Lucene search
K

9275 matches found

CVE
CVE
added 2023/09/25 3:31 p.m.50 views

CVE-2023-0625

Docker Desktop before 4.12.0 is vulnerable to remote code execution via a crafted extension description or changelog. Affected software is Docker Desktop (pre-4.12.0); impact is high/critical per CVSS. The issue arises from how extensions describe themselves or their changelogs, enabling RCE. Rem...

9.8CVSS8.2AI score0.00739EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/25 3:30 p.m.17 views

CVE-2023-5166 Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL

Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: before 4.23.0...

8CVSS6.9AI score0.00683EPSS
Exploits0References1
CVE
CVE
added 2023/09/25 3:30 p.m.63 views

CVE-2023-5166

Docker Desktop before 4.23.0 is affected by CVE-2023-5166, enabling access token theft via a crafted extension icon URL. The issue affects Docker Desktop components related to extension icon handling and is described across multiple sources (NVD/NVD-like entries, PRION, PT-/security advisories). ...

8CVSS6.8AI score0.00683EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/09/25 3:30 p.m.25 views

CVE-2023-5166 Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL

Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: before 4.23.0...

8CVSS7.9AI score0.00683EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/09/25 3:29 p.m.35 views

CVE-2023-5165 Docker Desktop before 4.23.0 allows Enhanced Container Isolation bypass via debug shell

Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation ECI restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and...

7.1CVSS8.8AI score0.00225EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/09/25 3:29 p.m.26 views

CVE-2023-5165 Docker Desktop before 4.23.0 allows Enhanced Container Isolation bypass via debug shell

Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation ECI restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and...

7.1CVSS6.8AI score0.00225EPSS
Exploits0References1
CVE
CVE
added 2023/09/25 3:29 p.m.75 views

CVE-2023-5165

CVE-2023-5165 affects Docker Desktop: versions 4.13.0 through 4.22.x are vulnerable to bypassing Enhanced Container Isolation (ECI) via the debug shell, allowing an unprivileged user to access restricted functionality. The root cause is exposure of the debug shell after startup, with access windo...

8.8CVSS7.4AI score0.00225EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/25 12:0 a.m.5 views

PT-2023-5443 · Docker · Docker Desktop

Name of the Vulnerable Software and Affected Versions: Docker Desktop versions 4.11.x Description: The issue is related to a violation of trust boundaries in Docker Desktop, which can be exploited to potentially allow an attacker to elevate their privileges. This is achieved through IPC response...

7.8CVSS7.5AI score0.00242EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/09/25 12:0 a.m.9 views

PT-2023-5446 · Docker · Docker Desktop

Name of the Vulnerable Software and Affected Versions: Docker Desktop versions 4.13.0 through 4.22.x Description: The issue is related to insufficient authorization procedures in Docker Desktop, allowing an unprivileged user to bypass Enhanced Container Isolation ECI restrictions. This can be...

8.8CVSS8.4AI score0.00225EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/09/25 12:0 a.m.5 views

PT-2023-5441 · Docker · Docker Desktop

Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.12.0 Description: The issue is related to incorrect code generation management in Docker Desktop, allowing a remote attacker to execute arbitrary code via query parameters in the message-box route. This can...

10CVSS9.7AI score0.00739EPSS
Exploits0References11
CNNVD
CNNVD
added 2023/09/25 12:0 a.m.6 views

Docker Desktop Security Vulnerabilities

Docker Desktop is a container technology-based desktop software for lightweight deployment of applications from the U.S. company Docker. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...

8.8CVSS6.7AI score0.00225EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/09/25 12:0 a.m.6 views

PT-2023-5445 · Docker · Docker Desktop

Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.12.0 Description: The issue is related to an argument injection to the installer in Docker Desktop on Windows, which may result in local privilege escalation. This allows an attacker to potentially elevate...

7.8CVSS7.5AI score0.00269EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/09/25 12:0 a.m.6 views

PT-2023-5447 · Docker · Docker Desktop

Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.23.0 Description: The issue affects Docker Desktop and is related to the disclosure of protected information. It allows a remote attacker to obtain an access token using a specially crafted extension icon UR...

10CVSS6.4AI score0.00683EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/09/25 12:0 a.m.3 views

Docker Desktop Security Vulnerabilities

Docker Desktop is a container technology-based desktop software for lightweight deployment of applications from the U.S. company Docker. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...

8CVSS6.7AI score0.00683EPSS
Exploits0References2
Amazon
Amazon
added 2023/09/20 12:0 a.m.7 views

Important: docker

Issue Overview: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...

6.5CVSS7.1AI score0.01328EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/09/20 12:0 a.m.49 views

Amazon Linux 2023 : docker (ALAS2023-2023-345)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-345 advisory. The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now...

6.5CVSS7AI score0.01328EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2023/09/18 12:30 p.m.30 views

New AMBERSQUID Cryptojacking Operation Targets Uncommon AWS Services

A novel cloud-native cryptojacking operation has set its eyes on uncommon Amazon Web Services AWS offerings such as AWS Amplify, AWS Fargate, and Amazon SageMaker to illicitly mine cryptocurrency. The malicious cyber activity has been codenamed AMBERSQUID by cloud and container security firm...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2023/09/16 12:0 a.m.31 views

Fedora: Security Advisory (FEDORA-2023-b9c1d0e4c5)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.7CVSS7.3AI score0.02733EPSS
Exploits4References21
Fedora
Fedora
added 2023/09/15 7:3 p.m.41 views

[SECURITY] Fedora 39 Update: moby-engine-24.0.5-1.fc39

Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between - and they don'...

8.7CVSS7.3AI score0.02733EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2023/09/15 12:0 a.m.29 views

Docker Desktop < 4.5.0 Incorrect Access Control

The version of Docker Desktop for Mac is prior to 4.5.0. Docker Desktop could be used to access any user file on the host from a container, bypassing the allowed list of shared folders. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported...

8.4CVSS7.7AI score0.00262EPSS
Exploits0References2
Rows per page
Query Builder