NotCVE - vendor:"Docker" product:"Docker Desktop" version:"

Page 2 of 15 results (0.005 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-0626 – Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route

https://notcve.org/view.php?id=CVE-2023-0626

Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route. This issue affects Docker Desktop: before 4.12.0. Docker Desktop anterior a 4.12.0 es vulnerable a RCE a través de parámetros de consulta en la ruta del cuadro de mensajes. Este problema afecta a Docker Desktop: versiones anteriores a 4.12.0. • https://docs.docker.com/desktop/release-notes/#4120 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-0625 – Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog

https://notcve.org/view.php?id=CVE-2023-0625

Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: before 4.12.0. Docker Desktop anterior a 4.12.0 es vulnerable a RCE a través de una descripción de extensión manipulada o un registro de cambios. Este problema afecta a Docker Desktop: versiones anteriores a 4.12.0. • https://docs.docker.com/desktop/release-notes/#4120 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-829: Inclusion of Functionality from Untrusted Control Sphere •

CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-5166 – Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL

https://notcve.org/view.php?id=CVE-2023-5166

Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: before 4.23.0. Docker Desktop anterior a 4.23.0 permite el robo de tokens de acceso a través de una URL de icono de extensión manipulada. Este problema afecta a Docker Desktop: versiones anteriores a 4.23.0. • https://docs.docker.com/desktop/release-notes/#4230 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-0628 – Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL

https://notcve.org/view.php?id=CVE-2023-0628

Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL. • https://docs.docker.com/desktop/release-notes/#4170 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0

CVE-2021-44719

https://notcve.org/view.php?id=CVE-2021-44719

Docker Desktop 4.3.0 has Incorrect Access Control. Docker Desktop versión 4.3.0, presenta un Control de Acceso Incorrecto • https://docs.docker.com/desktop/mac/release-notes https://docs.docker.com/desktop/release-notes/#security-2 https://docs.docker.com/desktop/windows/release-notes •

1 2 3