Docker CVE Database

This is a database of current known vulnerabilities and security exposures. To learn more about Docker Security Policy and Process, visit the Security Portal

CVE ID Description Date Patch
CVE-2016-8867 Incorrect application of ambient capabilities Oct 27, 2016 Engine 1.12.3
CVE-2014-8178 Attacker controlled layer IDs lead to local graph content poisoning Oct 12, 2015 Engine 1.8.3, 1.6.2-CS7
CVE-2014-8179 Manifest validation and parsing logic errors allow pull-by-digest validation bypass Oct 12, 2015 Engine 1.8.3, 1.6.2-CS7
CVE-2015-3629 Symlink traversal on container respawn allows local privilege escalation May 7, 2015 Engine 1.6.1
CVE-2015-3627 Insecure opening of file-descriptor 1 leading to privilege escalation May 7, 2015 Engine 1.6.1
CVE-2015-3630 Read/write proc paths allow host modification & information disclosure May 7, 2015 Engine 1.6.1
CVE-2015-3631 Volume mounts allow LSM profile escalation May 7, 2015 Engine 1.6.1

 

Get started with Docker today.

Get started