Page 2 of 19 results (0.005 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE).This issue affects Docker Desktop: before 4.12.0. En Docker Desktop en Windows anterior a 4.12.0, una inyección de argumento en el instalador puede provocar una escalada de privilegios local (LPE). Este problema afecta a Docker Desktop: anterior a 4.12.0. • https://docs.docker.com/desktop/release-notes/#4120 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X. Docker Desktop 4.11.x permite omitir el indicador --no-windows-containers a través de la suplantación de respuesta de IPC, lo que puede provocar una escalada de privilegios locales (LPE). Este problema afecta a Docker Desktop: 4.11.X. • https://docs.docker.com/desktop/release-notes/#4120 • CWE-501: Trust Boundary Violation •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route. This issue affects Docker Desktop: before 4.12.0. Docker Desktop anterior a 4.12.0 es vulnerable a RCE a través de parámetros de consulta en la ruta del cuadro de mensajes. Este problema afecta a Docker Desktop: versiones anteriores a 4.12.0. • https://docs.docker.com/desktop/release-notes/#4120 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: before 4.12.0. Docker Desktop anterior a 4.12.0 es vulnerable a RCE a través de una descripción de extensión manipulada o un registro de cambios. Este problema afecta a Docker Desktop: versiones anteriores a 4.12.0. • https://docs.docker.com/desktop/release-notes/#4120 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-829: Inclusion of Functionality from Untrusted Control Sphere •

CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0

Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: before 4.23.0. Docker Desktop anterior a 4.23.0 permite el robo de tokens de acceso a través de una URL de icono de extensión manipulada. Este problema afecta a Docker Desktop: versiones anteriores a 4.23.0. • https://docs.docker.com/desktop/release-notes/#4230 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •