Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
docker desktop vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2020-15360
com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalation because of a lack of client verification.
Docker Docker Desktop 2.3.0.3
7.1
CVSSv3
CVE-2022-34292
Docker Desktop for Windows prior to 4.6.0 allows malicious users to overwrite any file through a symlink attack on the hyperv/create dockerBackendV2 API by controlling the DataFolder parameter for DockerDesktop.vhdx, a similar issue to CVE-2022-31647.
Docker Desktop
6.3
CVSSv3
CVE-2022-38730
Docker Desktop for Windows prior to 4.6 allows malicious users to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class. This allows exploiting a symlink ...
Docker Desktop
6.7
CVSSv3
CVE-2020-10665
Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. This affects Docker Desktop Enterprise prior to 2...
Docker Desktop
1 Github repository
7.8
CVSSv3
CVE-2021-37841
Docker Desktop prior to 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes. This security issue lead...
Docker Desktop
7.8
CVSSv3
CVE-2022-37326
Docker Desktop for Windows prior to 4.6.0 allows malicious users to delete (or create) any file through the dockerBackendV2 windowscontainers/start API by controlling the pidfile field inside the DaemonJSON field in the WindowsContainerStartRequest class. This can indirectly lead...
Docker Desktop
7.1
CVSSv3
CVE-2022-31647
Docker Desktop prior to 4.6.0 on Windows allows malicious users to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder parameter, a different vulnerability than CVE-2022-26659.
Docker Desktop
7.8
CVSSv3
CVE-2021-3162
Docker Desktop Community prior to 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
Docker Docker
7.8
CVSSv3
CVE-2022-25365
Docker Desktop prior to 4.5.1 on Windows allows malicious users to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774.
Docker Docker
1 Github repository
7.8
CVSSv3
CVE-2019-15752
Docker Desktop Community Edition prior to 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate ...
Docker Docker
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »