Vulnerabilities in Docker Inc.
11 resultsCVE-2023-0626HIGHDocker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route EPSS 0.7%CVE-2023-0625HIGHDocker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelogEPSS 0.7%CVE-2023-5166HIGHDocker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URLEPSS 0.7%CVE-2024-6222HIGHIn Docker Desktop before v4.29.0 an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messagesEPSS 0.6%CVE-2024-5652MEDIUMIn Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through the exec-path Docker daemon config option in Windows containers modeEPSS 0.4%CVE-2023-0633HIGHIn Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in LPEEPSS 0.3%CVE-2023-0628MEDIUMDocker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URLEPSS 0.3%CVE-2023-0627MEDIUMDocker Desktop 4.11.x allows --no-windows-containers flag bypassEPSS 0.2%CVE-2023-5165HIGHDocker Desktop before 4.23.0 allows Enhanced Container Isolation bypass via debug shellEPSS 0.2%CVE-2023-0629HIGHDocker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation restrictions via the raw Docker socket and launch privileged containersEPSS 0.2%CVE-2025-14740MEDIUMDocker Desktop for Windows Incorrect Permission Assignment Privilege Escalation VulnerabilitiesEPSS 0.2%