Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
docker docker desktop vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-32473
Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. In 26.0.0, IPv6 is not disabled on network interfaces, including those belonging to networks where `--ipv6=false`. An con...
NA
CVE-2024-29018
Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows for many networks, each with their own IP address range and gateway, to be d...
NA
CVE-2023-0625
Docker Desktop prior to 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: prior to 4.12.0.
Docker Docker Desktop
NA
CVE-2023-0626
Docker Desktop prior to 4.12.0 is vulnerable to RCE via query parameters in message-box route. This issue affects Docker Desktop: prior to 4.12.0.
Docker Docker Desktop
NA
CVE-2023-0627
Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X.
Docker Docker Desktop
1 Github repository
NA
CVE-2023-0633
In Docker Desktop on Windows prior to 4.12.0 an argument injection to installer may result in local privilege escalation (LPE).This issue affects Docker Desktop: prior to 4.12.0.
Docker Docker Desktop
NA
CVE-2023-5165
Docker Desktop prior to 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business cu...
Docker Docker Desktop
NA
CVE-2023-5166
Docker Desktop prior to 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: prior to 4.23.0.
Docker Docker Desktop
NA
CVE-2022-37326
Docker Desktop for Windows prior to 4.6.0 allows malicious users to delete (or create) any file through the dockerBackendV2 windowscontainers/start API by controlling the pidfile field inside the DaemonJSON field in the WindowsContainerStartRequest class. This can indirectly lead...
Docker Desktop
NA
CVE-2022-38730
Docker Desktop for Windows prior to 4.6 allows malicious users to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class. This allows exploiting a symlink ...
Docker Desktop
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »