CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0628 – Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL
https://notcve.org/view.php?id=CVE-2023-0628
13 Mar 2023 — Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL. • https://docs.docker.com/desktop/release-notes/#4170 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2021-44719
https://notcve.org/view.php?id=CVE-2021-44719
25 May 2022 — Docker Desktop 4.3.0 has Incorrect Access Control. Docker Desktop versión 4.3.0, presenta un Control de Acceso Incorrecto • https://docs.docker.com/desktop/mac/release-notes •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-26659
https://notcve.org/view.php?id=CVE-2022-26659
25 Mar 2022 — Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run elevated, will write its log files to a location not writable by non-administrator users. El instalador de Docker Desktop en Windows en versiones anteriores a 4.6.0, permite a un atacante sobrescribir cualquier archivo escribible por el admini... • https://docs.docker.com/desktop/windows/release-notes • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23774 – Docker Desktop Link Following Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-23774
01 Feb 2022 — Docker Desktop before 4.4.4 on Windows allows attackers to move arbitrary files. Docker Desktop versiones anteriores a 4.4.4 en Windows, permite a atacantes mover archivos arbitrarios This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Docker Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Docker Desktop Service. By crea... • https://docs.docker.com/docker-for-windows/release-notes •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-15360
https://notcve.org/view.php?id=CVE-2020-15360
27 Jun 2020 — com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalation because of a lack of client verification. com.docker.vmnetd en Docker Desktop versión 2.3.0.3, permite una escalada de privilegios debido a una falta de verificación del cliente • https://docs.docker.com/docker-for-windows/release-notes • CWE-862: Missing Authorization •