Vulnerabilities > Docker

DATE CVE VULNERABILITY TITLE RISK
2023-03-13 CVE-2023-0628 Command Injection vulnerability in Docker Desktop
Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL.
local
low complexity
docker CWE-77
7.8
2023-03-13 CVE-2023-0629 Unspecified vulnerability in Docker Desktop
Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/docker_engine_linux on Windows, via the -H (--host) CLI flag or the DOCKER_HOST environment variable and launch containers without the additional hardening features provided by ECI.
local
low complexity
docker
7.1
2023-01-31 CVE-2022-37708 Incorrect Permission Assignment for Critical Resource vulnerability in Docker 20.10.15
Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permissions.
network
high complexity
docker CWE-732
6.8
2022-05-25 CVE-2021-44719 Files or Directories Accessible to External Parties vulnerability in Docker Desktop
Docker Desktop 4.3.0 has Incorrect Access Control.
local
low complexity
docker CWE-552
6.6
2022-03-25 CVE-2022-26659 Link Following vulnerability in Docker Desktop
Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file.
local
low complexity
docker CWE-59
7.1
2022-02-19 CVE-2022-25365 Unspecified vulnerability in Docker
Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files.
local
low complexity
docker
4.6
2022-02-01 CVE-2022-23774 Unspecified vulnerability in Docker Desktop
Docker Desktop before 4.4.4 on Windows allows attackers to move arbitrary files.
network
low complexity
docker
5.0
2022-01-12 CVE-2021-45449 Information Exposure Through Log Files vulnerability in Docker Desktop 4.3.0/4.3.1
Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user's machine during login.
local
low complexity
docker CWE-532
2.1
2021-10-04 CVE-2021-41092 Information Exposure vulnerability in multiple products
Docker CLI is the command line interface for the docker container runtime.
network
low complexity
docker fedoraproject CWE-200
5.0
2021-08-12 CVE-2021-37841 Incorrect Permission Assignment for Critical Resource vulnerability in Docker Desktop
Docker Desktop before 3.6.0 suffers from incorrect access control.
local
low complexity
docker CWE-732
4.6