Docker Desktop < 4.41.0 Information Disclosure Vulnerability

The version of Docker Desktop for Linux is prior to 4.41.0. It is therefore affected by an information disclosure vulnerability. The Recording of environment variables, configured for running containers, in Docker Desktop application logs could lead to unintentional disclosure of sensitive...

Docker Desktop < 4.41.0 Privilege Escalation

The version of Docker Desktop for Windows is prior to 4.41.0. It is therefore affected by a privilege escalation vulnerability. A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTE...

Docker Desktop < 4.41.0 Access Control

The version of Docker Desktop for Mac is prior to 4.41.0. It is therefore affected by an access control vulnerability. Registry Access Management RAM is a security feature allowing administrators to restrict access for their developers to only allowed registries. When a MacOS configuration profil...

Exploit for Deserialization of Untrusted Data in Apache Activemq

CVE-2023-46604 !imagehttps://github.com/user-attachments/ass...

Security Bulletin: Additional security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for April 2025.

Summary In addition to vulnerabilities announced in Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.0-IF005 and 24.0.1-IF002, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation...

OPENSUSE-SU-2025:15046-1 docker-28.1.1_ce-16.1 on GA media

These are all security issues fixed in the docker-28.1.1ce-16.1 package on the GA media of openSUSE Tumbleweed...

CVE-2025-3911

Recording of environment variables, configured for running containers, in Docker Desktop application logs could lead to unintentional disclosure of sensitive information such as api keys, passwords, etc. A malicious actor with read access to these logs could obtain sensitive credentials informati...

CVE-2025-4095

Registry Access Management RAM is a security feature allowing administrators to restrict access for their developers to only allowed registries. When a MacOS configuration profile is used to enforce organization sign-in, the RAM policies are not being applied, which would allow Docker Desktop use...

USN-7474-1: Docker vulnerabilities

Cory Snider discovered that Docker incorrectly handled networking packet encapsulation. An attacker could use this issue to inject internet packets in established connection, possibly causing a denial of service or bypassing firewall protections. This issue only affected Ubuntu 22.04 LTS, Ubuntu...

Incorrect Default Permissions

Overview docksible is a Deploy and set up Docker Compose based web apps with Ansible Affected versions of this package are vulnerable to Incorrect Default Permissions via the file permissions of docker-compose files. An attacker could gain unauthorized access to sensitive configuration data or...

Exploit for CVE-2025-20029

🔐 Replayable Attack Simulation – CVE-2025-20029 !Dockerhtt...

Amazon Linux 2 : docker (ALASECS-2025-054)

The version of docker installed on the remote host is prior to 25.0.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2025-054 advisory. An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing...

Ubuntu 18.04 LTS : Docker vulnerabilities (USN-7474-1)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7474-1 advisory. Cory Snider discovered that Docker incorrectly handled networking packet encapsulation. An attacker could use this issue to inject internet packets in...

CVE-2025-3224

A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subdirectories under the path C:\ProgramData\Docker\config with...

Exploit for CVE-2024-40635

CVE-2024-40635POC Proof of Concept code for proving CVE-2024-...

CVE-2025-4095

Registry Access Management RAM is a security feature allowing administrators to restrict access for their developers to only allowed registries. When a MacOS configuration profile is used to enforce organization sign-in, the RAM policies are not being applied, which would allow Docker Desktop use...

CVE-2025-3911

Recording of environment variables, configured for running containers, in Docker Desktop application logs could lead to unintentional disclosure of sensitive information such as api keys, passwords, etc. A malicious actor with read access to these logs could obtain sensitive credentials informati...

CVE-2025-3911 Exposure in Docker Desktop logs of environment variables configured for running containers

Recording of environment variables, configured for running containers, in Docker Desktop application logs could lead to unintentional disclosure of sensitive information such as api keys, passwords, etc. A malicious actor with read access to these logs could obtain sensitive credentials informati...

CVE-2025-3911 Exposure in Docker Desktop logs of environment variables configured for running containers

Recording of environment variables, configured for running containers, in Docker Desktop application logs could lead to unintentional disclosure of sensitive information such as api keys, passwords, etc. A malicious actor with read access to these logs could obtain sensitive credentials informati...

CVE-2025-3911

Docker Desktop before 4.41.0 logs environment variables configured for running containers in application logs, risking disclosure of sensitive credentials to anyone with log access. Affected product: Docker Desktop (Linux reportedly impacted in Nessus). Root cause: environment variables are recor...