Vulnerabilities > Docker > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-09 | CVE-2024-5652 | Unspecified vulnerability in Docker Desktop In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through the exec-path Docker daemon config option in Windows containers mode. | 5.5 |
| 2023-11-07 | CVE-2023-40453 | Unspecified vulnerability in Docker Machine Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action (via escape sequence injection), or might have a data size that causes a denial of service to a bastion node. | 6.5 |
| 2023-09-25 | CVE-2023-5166 | Unspecified vulnerability in Docker Desktop Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: before 4.23.0. | 6.5 |
| 2023-04-27 | CVE-2022-38730 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Docker Desktop Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class. | 6.3 |
| 2022-02-01 | CVE-2022-23774 | Unspecified vulnerability in Docker Desktop Docker Desktop before 4.4.4 on Windows allows attackers to move arbitrary files. | 5.3 |
| 2022-01-12 | CVE-2021-45449 | Information Exposure Through Log Files vulnerability in Docker Desktop 4.3.0/4.3.1 Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user's machine during login. | 5.5 |
| 2021-02-02 | CVE-2021-21285 | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. | 6.5 |
| 2021-02-02 | CVE-2021-21284 | Path Traversal vulnerability in multiple products In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. | 6.8 |
| 2020-12-30 | CVE-2020-27534 | Path Traversal vulnerability in Docker util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call. | 5.3 |
| 2020-06-02 | CVE-2020-13401 | Improper Input Validation vulnerability in multiple products An issue was discovered in Docker Engine before 19.03.11. | 6.0 |