Vulnerability Database

326,690

Total vulnerabilities in the database

CVE-2018-15514

HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the "docker-users" group (who may not otherwise have administrator access) to escalate to administrator privileges.

  • Published: Sep 1, 2018
  • Updated: Nov 9, 2025
  • CVE: CVE-2018-15514
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

OWASP TOP 10:

Software From Fixed in
docker / docker 18.03.0-win59 18.03.0-win59.x
docker / docker 17.12.0-win47 17.12.0-win47.x
docker / docker 17.12.0-win46 17.12.0-win46.x
docker / docker 17.09.1-win42 17.09.1-win42.x
docker / docker 17.09.0-win33 17.09.0-win33.x
docker / docker 17.09.0-win32 17.09.0-win32.x
docker / docker 17.06.2-win27 17.06.2-win27.x
docker / docker 17.06.1-rc1-win24 17.06.1-rc1-win24.x
docker / docker 17.06.0-win18 17.06.0-win18.x
docker / docker 17.03.1-win12 17.03.1-win12.x
docker / docker 17.03.0 17.03.0.x
docker / docker 18.03.1-win65 18.03.1-win65.x
docker / docker 18.05.0-win66 18.05.0-win66.x
docker / docker 18.05.0-rc1-win63 18.05.0-rc1-win63.x
docker / docker 18.04.0-rc2-win61 18.04.0-rc2-win61.x
docker / docker 18.03.0-win58 18.03.0-win58.x
docker / docker 18.03.0-rc3-win56 18.03.0-rc3-win56.x
docker / docker 18.02.0-win52 18.02.0-win52.x
docker / docker 18.02.0-rc2-win51 18.02.0-rc2-win51.x
docker / docker 18.02.0-rc1-win50 18.02.0-rc1-win50.x
docker / docker 18.01.0-win48 18.01.0-win48.x
docker / docker 17.12.0-win45 17.12.0-win45.x
docker / docker 17.12.0-rc4-win44 17.12.0-rc4-win44.x
docker / docker 17.12.0-rc3-win43 17.12.0-rc3-win43.x
docker / docker 17.12.0-rc2-win41 17.12.0-rc2-win41.x
docker / docker 17.11.0-win40 17.11.0-win40.x
docker / docker 17.11.0-rc4-win39 17.11.0-rc4-win39.x
docker / docker 17.11.0-rc3-win38 17.11.0-rc3-win38.x
docker / docker 17.11.0-rc2-win37 17.11.0-rc2-win37.x
docker / docker 17.10.0-win36 17.10.0-win36.x
docker / docker 17.09.0-win34 17.09.0-win34.x
docker / docker 17.09.0-win31 17.09.0-win31.x
docker / docker 17.09.0-rc3-win30 17.09.0-rc3-win30.x
docker / docker 17.09.0-rc2-win29 17.09.0-rc2-win29.x
docker / docker 17.09.0-rc1-win28 17.09.0-rc1-win28.x
docker / docker 17.07.0-win26 17.07.0-win26.x
docker / docker 17.07.0-rc4-win25 17.07.0-rc4-win25.x
docker / docker 17.07.0-rc3-win23 17.07.0-rc3-win23.x
docker / docker 17.07.0-rc2-win22 17.07.0-rc2-win22.x
docker / docker 17.07.0-rc1-win21 17.07.0-rc1-win21.x
docker / docker 17.06.1-rc1-win20 17.06.1-rc1-win20.x
docker / docker 17.06.0-win17 17.06.0-win17.x
docker / docker 17.06.0-win16 17.06.0-win16.x
docker / docker 17.06.0-win15 17.06.0-win15.x
docker / docker 17.06.0-win14 17.06.0-win14.x
docker / docker 17.06.0-win13 17.06.0-win13.x
docker / docker 17.0.5-win9 17.0.5-win9.x
docker / docker 17.0.4-win7 17.0.4-win7.x
docker / docker 17.04.0-win6 17.04.0-win6.x
docker / docker 17.03.0-rc1-win1 17.03.0-rc1-win1.x
docker / docker 1.13.1 1.13.1.x
docker / docker 1.13.0 1.13.0.x
docker / docker 1.12.5 1.12.5.x
docker / docker 1.12.3 1.12.3.x
docker / docker 1.12.1 1.12.1.x
docker / docker 1.12.0 1.12.0.x
docker / docker 1.13.1-rc2-beta41 1.13.1-rc2-beta41.x
docker / docker 1.13.1-rc1-beta40 1.13.1-rc1-beta40.x
docker / docker 1.13.0-beta39 1.13.0-beta39.x
docker / docker 1.13.0-beta38 1.13.0-beta38.x
docker / docker 1.13.0-rc7-beta37 1.13.0-rc7-beta37.x
docker / docker 1.13.0-rc6-beta36 1.13.0-rc6-beta36.x
docker / docker 1.13.0-rc5-beta35 1.13.0-rc5-beta35.x
docker / docker 1.13.0-rc4-beta34 1.13.0-rc4-beta34.x
docker / docker 1.13.0-rc3-beta33 1.13.0-rc3-beta33.x
docker / docker 1.13.0-rc3-beta32.1 1.13.0-rc3-beta32.1.x
docker / docker 1.13.0-rc3-beta32 1.13.0-rc3-beta32.x
docker / docker 1.13.0-rc2-beta31 1.13.0-rc2-beta31.x
docker / docker 1.12.3-beta30 1.12.3-beta30.x
docker / docker 1.12.3-beta29.3 1.12.3-beta29.3.x
docker / docker 1.12.2-beta29.2 1.12.2-beta29.2.x
docker / docker 1.12.1-beta29.1 1.12.1-beta29.1.x
docker / docker 1.12.3-rc1-beta29 1.12.3-rc1-beta29.x
docker / docker 1.12.2-rc3-beta28 1.12.2-rc3-beta28.x
docker / docker 1.12.2-rc1-beta27 1.12.2-rc1-beta27.x
docker / docker 1.12.1-beta26 1.12.1-beta26.x
docker / docker 1.12.1-beta25 1.12.1-beta25.x
docker / docker 1.12.1-beta24 1.12.1-beta24.x
docker / docker 1.12.1-rc1-beta23 1.12.1-rc1-beta23.x
docker / docker 1.12.0-beta22 1.12.0-beta22.x
docker / docker 1.12.0-beta21 1.12.0-beta21.x
docker / docker 1.12.0-rc4-beta20 1.12.0-rc4-beta20.x
docker / docker 1.12.0-rc4-beta19 1.12.0-rc4-beta19.x
docker / docker 1.12.0-rc3-beta18.1 1.12.0-rc3-beta18.1.x
docker / docker 1.12.0-rc3-beta18 1.12.0-rc3-beta18.x
docker / docker 1.12.0-rc2-beta17 1.12.0-rc2-beta17.x
docker / docker 1.12.0-rc2-beta16 1.12.0-rc2-beta16.x
docker / docker 1.11.2-beta15 1.11.2-beta15.x
docker / docker 1.11.1-beta14 1.11.1-beta14.x
docker / docker 1.11.1-beta13 1.11.1-beta13.x
docker / docker 1.11.1-beta12 1.11.1-beta12.x
docker / docker 1.11.1-beta11b 1.11.1-beta11b.x
docker / docker 1.11.1-beta11 1.11.1-beta11.x
docker / docker 1.11.0-beta10 1.11.0-beta10.x
docker / docker 1.11.0-beta9 1.11.0-beta9.x
docker / docker 1.11.0-beta8 1.11.0-beta8.x
docker / docker 1.11.0-beta7 1.11.0-beta7.x
docker / docker 1.11.0 1.11.0.x
docker / docker 1.10.6 1.10.6.x
docker / docker 1.10.4.0 1.10.4.0.x
docker / docker 1.10.2.14 1.10.2.14.x
docker / docker 1.10.2.12 1.10.2.12.x
docker / docker 1.10.1.42-1 1.10.1.42-1.x
docker / docker 1.10.0.0-0 1.10.0.0-0.x

