CVE-2025-3911
- EPSS 0.14%
- Veröffentlicht 29.04.2025 17:20:34
- Zuletzt bearbeitet 15.04.2026 00:35:42
Recording of environment variables, configured for running containers, in Docker Desktop application logs could lead to unintentional disclosure of sensitive information such as api keys, passwords, etc. A malicious actor with read access to these l...
CVE-2025-4095
- EPSS 0.13%
- Veröffentlicht 29.04.2025 17:16:16
- Zuletzt bearbeitet 15.04.2026 00:35:42
Registry Access Management (RAM) is a security feature allowing administrators to restrict access for their developers to only allowed registries. When a MacOS configuration profile is used to enforce organization sign-in, the RAM policies are not be...
CVE-2025-3224
- EPSS 0.21%
- Veröffentlicht 28.04.2025 19:21:15
- Zuletzt bearbeitet 10.05.2025 00:57:52
A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subdirectories u...
CVE-2025-1696
- EPSS 0.16%
- Veröffentlicht 06.03.2025 12:15:36
- Zuletzt bearbeitet 15.04.2026 00:35:42
A vulnerability exists in Docker Desktop prior to version 4.39.0 that could lead to the unintentional disclosure of sensitive information via application logs. In affected versions, proxy configuration data—potentially including sensitive details—was...
CVE-2024-9348
- EPSS 0.48%
- Veröffentlicht 16.10.2024 15:15:18
- Zuletzt bearbeitet 15.04.2026 00:35:42
Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view.
CVE-2024-8696
- EPSS 1.23%
- Veröffentlicht 12.09.2024 18:15:11
- Zuletzt bearbeitet 13.09.2024 16:01:22
A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2.
CVE-2024-8695
- EPSS 1.25%
- Veröffentlicht 12.09.2024 18:15:11
- Zuletzt bearbeitet 13.09.2024 16:01:31
A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2.
- EPSS 0.56%
- Veröffentlicht 09.07.2024 18:15:12
- Zuletzt bearbeitet 21.11.2024 09:49:13
In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages. Docker Desktop v4.29.0 https://docs.d...
CVE-2024-5652
- EPSS 0.37%
- Veröffentlicht 09.07.2024 17:15:48
- Zuletzt bearbeitet 19.03.2025 16:15:28
In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through the exec-path Docker daemon config option in Windows containers mode.
CVE-2022-38730
- EPSS 0.29%
- Veröffentlicht 27.04.2023 20:15:40
- Zuletzt bearbeitet 31.01.2025 20:15:29
Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class. This allows...