VYPR

Desktop

by Docker

Source repositories

CVEs (33)

  • CVE-2023-0629HigMar 13, 2023
    risk 0.46cvss 7.1epss 0.00

    Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/docker_engine_linux on Windows, via the -H (--host) CLI flag or the DOCKER_HOST environment…

  • CVE-2022-26659HigMar 25, 2022
    risk 0.46cvss 7.1epss 0.00

    Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run elevated,…

  • CVE-2025-14740MedFeb 4, 2026
    risk 0.44cvss 6.7epss 0.00

    Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. The installer creates this directory without proper ownership verification, creating two exploitation…

  • CVE-2023-0627MedSep 25, 2023
    risk 0.44cvss 6.7epss 0.00

    Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X.

  • CVE-2022-38730MedApr 27, 2023
    risk 0.41cvss 6.3epss 0.00

    Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class. This allows exploiting a symlink…

  • CVE-2024-5652MedJul 9, 2024
    risk 0.40cvss 6.1epss 0.00

    In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through the exec-path Docker daemon config option in Windows containers mode.

  • CVE-2023-0628MedMar 13, 2023
    risk 0.40cvss 6.1epss 0.00

    Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL.

  • CVE-2023-1802MedApr 6, 2023
    risk 0.38cvss 5.9epss 0.01

    In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental…

  • CVE-2022-23774MedFeb 1, 2022
    risk 0.35cvss 5.3epss 0.01

    Docker Desktop before 4.4.4 on Windows allows attackers to move arbitrary files.

  • CVE-2025-1696MedMar 6, 2025
    risk 0.34cvss epss 0.00

    A vulnerability exists in Docker Desktop prior to version 4.39.0 that could lead to the unintentional disclosure of sensitive information via application logs. In affected versions, proxy configuration data—potentially including sensitive details—was written to log files in…

  • CVE-2025-4095MedApr 29, 2025
    risk 0.28cvss epss 0.00

    Registry Access Management (RAM) is a security feature allowing administrators to restrict access for their developers to only allowed registries. When a MacOS configuration profile is used to enforce organization sign-in, the RAM policies are not being applied, which would…

  • CVE-2026-2664Feb 24, 2026
    risk 0.00cvss epss 0.00

    An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 could allow a local attacker to cause an unspecified impact by writing to /proc/docker entries. The issue has been fixed…

  • CVE-2025-13743Dec 9, 2025
    risk 0.00cvss epss 0.00

    Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred.

Page 2 of 2