Software Detail

Software Informaton Top

Virtualization

Software Detail

Docker Engine

Number Of NVD

CRITICAL

HIGH

MEDIUM

LOW

URL	https://www.docker.com/
Explanation	Docker is a platform for developers and system administrators to develop, deploy, and run applications. With Docker, you can quickly assemble applications from components and reduce the discrepancies that occur between code deployments. Docker also enables rapid testing and production deployment. Docker is comprised of Docker Engine ... A lightweight and powerful open source containerization technology. Docker Engine ... A lightweight and powerful open source containerization technology that enables workflows for building and containerizing applications. Docker Hub ... A Saas service for sharing and managing application tiers. Excerpt from [https://docs.docker.jp/engine/index.html]
Tag	オープンソース Apache License v2.0

Add Information URL

No	Type	Name	URL
1			https://www.docker.com/get-started
2			https://www.docker.com/blog/
3			https://github.com/docker
4			https://docs.docker.com/engine/release-notes/
5			https://github.com/docker/engine
6			http://docs.docker.jp/

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Critical	High	Medium	Low
21	docker engine 27	27.5	Jan. 13, 2025	June 24, 2024	0	0	0	0
22	docker engine 26	26.0.2</a>	June 5, 2024	March 20, 2024	0	0	0	0
23	docker engine 25	25.0.5</a>	March 19, 2024	Jan. 19, 2024	0	0	0	0
24	docker engine 24	24.0.9</a>	Jan. 31, 2024	May 16, 2023	0	0	0	0
25	docker engine 23	23.0.6	May 8, 2023	Feb. 1, 2023	0	0	0	0
26	docker engine 20	28.2.1	May 29, 2025	Dec. 8, 2020	0	0	2	0
27	docker engine 19	19.03.14	Dec. 1, 2020	July 22, 2019	1	1	3	0
28	docker engine 18	18.09.9	Sept. 3, 2019	Nov. 8, 2018	0	6	4	0
29	docker engine 17	17.12.1-ce	Feb. 27, 2018	Dec. 27, 2017	0	6	5	0
30	docker engine 2	2.5.0.0			0	7	4	0
31	docker engine 1	1.13.1			1	22	12	1
32	docker engine 0	0.1.8			1	15	8	1
33	docker engine -	-			1	15	8	1

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
21	5.3 5.0	MEDIUM Network	The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disa…	-	CVE-2018-10892	cpe:2.3:a:docker:docker::	1.11 1.11	18.03.1 18.03.1		2024-11-21 12:42 2018-07-7	Show	GitHub Exploit DB Packet Storm

22	8.1 5.5	HIGH Network	Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'.	CWE-20 Improper Input Validation	CVE-2014-5282	cpe:2.3:a:docker:docker::			1.3	2024-11-21 11:11 2018-02-7	Show	GitHub Exploit DB Packet Storm

23	6.5 4.3	MEDIUM Network	Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause …	CWE-20 Improper Input Validation	CVE-2017-14992	cpe:2.3:a:docker:docker:17.09.0:* cpe:2.3:a:docker:docker:17.06.2:* cpe:2.3:a:docker:docker:17.06.1:* cpe:2.3:…		1.10.3		2024-11-21 12:13 2017-11-2	Show	GitHub Exploit DB Packet Storm

24	7.8 4.6	HIGH Local	Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage.	NVD-CWE-noinfo	CVE-2014-0047	cpe:2.3:a:docker:docker::		1.4.1		2024-11-21 11:01 2017-10-7	Show	GitHub Exploit DB Packet Storm

25	6.4 4.4	MEDIUM Local	RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-d…	CWE-362 Race Condition	CVE-2016-9962	cpe:2.3:a:docker:docker::	1.11.0		1.12.6	2024-11-21 12:02 2017-02-1	Show	GitHub Exploit DB Packet Storm

26	6.5 4.0	MEDIUM Network	The SwarmKit toolkit 1.12.0 for Docker allows remote authenticated users to cause a denial of service (prevention of cluster joins) via a long sequence of join and quit actions. NOTE: the vendor dis…	CWE-399 Resource Management Errors	CVE-2016-6595	cpe:2.3:a:docker:docker:1.12.0:*				2024-11-21 11:56 2017-01-5	Show	GitHub Exploit DB Packet Storm

27	7.5 5.0	HIGH Network	Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or m…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2016-8867	cpe:2.3:a:docker:docker:1.12.2:*				2024-11-21 12:00 2016-10-29	Show	GitHub Exploit DB Packet Storm

28	7.8 2.1	HIGH Local	libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric use…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2016-3697	cpe:2.3:a:docker:docker::		1.11.1		2024-11-21 11:50 2016-06-2	Show	GitHub Exploit DB Packet Storm

29	- 3.6	LOW	Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc.	CWE-264 Permissions, Privileges, and Access Controls	CVE-2015-3631	cpe:2.3:a:docker:docker::		1.6		2024-11-21 11:29 2015-05-19	Show	GitHub Exploit DB Packet Storm

30	- 7.2	HIGH	Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive …	CWE-264 Permissions, Privileges, and Access Controls	CVE-2015-3630	cpe:2.3:a:docker:docker::		1.6		2024-11-21 11:29 2015-05-19	Show	GitHub Exploit DB Packet Storm