Docker CVE Database
This is a database of current known vulnerabilities and security exposures. To learn more about Docker Security Policy and Process, visit the Security Portal
| CVE ID | Description | Date | Patch |
|---|---|---|---|
| CVE-2016-8867 | Incorrect application of ambient capabilities | Oct 27, 2016 | Engine 1.12.3 |
| CVE-2014-8178 | Attacker controlled layer IDs lead to local graph content poisoning | Oct 12, 2015 | Engine 1.8.3, 1.6.2-CS7 |
| CVE-2014-8179 | Manifest validation and parsing logic errors allow pull-by-digest validation bypass | Oct 12, 2015 | Engine 1.8.3, 1.6.2-CS7 |
| CVE-2015-3629 | Symlink traversal on container respawn allows local privilege escalation | May 7, 2015 | Engine 1.6.1 |
| CVE-2015-3627 | Insecure opening of file-descriptor 1 leading to privilege escalation | May 7, 2015 | Engine 1.6.1 |
| CVE-2015-3630 | Read/write proc paths allow host modification & information disclosure | May 7, 2015 | Engine 1.6.1 |
| CVE-2015-3631 | Volume mounts allow LSM profile escalation | May 7, 2015 | Engine 1.6.1 |