Frequently Asked Questions

A security vulnerability is a weakness in software, hardware, or configuration that can be exploited to compromise confidentiality, integrity, or availability. Many vulnerabilities are tracked as CVEs (Common Vulnerabilities and Exposures), which provide a standardized identifier so teams can coordinate patching, mitigation, and risk assessment across tools and vendors.

CVSS (Common Vulnerability Scoring System) estimates technical severity, but it doesn't automatically equal business risk. Prioritize using context like internet exposure, affected asset criticality, known exploitation (proof-of-concept or in-the-wild), and whether compensating controls exist. A "Medium" CVSS on an exposed, production system can be more urgent than a "Critical" on an isolated, non-production host.

A vulnerability is the underlying weakness. An exploit is the method or code used to take advantage of it. A zero-day is a vulnerability that is unknown to the vendor or has no publicly available fix when attackers begin using it. In practice, risk increases sharply when exploitation becomes reliable or widespread.

Recurring findings usually come from incomplete Asset Discovery, inconsistent patch management, inherited images, and configuration drift. In modern environments, you also need to watch the software supply chain: dependencies, containers, build pipelines, and third-party services can reintroduce the same weakness even after you patch a single host. Unknown or unmanaged assets (often called Shadow IT) are a common reason the same issues resurface.

Use a simple, repeatable triage model: focus first on externally exposed assets, high-value systems (identity, VPN, email, production), vulnerabilities with known exploits, and issues that enable remote code execution or privilege escalation. Then enforce patch SLAs and track progress using consistent metrics so remediation is steady, not reactive.

SynScan combines attack surface monitoring and continuous security auditing to keep your inventory current, flag high-impact vulnerabilities early, and help you turn raw findings into a practical remediation plan.