. Unt...
Wiremock Studio
Wiremock Wiremock
6.6
CVSSv3
CVE-2023-41329
WireMock is a tool for mocking HTTP services. The proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in Preventing proxying to and recording from specific target addresses. These restrictions can be configured using the domain names,...
Wiremock Studio
Wiremock Wiremock
Wiremock Python Wiremock
Wiremock Wiremock Docker
3.8
CVSSv3
CVE-2023-41044
Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's `Support Bundle` feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle feature allows an at...
Graylog Graylog
8.8
CVSSv3
CVE-2023-32079
Netmaker makes networks with WireGuard. A Mass assignment vulnerability was found in versions before 0.17.1 and 0.18.6 that allows a non-admin user to escalate privileges to those of an admin user. The issue is patched in 0.17.1 and fixed in 0.18.6. If Users are using 0.17.1, the...
Gravitl Netmaker
7.5
CVSSv3
CVE-2023-32077
Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run...
Gravitl Netmaker
7.5
CVSSv3
CVE-2023-32078
Netmaker makes networks with WireGuard. An Insecure Direct Object Reference (IDOR) vulnerability was found in versions before 0.17.1 and 0.18.6 in the user update function. By specifying another user's username, it was possible to update the other user's password. The i...
Gravitl Netmaker
5.4
CVSSv3
CVE-2023-40350
Jenkins Docker Swarm Plugin 1.11 and previous versions does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control responses from Do...
Jenkins Docker Swarm
8.8
CVSSv3
CVE-2023-39523
ScanCode.io is a server to script and automate software composition analysis with ScanPipe pipelines. Prior to version 32.5.1, the software has a possible command injection vulnerability in the docker fetch process as it allows to append malicious commands in the `docker_referenc...
Nexb Scancode.io
8.8
CVSSv3
CVE-2023-37273
Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. Running Auto-GPT version before 0.4.3 by cloning the git repo and executing `docker compose run auto-gpt` in the repo root uses a different docker-compose.yml file from th...
Agpt Auto-gpt
7.8
CVSSv3
CVE-2023-37274
Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. When Auto-GPT is executed directly on the host system via the provided run.sh or run.bat files, custom Python code execution is sandboxed using a temporary dedicated docke...
Agpt Auto-gpt
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »