Software Detail

Software Informaton Top

Virtualization

Software Detail

Docker Engine

Number Of NVD

CRITICAL

HIGH

MEDIUM

LOW

URL	https://www.docker.com/
Explanation	Docker is a platform for developers and system administrators to develop, deploy, and run applications. With Docker, you can quickly assemble applications from components and reduce the discrepancies that occur between code deployments. Docker also enables rapid testing and production deployment. Docker is comprised of Docker Engine ... A lightweight and powerful open source containerization technology. Docker Engine ... A lightweight and powerful open source containerization technology that enables workflows for building and containerizing applications. Docker Hub ... A Saas service for sharing and managing application tiers. Excerpt from [https://docs.docker.jp/engine/index.html]
Tag	オープンソース Apache License v2.0

Add Information URL

No	Type	Name	URL
1			https://www.docker.com/get-started
2			https://www.docker.com/blog/
3			https://github.com/docker
4			https://docs.docker.com/engine/release-notes/
5			https://github.com/docker/engine
6			http://docs.docker.jp/

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Critical	High	Medium	Low
11	docker engine 27	27.5	Jan. 13, 2025	June 24, 2024	0	0	0	0
12	docker engine 26	26.0.2</a>	June 5, 2024	March 20, 2024	0	0	0	0
13	docker engine 25	25.0.5</a>	March 19, 2024	Jan. 19, 2024	0	0	0	0
14	docker engine 24	24.0.9</a>	Jan. 31, 2024	May 16, 2023	0	0	0	0
15	docker engine 23	23.0.6	May 8, 2023	Feb. 1, 2023	0	0	0	0
16	docker engine 20	28.2.1	May 29, 2025	Dec. 8, 2020	0	0	2	0
17	docker engine 19	19.03.14	Dec. 1, 2020	July 22, 2019	1	1	3	0
18	docker engine 18	18.09.9	Sept. 3, 2019	Nov. 8, 2018	0	6	4	0
19	docker engine 17	17.12.1-ce	Feb. 27, 2018	Dec. 27, 2017	0	6	5	0
20	docker engine 2	2.5.0.0			0	7	4	0
21	docker engine 1	1.13.1			1	22	12	1
22	docker engine 0	0.1.8			1	15	8	1
23	docker engine -	-			1	15	8	1

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
11	5.5 1.9	MEDIUM Local	Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a cra…	CWE-20 Improper Input Validation	CVE-2014-8178	cpe:2.3:a:docker:docker::			1.8.3	2024-11-21 11:18 2019-12-17	Show	GitHub Exploit DB Packet Storm

12	8.6 8.5	HIGH Network	Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or…	CWE-22 Path Traversal	CVE-2014-9356	cpe:2.3:a:docker:docker::			1.3.3	2024-11-21 11:20 2019-12-3	Show	GitHub Exploit DB Packet Storm

13	7.5 5.0	HIGH Network	runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a m…	CWE-863 Incorrect Authorization	CVE-2019-16884	cpe:2.3:a:docker:docker::		19.03.2		2024-11-21 13:31 2019-09-26	Show	GitHub Exploit DB Packet Storm

14	7.8 9.3	HIGH Local	Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low…	CWE-732 Incorrect Permission Assignment for Critical Resource	CVE-2019-15752	cpe:2.3:a:docker:docker::			2.1.0.1	2024-11-21 13:29 2019-08-29	Show	GitHub Exploit DB Packet Storm

15	8.4 4.6	HIGH Local	In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "do…	CWE-78 OS Command	CVE-2019-13139	cpe:2.3:a:docker:docker::			18.09.4	2024-11-21 13:24 2019-08-23	Show	GitHub Exploit DB Packet Storm

16	9.8 7.5	CRITICAL Network	In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the conten…	CWE-665 Improper Initialization	CVE-2019-14271	cpe:2.3:a:docker:docker::	19.03		19.03.1	2024-11-21 13:26 2019-07-30	Show	GitHub Exploit DB Packet Storm

17	7.5 5.0	HIGH Network	In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a…	CWE-532 Inclusion of Sensitive Information in Log Files	CVE-2019-13509	cpe:2.3:a:docker:docker:18.03.1:9 cpe:2.3:a:docker:docker:18.03.1:8 cpe:2.3:a:docker:docker:18.03.1:7 cpe:2.3:…	18.09.0		18.09.8 18.09.8	2024-11-21 13:25 2019-07-19	Show	GitHub Exploit DB Packet Storm

18	7.5 6.2	HIGH Local	In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access t…	CWE-362 Race Condition	CVE-2018-15664	cpe:2.3:a:docker:docker:18.06.1-ce:rc2 cpe:2.3:a:docker:docker:18.06.1-ce:rc1 cpe:2.3:a:docker:docker:18.06.0-ce:…				2024-11-21 12:51 2019-05-23	Show	GitHub Exploit DB Packet Storm

19	8.6 9.3	HIGH Local	runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to e…	CWE-78 OS Command	CVE-2019-5736	cpe:2.3:a:docker:docker::			18.09.2	2024-11-21 13:45 2019-02-12	Show	GitHub Exploit DB Packet Storm

20	8.8 6.5	HIGH Network	HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the…	CWE-502 Deserialization of Untrusted Data	CVE-2018-15514	cpe:2.3:a:docker:docker:18.05.0:win66 cpe:2.3:a:docker:docker:18.05.0:rc1-win63 cpe:2.3:a:docker:docker:18.04.0:r…				2024-11-21 12:50 2018-09-1	Show	GitHub Exploit DB Packet Storm