) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
Search Parameters:
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:boot2docker:boot2docker:0.9.0:*:*:*:-:*:*:*
- CPE Name Search: true
There are 2 matching records.
Displaying matches 1 through 2.
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2014-5280 |
boot2docker 1.2 and earlier allows attackers to conduct cross-site request forgery (CSRF) attacks by leveraging Docker daemons enabling TCP connections without TLS authentication. Published: February 06, 2018; 11:29:00 AM -0500 |
V3.1: 8.8 HIGH V2.0: 9.3 HIGH |
| CVE-2014-5279 |
The Docker daemon managed by boot2docker 1.2 and earlier improperly enables unauthenticated TCP connections by default, which makes it easier for remote attackers to gain privileges or execute arbitrary code from children containers. Published: February 06, 2018; 11:29:00 AM -0500 |
V3.0: 8.8 HIGH V2.0: 9.0 HIGH |