By the Year
In 2021 there have been 0 vulnerabilities in Docker Engine . Last year Engine had 1 security vulnerability published. Right now, Engine is on track to have less security vulnerabilities in 2021 than it did last year.
It may take a day or so for new Engine vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.
Latest Docker Engine Security Vulnerabilities
An issue was discovered in Docker Engine before 19.03.11
6 - Medium
- June 02, 2020
An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service.
CVE-2020-13401 can be explotited with network access, and requires small amount of user privledges. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.
Improper Input Validation
Docker Engine before 18.09
4.9 - Medium
- January 12, 2019
Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go.
CVE-2018-20699 can be explotited with network access, and requires user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.2 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Uncontrolled Resource Consumption ('Resource Exhaustion')