| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Known vulnerabilities affecting Docker products and systems
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2019-5736 | runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to ex... | 8.6 | 794 | Viral | Yes |
| Yes |
| CVE-2019-5021 | Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015... | 9.8 | 717 | Neutral | No | Yes |
| CVE-2019-16884 | runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a ma... | 7.5 | 551 | Neutral | Yes | Yes |
| CVE-2019-15752 | Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-... | 7.8 | 661 | Neutral | Yes | Yes |
| CVE-2019-14271 | In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the content... | 9.8 | 853 | Neutral | Yes | Yes |
| CVE-2019-13509 | In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2019-13139 | In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "doc... | 0.0 | 0 | Neutral | Yes | Yes |
| CVE-2019-10342 | A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stor... | 4.3 | 163 | Neutral | No | Yes |
| CVE-2019-10341 | A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using ... | 6.5 | 273 | Neutral | No | Yes |
| CVE-2019-10340 | A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-spec... | 8.8 | 609 | Neutral | No | Yes |
| CVE-2019-1020014 | docker-credential-helpers before 0.6.3 has a double free in the List functions. | 5.5 | 125 | Neutral | No | Yes |
| CVE-2019-1003065 | Jenkins CloudShare Docker-Machine Plugin stores credentials unencrypted in its global configuration file `com.cloudshare.jenkins.CloudShareConfiguration.xml` on the Jenkins controller. These credentia... | 8.8 | 545 | Neutral | No | Yes |
| CVE-2018-9862 | util.c in runV 1.0.0 for Docker mishandles a numeric username, which allows attackers to obtain root access by leveraging the presence of an initial numeric value on an /etc/passwd line, and then issu... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2018-20699 | Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, p... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2018-15664 | In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to... | 0.0 | 0 | Neutral | Yes | Yes |
| CVE-2018-15514 | HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the ... | 0.0 | 0 | Neutral | Yes | Yes |
| CVE-2018-10892 | The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disab... | 5.3 | 124 | Neutral | No | Yes |
| CVE-2016-9962 | RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-de... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2016-8867 | Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or mo... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2016-8579 | docker2aci <= 0.12.3 has an infinite loop when handling local images with cyclic dependency chain. | 0.0 | 0 | Neutral | No | Yes |