Software Detail

Software Informaton Top

Virtualization

Software Detail

Docker Engine

Number Of NVD

CRITICAL

HIGH

MEDIUM

LOW

URL	https://www.docker.com/
Explanation	Docker is a platform for developers and system administrators to develop, deploy, and run applications. With Docker, you can quickly assemble applications from components and reduce the discrepancies that occur between code deployments. Docker also enables rapid testing and production deployment. Docker is comprised of Docker Engine ... A lightweight and powerful open source containerization technology. Docker Engine ... A lightweight and powerful open source containerization technology that enables workflows for building and containerizing applications. Docker Hub ... A Saas service for sharing and managing application tiers. Excerpt from [https://docs.docker.jp/engine/index.html]
Tag	Apache License v2.0 オープンソース

Add Information URL

No	Type	Name	URL
1			https://www.docker.com/get-started
2			https://www.docker.com/blog/
3			https://github.com/docker
4			https://docs.docker.com/engine/release-notes/
5			https://github.com/docker/engine
6			http://docs.docker.jp/

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Critical	High	Medium	Low
1	docker engine 24	24.0.5	July 24, 2023	May 16, 2023	0	0	0	0
2	docker engine 23	23.0.6	May 8, 2023	Feb. 1, 2023	0	0	0	0
3	docker engine 20	20.10.23	Jan. 19, 2023	Dec. 8, 2020	0	0	2	0
4	docker engine 19	19.03.14	Dec. 1, 2020	July 22, 2019	1	1	3	0
5	docker engine 18	18.09.9	Sept. 3, 2019	Nov. 8, 2018	0	6	4	0
6	docker engine 17	17.12.1-ce	Feb. 27, 2018	Dec. 27, 2017	0	6	5	0
7	docker engine 2	2.5.0.0			0	7	4	0
8	docker engine 1	1.13.1			1	22	12	1
9	docker engine 0	0.1.8			1	15	8	1
10	docker engine -	-			1	15	8	1

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	less than	Update date Published date	Show Affected	Exploit PoC Search
1	7.8 4.6	HIGH Local	Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774.	NVD-CWE-noinfo	CVE-2022-25365	cpe:2.3:a:docker:docker::		4.5.1	2022-06-3 23:17 2022-02-19	Show	GitHub Exploit DB Packet Storm

2	6.5 4.3	MEDIUM Network	In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain…	CWE-754 Improper Check for Unusual or Exceptional Conditions	CVE-2021-21285	cpe:2.3:a:docker:docker::	20.0.0	20.10.3 19.03.15	2022-10-25 21:55 2021-02-3	Show	GitHub Exploit DB Packet Storm

3	6.8 2.7	MEDIUM Adjacent	In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns…	CWE-22 Path Traversal	CVE-2021-21284	cpe:2.3:a:docker:docker::	20.0.0	20.10.3 19.03.15	2022-04-30 04:22 2021-02-3	Show	GitHub Exploit DB Packet Storm

4	7.8 4.6	HIGH Local	Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.	CWE-295 Improper Certificate Validation	CVE-2021-3162	cpe:2.3:a:docker:docker::		2.5.0.0	2022-07-13 02:42 2021-01-16	Show	GitHub Exploit DB Packet Storm

5	5.3 5.0	MEDIUM Network	util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.T…	CWE-22 Path Traversal	CVE-2020-27534	cpe:2.3:a:docker:docker::		19.03.9	2021-01-6 05:19 2020-12-31	Show	GitHub Exploit DB Packet Storm

6	8.8 4.6	HIGH Local	The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorre…	CWE-273 Improper Check for Dropped Privileges	CVE-2020-14300	cpe:2.3:a:docker:docker:1.13.1:*			2023-02-13 08:39 2020-07-14	Show	GitHub Exploit DB Packet Storm

7	8.8 4.6	HIGH Local	The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed…	CWE-273 Improper Check for Dropped Privileges	CVE-2020-14298	cpe:2.3:a:docker:docker:1.13.1:*			2023-02-13 08:39 2020-07-14	Show	GitHub Exploit DB Packet Storm

8	5.3 4.3	MEDIUM Network	A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs.	NVD-CWE-noinfo	CVE-2014-5278	cpe:2.3:a:docker:docker::		1.2.0	2023-11-7 11:20 2020-02-8	Show	GitHub Exploit DB Packet Storm

9	9.8 7.5	CRITICAL Network	An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways.	CWE-20 Improper Input Validation	CVE-2014-0048	cpe:2.3:a:docker:docker::		1.5.0	2023-03-1 11:59 2020-01-3	Show	GitHub Exploit DB Packet Storm

10	7.5 5.0	HIGH Network	Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to injec…	CWE-20 Improper Input Validation	CVE-2014-8179	cpe:2.3:a:docker:docker::		1.8.3	2023-02-13 09:45 2019-12-18	Show	GitHub Exploit DB Packet Storm