Lucene search
+L
DockerDocker Desktop

6 matches found

CVE
CVE
•added 2026/05/22 7:28 p.m.•167 views

CVE-2026-5843

The CVE describes a vulnerability in Docker Model Runner (macOS) where the MLX-LM backend unconditionally imports and executes arbitrary Python files specified by model_file in a model's config.json via importlib, without a trust_remote_code gate or sandboxing. This enables container-to-host arbi...

8.8CVSS6.4AI score0.00224EPSS
CVE
CVE
•added 2022/05/25 3:31 p.m.•87 views

CVE-2021-44719

Summary: CVE-2021-44719 affects Docker Desktop 4.3.0 with an Incorrect Access Control issue. The vulnerability is described as a local-privilege/host-access problem where a container could access restricted host files, bypassing the allowed sharing rules (per Nessus NASL description for Mac, and ...

8.4CVSS8.3AI score0.00262EPSS
CVE
CVE
•added 2023/09/25 3:29 p.m.•79 views

CVE-2023-5165

CVE-2023-5165 affects Docker Desktop: versions 4.13.0 through 4.22.x are vulnerable to bypassing Enhanced Container Isolation (ECI) via the debug shell, allowing an unprivileged user to access restricted functionality. The root cause is exposure of the debug shell after startup, with access windo...

8.8CVSS7.4AI score0.00225EPSS
CVE
CVE
•added 2026/05/22 6:32 p.m.•74 views

CVE-2026-6406

CVE-2026-6406 describes a local privilege-escalation in Docker Desktop via Enhanced Container Isolation (ECI). When ECI is enabled, container-originated Docker socket mounts are denied unless explicitly allowed; however, the Docker CLI flag --use-api-socket mounts the Docker socket using HostConf...

8.8CVSS7.3AI score0.00211EPSS
CVE
CVE
•added 2023/09/25 3:30 p.m.•65 views

CVE-2023-5166

Docker Desktop before 4.23.0 is affected by CVE-2023-5166, enabling access token theft via a crafted extension icon URL. The issue affects Docker Desktop components related to extension icon handling and is described across multiple sources (NVD/NVD-like entries, PRION, PT-/security advisories). ...

8CVSS6.8AI score0.00683EPSS
CVE
CVE
•added 2026/05/22 7:24 p.m.•38 views

CVE-2026-5817

CVE-2026-5817 affects the vllm-metal backend used by Docker Model Runner on macOS. The backend loads model tokenizers with trust_remote_code=True, causing transformers.AutoTokenizer.from_pretrained() to import and execute arbitrary Python files from models pulled from an OCI registry. This can en...

8.8CVSS6.5AI score0.00224EPSS
Web