26 matches found
openSUSE Security Advisory (SUSE-SU-2025:0226-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Azure Linux 3.0 Security Update: docker-buildx / docker-compose / moby-compose / moby-engine (CVE-2024-23650)
The version of docker-buildx / docker-compose / moby-compose / moby-engine installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-23650 advisory. - BuildKit is a toolkit for converting source code to bui...
CVE-2024-23650 affecting package moby-engine for versions less than 24.0.9-14
CVE-2024-23650 affecting package moby-engine for versions less than 24.0.9-14. A patched version of the package is available...
SUSE-SU-2025:0226-1 Security update for docker-stable
This update for docker-stable fixes the following issues: - CVE-2024-29018: Fixed external DNS request handling from 'internal' networks that could have led to data exfiltration bsc1234089. - CVE-2024-23650: Fixed possibile BuildKit daemon crash via malicious BuildKit client or frontend request...
SUSE SLES15: docker-stable / docker-stable-bash-completion / etc (SUSE-SU-2025:0226-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0226-1 advisory. - CVE-2024-29018: Fixed external DNS request handling from 'internal' networks that could have led to data exfiltrati...
Amazon Linux 2 : docker (ALASNITRO-ENCLAVES-2024-045)
The version of docker installed on the remote host is prior to 25.0.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2024-045 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body ...
CBL Mariner 2.0 Security Update: docker-buildx / docker-compose / moby-compose / moby-engine (CVE-2024-23650)
The version of docker-buildx / docker-compose / moby-compose / moby-engine installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-23650 advisory. - BuildKit is a toolkit for converting source code to bui...
CVE-2024-23650 affecting package moby-compose for versions less than 2.17.3-5
CVE-2024-23650 affecting package moby-compose for versions less than 2.17.3-5. A patched version of the package is available...
RHEL 8 : container-tools:rhel8 (RHSA-2024:2988)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2988 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: urllib3:...
CVE-2024-23650 affecting package docker-compose for versions less than 2.27.0-1
CVE-2024-23650 affecting package docker-compose for versions less than 2.27.0-1. An upgraded version of the package is available that resolves this issue...
CVE-2024-23650 affecting package docker-buildx for versions less than 0.14.0-1
CVE-2024-23650 affecting package docker-buildx for versions less than 0.14.0-1. An upgraded version of the package is available that resolves this issue...
CVE-2024-23650 affecting package moby-engine for versions less than 25.0.3-1
CVE-2024-23650 affecting package moby-engine for versions less than 25.0.3-1. An upgraded version of the package is available that resolves this issue...
Amazon Linux 2023 : docker (ALAS2023-2024-542)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-542 advisory. 2024-08-28: CVE-2023-45289 was added to this advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from...
Important: docker
Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...
Docker Desktop < 4.27.1 Multiple Vulnerabilities
The version of Docker Desktop for Linux is prior to 4.27.1. It is therefore affected by multiple vulnerabilities. - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker...
Docker Desktop < 4.27.1 Multiple Vulnerabilities
The version of Docker Desktop for Windows is prior to 4.27.1. It is therefore affected by multiple vulnerabilities. - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacke...
Docker Desktop < 4.27.1 Multiple Vulnerabilities
The version of Docker Desktop for Mac is prior to 4.27.1. It is therefore affected by multiple vulnerabilities. - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker...
CVE-2024-23650
A vulnerability was found in the Moby Builder Toolkit. A malicious BuildKit client or any frontend that can craft a request could lead to the BuildKit daemon crashing with a panic due to the lack of input validation. A frontend is usually specified as the syntax line on a Dockerfile or with the...
AZL-35438 CVE-2024-23650 affecting package docker-compose for versions less than 2.27.0-1
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoi...
AZL-34080 CVE-2024-23650 affecting package moby-compose for versions less than 2.17.3-5
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoi...