9275 matches found
CVE-2023-0625
Docker Desktop before 4.12.0 is vulnerable to remote code execution via a crafted extension description or changelog. Affected software is Docker Desktop (pre-4.12.0); impact is high/critical per CVSS. The issue arises from how extensions describe themselves or their changelogs, enabling RCE. Rem...
CVE-2023-5166 Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL
Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: before 4.23.0...
CVE-2023-5166
Docker Desktop before 4.23.0 is affected by CVE-2023-5166, enabling access token theft via a crafted extension icon URL. The issue affects Docker Desktop components related to extension icon handling and is described across multiple sources (NVD/NVD-like entries, PRION, PT-/security advisories). ...
CVE-2023-5166 Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL
Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: before 4.23.0...
CVE-2023-5165 Docker Desktop before 4.23.0 allows Enhanced Container Isolation bypass via debug shell
Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation ECI restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and...
CVE-2023-5165 Docker Desktop before 4.23.0 allows Enhanced Container Isolation bypass via debug shell
Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation ECI restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and...
CVE-2023-5165
CVE-2023-5165 affects Docker Desktop: versions 4.13.0 through 4.22.x are vulnerable to bypassing Enhanced Container Isolation (ECI) via the debug shell, allowing an unprivileged user to access restricted functionality. The root cause is exposure of the debug shell after startup, with access windo...
PT-2023-5443 · Docker · Docker Desktop
Name of the Vulnerable Software and Affected Versions: Docker Desktop versions 4.11.x Description: The issue is related to a violation of trust boundaries in Docker Desktop, which can be exploited to potentially allow an attacker to elevate their privileges. This is achieved through IPC response...
PT-2023-5446 · Docker · Docker Desktop
Name of the Vulnerable Software and Affected Versions: Docker Desktop versions 4.13.0 through 4.22.x Description: The issue is related to insufficient authorization procedures in Docker Desktop, allowing an unprivileged user to bypass Enhanced Container Isolation ECI restrictions. This can be...
PT-2023-5441 · Docker · Docker Desktop
Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.12.0 Description: The issue is related to incorrect code generation management in Docker Desktop, allowing a remote attacker to execute arbitrary code via query parameters in the message-box route. This can...
Docker Desktop Security Vulnerabilities
Docker Desktop is a container technology-based desktop software for lightweight deployment of applications from the U.S. company Docker. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...
PT-2023-5445 · Docker · Docker Desktop
Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.12.0 Description: The issue is related to an argument injection to the installer in Docker Desktop on Windows, which may result in local privilege escalation. This allows an attacker to potentially elevate...
PT-2023-5447 · Docker · Docker Desktop
Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.23.0 Description: The issue affects Docker Desktop and is related to the disclosure of protected information. It allows a remote attacker to obtain an access token using a specially crafted extension icon UR...
Docker Desktop Security Vulnerabilities
Docker Desktop is a container technology-based desktop software for lightweight deployment of applications from the U.S. company Docker. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...
Important: docker
Issue Overview: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...
Amazon Linux 2023 : docker (ALAS2023-2023-345)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-345 advisory. The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now...
New AMBERSQUID Cryptojacking Operation Targets Uncommon AWS Services
A novel cloud-native cryptojacking operation has set its eyes on uncommon Amazon Web Services AWS offerings such as AWS Amplify, AWS Fargate, and Amazon SageMaker to illicitly mine cryptocurrency. The malicious cyber activity has been codenamed AMBERSQUID by cloud and container security firm...
Fedora: Security Advisory (FEDORA-2023-b9c1d0e4c5)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 39 Update: moby-engine-24.0.5-1.fc39
Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between - and they don'...
Docker Desktop < 4.5.0 Incorrect Access Control
The version of Docker Desktop for Mac is prior to 4.5.0. Docker Desktop could be used to access any user file on the host from a container, bypassing the allowed list of shared folders. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported...