Engine Docker Engine

stack.watch can email you when security vulnerabilities are reported in Docker Engine. You can add multiple products that you use with Engine to create your own personal software stack watcher.

By the Year

In 2021 there have been 0 vulnerabilities in Docker Engine . Last year Engine had 1 security vulnerability published. Right now, Engine is on track to have less security vulnerabilities in 2021 than it did last year.

Year Vulnerabilities Average Score
2021 0 0.00
2020 1 6.00
2019 1 4.90
2018 0 0.00

It may take a day or so for new Engine vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Docker Engine Security Vulnerabilities

An issue was discovered in Docker Engine before 19.03.11

CVE-2020-13401 6 - Medium - June 02, 2020

An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service.

CVE-2020-13401 can be explotited with network access, and requires small amount of user privledges. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.

Improper Input Validation

Docker Engine before 18.09

CVE-2018-20699 4.9 - Medium - January 12, 2019

Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go.

CVE-2018-20699 can be explotited with network access, and requires user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.2 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Uncontrolled Resource Consumption ('Resource Exhaustion')