11 matches found
EUVD-2022-37252
Malicious code in bioql PyPI...
The vulnerability of the CreateOrConfigureAsync function on the Docker Desktop for Windows development and delivery platform allows a malicious actor to gain read, modify, or delete access to data.
The vulnerability of the CreateOrConfigureAsync function on the Docker Desktop for Windows development and delivery platform is related to errors in handling symbolic links with the DataFolder parameter. Exploiting this vulnerability may allow an attacker to gain read, modify, or delete access to...
The vulnerability of the GetDiskPath function in the Docker Desktop for Windows development and delivery platform allows a malicious actor to gain access to read, modify, or delete data.
The vulnerability of the GetDiskPath function on the Docker Desktop for Windows development and delivery platform is related to errors in processing symbolic links within the settings.DataFolder variable. Exploiting this vulnerability could allow an attacker to gain access to, read, modify, or...
CVE-2022-34292
Docker Desktop for Windows before 4.6.0 allows attackers to overwrite any file through a symlink attack on the hyperv/create dockerBackendV2 API by controlling the DataFolder parameter for DockerDesktop.vhdx, a similar issue to CVE-2022-31647...
CVE-2022-34292
Docker Desktop for Windows before 4.6.0 allows attackers to overwrite any file through a symlink attack on the hyperv/create dockerBackendV2 API by controlling the DataFolder parameter for DockerDesktop.vhdx, a similar issue to CVE-2022-31647...
CVE-2022-31647
Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder parameter, a different vulnerability than CVE-2022-26659...
CVE-2022-31647
Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder parameter, a different vulnerability than CVE-2022-26659...
Design/Logic Flaw
Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder parameter, a different vulnerability than CVE-2022-26659...
PT-2023-2594 · Docker · Docker Desktop For Windows
Name of the Vulnerable Software and Affected Versions: Docker Desktop for Windows versions prior to 4.6.0 Description: The issue is related to a symlink attack on the hyperv/create dockerBackendV2 API, allowing attackers to overwrite any file by controlling the DataFolder parameter for...
Docker Desktop 后置链接漏洞
Docker Desktop is a container technology-based desktop software for lightweight deployment of applications from the U.S. company Docker. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...
Docker Desktop 后置链接漏洞
Docker Desktop is a container technology-based desktop software for lightweight deployment of applications from the U.S. company Docker. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...