Software Detail

Software Informaton Top

->

->

Software Detail

Docker Engine

Number Of NVD

37

CRITICAL

2

HIGH

22

MEDIUM

12

LOW

1

URL	https://www.docker.com/
Explanation	Docker is a platform for developers and system administrators to develop, deploy, and run applications. With Docker, you can quickly assemble applications from components and reduce the discrepancies that occur between code deployments. Docker also enables rapid testing and production deployment. Docker is comprised of Docker Engine ... A lightweight and powerful open source containerization technology. Docker Engine ... A lightweight and powerful open source containerization technology that enables workflows for building and containerizing applications. Docker Hub ... A Saas service for sharing and managing application tiers. Excerpt from [https://docs.docker.jp/engine/index.html]
Tag	オープンソース Apache License v2.0

Add Information URL

No	Type	Name	URL
1			https://www.docker.com/get-started
2			https://www.docker.com/blog/
3			https://github.com/docker
4			https://docs.docker.com/engine/release-notes/
5			https://github.com/docker/engine
6			http://docs.docker.jp/

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Security Support Service Pack Support	Extended for a fee	Critical	High	Medium	Low
31	docker engine 27	27.5	Jan. 13, 2025	June 24, 2024				0	0	0	0
32	docker engine 26	26.0.2</a>	June 5, 2024	March 20, 2024				0	0	0	0
33	docker engine 25	25.0.5</a>	March 19, 2024	Jan. 19, 2024				0	0	0	0
34	docker engine 24	24.0.9</a>	Jan. 31, 2024	May 16, 2023				0	0	0	0
35	docker engine 23	23.0.6	May 8, 2023	Feb. 1, 2023				0	0	0	0
36	docker engine 20	28.2.1	May 29, 2025	Dec. 8, 2020				0	0	2	0
37	docker engine 19	19.03.14	Dec. 1, 2020	July 22, 2019				1	1	3	0
38	docker engine 18	18.09.9	Sept. 3, 2019	Nov. 8, 2018				0	6	4	0
39	docker engine 17	17.12.1-ce	Feb. 27, 2018	Dec. 27, 2017				0	6	5	0
40	docker engine 2	2.5.0.0						0	7	4	0
41	docker engine 1	1.13.1						1	22	12	1
42	docker engine 0	0.1.8						1	15	8	1
43	docker engine -	-						1	15	8	1

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	more than	less than	Update date Published date	Show Affected	Exploit PoC Search
31	- 7.2	HIGH	Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an …	CWE-59 Link Following	CVE-2015-3627	cpe:2.3:a:docker:docker::		1.6			2024-11-21 11:29 2015-05-19	Show	GitHub Exploit DB Packet Storm

32	- 6.4	MEDIUM	Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation o…	CWE-20 Improper Input Validation	CVE-2014-9358	cpe:2.3:a:docker:docker::		1.3.2			2024-11-21 11:20 2014-12-17	Show	GitHub Exploit DB Packet Storm

33	- 10.0	HIGH	Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive ex…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2014-9357	cpe:2.3:a:docker:docker:1.3.2:*					2024-11-21 11:20 2014-12-17	Show	GitHub Exploit DB Packet Storm

34	- 5.0	MEDIUM	Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image.	CWE-264 Permissions, Privileges, and Access Controls	CVE-2014-6408	cpe:2.3:a:docker:docker:1.3.1:* cpe:2.3:a:docker:docker:1.3.0:*					2024-11-21 11:14 2014-12-13	Show	GitHub Exploit DB Packet Storm

35	- 7.5	HIGH	Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.	CWE-59 Link Following	CVE-2014-6407	cpe:2.3:a:docker:docker:1.3.0:* cpe:2.3:a:docker:docker:1.0.0:* cpe:2.3:a:docker:docker::		1.3.1			2024-11-21 11:14 2014-12-13	Show	GitHub Exploit DB Packet Storm

36	- 5.0	MEDIUM	Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain auth…	CWE-17 Code	CVE-2014-5277	cpe:2.3:a:docker:docker::		1.3.0			2024-11-21 11:11 2014-11-18	Show	GitHub Exploit DB Packet Storm

37	- 7.2	HIGH	Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.	CWE-264 Permissions, Privileges, and Access Controls	CVE-2014-3499	cpe:2.3:a:docker:docker:1.0.0:*					2024-11-21 11:08 2014-07-11	Show	GitHub Exploit DB Packet Storm