NVD - Results

Sort results by:

Search Results (Refine Search)

Search Parameters:

Results Type: Overview
Keyword (text search): cpe:2.3:a:docker:docker_desktop:4.11.1:*:*:*:*:*:*:*
CPE Name Search: true

There are 6 matching records.

Displaying matches 1 through 6.

Vuln ID	Summary	CVSS Severity
CVE-2023-5166	Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: before 4.23.0. Published: September 25, 2023; 12:15:15 PM -0400	V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available)
CVE-2023-0633	In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE).This issue affects Docker Desktop: before 4.12.0. Published: September 25, 2023; 12:15:13 PM -0400	V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available)
CVE-2023-0627	Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X. Published: September 25, 2023; 12:15:13 PM -0400	V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available)
CVE-2023-0626	Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route. This issue affects Docker Desktop: before 4.12.0. Published: September 25, 2023; 12:15:13 PM -0400	V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available)
CVE-2023-0625	Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: before 4.12.0. Published: September 25, 2023; 12:15:13 PM -0400	V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available)
CVE-2023-0628	Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL. Published: March 13, 2023; 8:15:10 AM -0400	V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available)