Approved changes feed: RSS · Atom
cpe:2.3:a:docker:desktop:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Docker (fb312c2d-be4d-5919-b619-61409dcafa2c) |
|---|---|
| Product | Desktop (72dc8144-22a5-5cfc-bc17-3f8b14baf8ff) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-9348 |
vulnerable | 2026-06-03 14:58:21.052556 |
Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view
Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view.
Published: 2024-10-16T14:50:06.031Z
Updated: 2024-10-17T13:30:08.548Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-8696 |
vulnerable | 2026-06-03 14:58:19.182399 |
A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2.
A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2.
Published: 2024-09-12T17:54:34.968Z
Updated: 2024-09-12T19:27:18.773Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-8695 |
vulnerable | 2026-06-03 14:58:19.181758 |
A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2.
A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2.
Published: 2024-09-12T17:52:55.491Z
Updated: 2024-09-12T19:14:03.622Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-6222 |
vulnerable | 2026-06-03 14:58:02.272053 |
In Docker Desktop before v4.29.0 an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages
In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages.
Docker Desktop v4.29.0 https://docs.docker.com/desktop/release-notes/#4290 fixes the issue on MacOS, Linux and Windows with Hyper-V backend.
As exploitation requires "Allow only extensions distributed through the Docker Marketplace" to be disabled, Docker Desktop v4.31.0 https://docs.docker.com/desktop/release-notes/#4310 additionally changes the default configuration to enable this setting by default.
Published: 2024-07-09T17:16:05.646Z
Updated: 2024-08-01T21:33:05.292Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.