32 matches found
Security Bulletin: IBM Storage Ceph is vulnerable to assorted vulnerabilities in Grafana
Summary Moby is used by IBM Storage Ceph in Grafana as part of Metrics. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2021-21285, CVE-2021-31525, CVE-2021-3121, CVE-2022-34038, CVE-2021-41103, CVE-2021-41089, CVE-2020-29652, CVE-2022-27536, CVE-2021-44716...
Amazon Linux 2 : docker (ALASECS-2023-015)
The version of docker installed on the remote host is prior to 20.10.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2023-015 advisory. A flaw was found in the userns-remap feature of Docker. The root user in the remapped namespace can modify files under...
Medium: docker
Issue Overview: A flaw was found in the userns-remap feature of Docker. The root user in the remapped namespace can modify files under /var/lib/docker/, leading to possible privilege escalation to the root user in the host. The highest threat from this vulnerability is to data integrity...
Amazon Linux AMI : docker (ALAS-2021-1550)
The version of docker installed on the remote host is prior to 20.10.7-2.69. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1550 advisory. A flaw was found in the userns-remap feature of Docker. The root user in the remapped namespace can modify files under...
NewStart CGSL CORE 5.04 / MAIN 5.04 : docker-ce Vulnerability (NS-SA-2021-0097)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has docker-ce packages installed that are affected by a vulnerability: - In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd...
NewStart CGSL MAIN 6.02 : docker-ce Multiple Vulnerabilities (NS-SA-2021-0124)
The remote NewStart CGSL host, running version MAIN 6.02, has docker-ce packages installed that are affected by multiple vulnerabilities: - In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege...
NewStart CGSL CORE 5.05 / MAIN 5.05 : docker-ce Vulnerability (NS-SA-2021-0181)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has docker-ce packages installed that are affected by a vulnerability: - In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd...
Security Bulletin: IBM Cloud Private is vulnerable to Docker vulnerabilities (CVE-2021-21285, CVE-2021-21284)
Summary IBM Cloud Private is vulnerable to Docker vulnerabilities Vulnerability Details CVEID: CVE-2021-21285 DESCRIPTION: Docker is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to pull a specially-crafted Docker image, a remote attacker could...
Security update for containerd, docker, runc (important)
openSUSE Security Update: Security update for containerd, docker, runc Announcement ID: openSUSE-SU-2021:1954-1 Rating: important References: 1168481 1175081 1175821 1181594 1181641 1181677 1181730 1181732 1181749 1182451 1182476 1182947 1183024 1183855 1184768 1184962 1185405 Cross-References:...
CVE-2021-21285 affecting package moby-cli 19.03.15-2
CVE-2021-21285 affecting package moby-cli 19.03.15-2. An upgraded version of the package is available that resolves this issue...
CVE-2021-21285 affecting package moby-buildx 0.4.1-3
CVE-2021-21285 affecting package moby-buildx 0.4.1-3. An upgraded version of the package is available that resolves this issue...
CVE-2021-21285 affecting package moby-engine 19.03.15-2
CVE-2021-21285 affecting package moby-engine 19.03.15-2. An upgraded version of the package is available that resolves this issue...
Security update for containerd, docker, runc (important)
openSUSE Security Update: Security update for containerd, docker, runc Announcement ID: openSUSE-SU-2021:0878-1 Rating: important References: 1168481 1175081 1175821 1181594 1181641 1181677 1181730 1181732 1181749 1182451 1182476 1182947 1183024 1183855 1184768 1184962 1185405 Cross-References:...
SUSE SLES15: containerd / docker / docker-bash-completion / etc (SUSE-SU-2021:1954-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:1954-1 advisory. Docker was updated to 20.10.6-ce bsc1184768, bsc1182947, bsc1181594 Switch version to use -ce suffix rather than ce to avoid...
SUSE: Security Advisory (SUSE-SU-2021:0445-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2021-1943)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP9 : docker-engine (EulerOS-SA-2021-1922)
According to the version of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashe...
EulerOS 2.0 SP9 : docker-engine (EulerOS-SA-2021-1943)
According to the version of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashe...
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2021-1869)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP8 : docker-engine (EulerOS-SA-2021-1869)
According to the version of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashe...