VYPR

Docker Desktop installer

by Docker

CVEs (17)

  • CVE-2024-8696CriSep 12, 2024
    risk 0.64cvss 9.8epss 0.01

    A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2.

  • CVE-2024-8695CriSep 12, 2024
    risk 0.64cvss 9.8epss 0.01

    A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2.

  • CVE-2024-9348HigOct 16, 2024
    risk 0.58cvss epss 0.00

    Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view.

  • CVE-2021-44719HigMay 25, 2022
    risk 0.55cvss 8.4epss 0.00

    Docker Desktop 4.3.0 has Incorrect Access Control.

  • CVE-2022-25365HigFeb 19, 2022
    risk 0.51cvss 7.8epss 0.01

    Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774.

  • CVE-2021-37841HigAug 12, 2021
    risk 0.51cvss 7.8epss 0.01

    Docker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes. This security issue leads…

  • CVE-2020-15360HigJun 27, 2020
    risk 0.51cvss 7.8epss 0.01

    com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalation because of a lack of client verification.

  • CVE-2020-11492HigJun 5, 2020
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. If a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a connection attempt from Docker Service (which runs as SYSTEM), and then impersonate…

  • CVE-2024-6222HigJul 9, 2024
    risk 0.46cvss 7.0epss 0.01

    In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages. Docker Desktop v4.29.0 https://docs.docker.com/desktop/release-note…

  • CVE-2022-26659HigMar 25, 2022
    risk 0.46cvss 7.1epss 0.00

    Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run elevated,…

  • CVE-2020-10665MedMar 18, 2020
    risk 0.44cvss 6.7epss 0.01

    Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. This affects Docker Desktop Enterprise before…

  • CVE-2024-5652MedJul 9, 2024
    risk 0.40cvss 6.1epss 0.00

    In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through the exec-path Docker daemon config option in Windows containers mode.

  • CVE-2021-45449MedJan 12, 2022
    risk 0.36cvss 5.5epss 0.00

    Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user's machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0, 4.3.1. Gaining access…

  • CVE-2022-23774MedFeb 1, 2022
    risk 0.35cvss 5.3epss 0.01

    Docker Desktop before 4.4.4 on Windows allows attackers to move arbitrary files.

  • CVE-2025-6587MedJul 3, 2025
    risk 0.34cvss epss 0.00

    System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc.  A malicious actor with read access to these logs could obtain…

  • CVE-2025-3911MedApr 29, 2025
    risk 0.34cvss epss 0.00

    Recording of environment variables, configured for running containers, in Docker Desktop application logs could lead to unintentional disclosure of sensitive information such as api keys, passwords, etc. A malicious actor with read access to these logs could obtain sensitive…

  • CVE-2025-1696MedMar 6, 2025
    risk 0.34cvss epss 0.00

    A vulnerability exists in Docker Desktop prior to version 4.39.0 that could lead to the unintentional disclosure of sensitive information via application logs. In affected versions, proxy configuration data—potentially including sensitive details—was written to log files in…