Oracle Linux 7 : docker-engine / docker-cli (ELSA-2019-4827)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4827 advisory. docker-engine 19.03.1-1.0.0 - update to 19.03.1 19.03-0.0.1 - update to 19.03 Tenable has extracted the preceding description block directly from the...

Docker Desktop Installed (macOS)

Binary data dockerformacinstalled.nbin...

Oracle Linux 7 : runc (ELSA-2019-4540)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2019-4540 advisory. - Apply patch for CVE-2019-5736 Wiekus Beukes - Resolves: 1412238 - CVE-2016-9962 - set init processes as non-dumpable, runc patch from Michael Crosby Tenable h...

Oracle Linux 7 : docker-engine (ELSA-2019-4550)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-4550 advisory. - apply fix for runc CVE-2019-5736 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

Oracle Linux 7 : docker-engine (ELSA-2019-4597)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2019-4597 advisory. 18.03.1.ol-0.0.14 - rebuild 18.03.1.ol-0.0.13 - update for CVE-2018-20699 Tenable has extracted the preceding description block directly from the Oracle Linux...

Oracle Linux 7 : docker-engine (ELSA-2019-4813)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-4813 advisory. 18.09.8-1.0.4 - Modified version to include ol suffix 18.09.8-1.0.3 - ol7 image related changes 18.09.8-1.0.2 - Merge upstream for CVE fixes. Tenable h...

Oracle Linux 7 : docker-cli / docker-engine (ELSA-2020-5823)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5823 advisory. - Address CVE-2020-16845 - update to 19.03.11 for CVE-2020-13401 - apply e4931e664feac6fa8846f3f04268a0cc98822549, fixes CVE-2019-5736 - Address CVE-2020-16845 ...

Oracle Linux 7 : docker-engine / docker-cli (ELSA-2020-5728)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5728 advisory. - update to 19.03.11 for CVE-2020-13401 - apply e4931e664feac6fa8846f3f04268a0cc98822549, fixes CVE-2019-5736 - update to 19.03.11 for CVE-2020-13401 - apply...

Oracle Linux 7 : docker-engine (ELSA-2019-4551)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-4551 advisory. - update runc for CVE-2019-5736 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessu...

Oracle Linux 8 : container-tools:ol8 (ELSA-2020-1650)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1650 advisory. - A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux...

CVE-2023-41327

WireMock is a tool for mocking HTTP services. WireMock can be configured to only permit proxying and therefore recording to certain addresses. This is achieved via a list of allowed address rules and a list of denied address rules, where the allowed list is evaluated first. Until WireMock Webhook...

CVE-2023-41329

WireMock is a tool for mocking HTTP services. The proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in Preventing proxying to and recording from specific target addresses. These restrictions can be configured using the domain names, and in such a ca...

CVE-2023-41327 Controlled SSRF through URL in the WireMock

WireMock is a tool for mocking HTTP services. WireMock can be configured to only permit proxying and therefore recording to certain addresses. This is achieved via a list of allowed address rules and a list of denied address rules, where the allowed list is evaluated first. Until WireMock Webhook...

CVE-2023-41327 Controlled SSRF through URL in the WireMock

WireMock is a tool for mocking HTTP services. WireMock can be configured to only permit proxying and therefore recording to certain addresses. This is achieved via a list of allowed address rules and a list of denied address rules, where the allowed list is evaluated first. Until WireMock Webhook...

Important: amazon-ecr-credential-helper

Issue Overview: http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Affected Packages: amazon-ecr-credential-helper Note: This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the...

SUSE SLES15: docker / docker-bash-completion / docker-fish-completion / etc (SUSE-SU-2023:3536-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3536-1 advisory. - Update to Docker 24.0.5-ce. See upstream changelong online at bsc1213229 - Update to Docker 24.0.4-ce. See upstream...

SUSE: Security Advisory (SUSE-SU-2023:3536-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2023:3536-1 Security update for docker

This update for docker fixes the following issues: - Update to Docker 24.0.5-ce. See upstream changelong online at bsc1213229 - Update to Docker 24.0.4-ce. See upstream changelog online at . bsc1213500 - Update to Docker 24.0.3-ce. See upstream changelog online at . bsc1213120 - Recommend...

USN-6336-1 docker-registry vulnerabilities

It was discovered that Docker Registry incorrectly handled certain crafted input, A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. CVE-2017-11468 It was discovered that Docker Registry incorrectly handled certain crafted inpu...

[SECURITY] Fedora 37 Update: moby-engine-24.0.5-1.fc37

Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between - and they don'...