Lucene search
K

26 matches found

OpenVAS
OpenVAS
added 2025/02/18 12:0 a.m.10 views

openSUSE Security Advisory (SUSE-SU-2025:0226-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.9CVSS7AI score0.16496EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/02/16 12:0 a.m.11 views

Azure Linux 3.0 Security Update: docker-buildx / docker-compose / moby-compose / moby-engine (CVE-2024-23650)

The version of docker-buildx / docker-compose / moby-compose / moby-engine installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-23650 advisory. - BuildKit is a toolkit for converting source code to bui...

5.3CVSS6.9AI score0.00957EPSS
Exploits0References2
CBLMariner
CBLMariner
added 2025/02/15 4:7 p.m.8 views

CVE-2024-23650 affecting package moby-engine for versions less than 24.0.9-14

CVE-2024-23650 affecting package moby-engine for versions less than 24.0.9-14. A patched version of the package is available...

5.3CVSS6.9AI score0.00957EPSS
Exploits0
OSV
OSV
added 2025/01/27 7:26 a.m.13 views

SUSE-SU-2025:0226-1 Security update for docker-stable

This update for docker-stable fixes the following issues: - CVE-2024-29018: Fixed external DNS request handling from 'internal' networks that could have led to data exfiltration bsc1234089. - CVE-2024-23650: Fixed possibile BuildKit daemon crash via malicious BuildKit client or frontend request...

9.9CVSS7.9AI score0.16496EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/01/24 12:0 a.m.14 views

SUSE SLES15: docker-stable / docker-stable-bash-completion / etc (SUSE-SU-2025:0226-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0226-1 advisory. - CVE-2024-29018: Fixed external DNS request handling from 'internal' networks that could have led to data exfiltrati...

9.9CVSS7.1AI score0.16496EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2024/08/29 12:0 a.m.38 views

Amazon Linux 2 : docker (ALASNITRO-ENCLAVES-2024-045)

The version of docker installed on the remote host is prior to 25.0.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2024-045 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body ...

10CVSS7AI score0.02983EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2024/07/03 12:0 a.m.27 views

CBL Mariner 2.0 Security Update: docker-buildx / docker-compose / moby-compose / moby-engine (CVE-2024-23650)

The version of docker-buildx / docker-compose / moby-compose / moby-engine installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-23650 advisory. - BuildKit is a toolkit for converting source code to bui...

5.3CVSS6.9AI score0.00957EPSS
Exploits0References2
CBLMariner
CBLMariner
added 2024/06/12 10:23 p.m.27 views

CVE-2024-23650 affecting package moby-compose for versions less than 2.17.3-5

CVE-2024-23650 affecting package moby-compose for versions less than 2.17.3-5. A patched version of the package is available...

5.3CVSS5.5AI score0.00957EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/05/23 12:0 a.m.83 views

RHEL 8 : container-tools:rhel8 (RHSA-2024:2988)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2988 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: urllib3:...

7.5CVSS7.3AI score0.93305EPSS
Exploits7References43
CBLMariner
CBLMariner
added 2024/05/17 9:38 p.m.25 views

CVE-2024-23650 affecting package docker-compose for versions less than 2.27.0-1

CVE-2024-23650 affecting package docker-compose for versions less than 2.27.0-1. An upgraded version of the package is available that resolves this issue...

5.3CVSS6.5AI score0.00957EPSS
Exploits0
CBLMariner
CBLMariner
added 2024/05/17 9:38 p.m.37 views

CVE-2024-23650 affecting package docker-buildx for versions less than 0.14.0-1

CVE-2024-23650 affecting package docker-buildx for versions less than 0.14.0-1. An upgraded version of the package is available that resolves this issue...

5.3CVSS6.5AI score0.00957EPSS
Exploits0
CBLMariner
CBLMariner
added 2024/03/19 5:21 p.m.23 views

CVE-2024-23650 affecting package moby-engine for versions less than 25.0.3-1

CVE-2024-23650 affecting package moby-engine for versions less than 25.0.3-1. An upgraded version of the package is available that resolves this issue...

5.3CVSS5.7AI score0.00957EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/03/06 12:0 a.m.123 views

Amazon Linux 2023 : docker (ALAS2023-2024-542)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-542 advisory. 2024-08-28: CVE-2023-45289 was added to this advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from...

10CVSS6.9AI score0.02983EPSS
Exploits0References16
Amazon
Amazon
added 2024/03/05 12:0 a.m.5 views

Important: docker

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

10CVSS6.7AI score0.02983EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/02/09 12:0 a.m.95 views

Docker Desktop < 4.27.1 Multiple Vulnerabilities

The version of Docker Desktop for Linux is prior to 4.27.1. It is therefore affected by multiple vulnerabilities. - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker...

10CVSS6.9AI score0.18087EPSS
Exploits20References8
Tenable Nessus
Tenable Nessus
added 2024/02/09 12:0 a.m.157 views

Docker Desktop < 4.27.1 Multiple Vulnerabilities

The version of Docker Desktop for Windows is prior to 4.27.1. It is therefore affected by multiple vulnerabilities. - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacke...

10CVSS6.9AI score0.18087EPSS
Exploits20References8
Tenable Nessus
Tenable Nessus
added 2024/02/09 12:0 a.m.89 views

Docker Desktop < 4.27.1 Multiple Vulnerabilities

The version of Docker Desktop for Mac is prior to 4.27.1. It is therefore affected by multiple vulnerabilities. - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker...

10CVSS6.9AI score0.18087EPSS
Exploits20References8
RedhatCVE
RedhatCVE
added 2024/02/01 3:38 p.m.33 views

CVE-2024-23650

A vulnerability was found in the Moby Builder Toolkit. A malicious BuildKit client or any frontend that can craft a request could lead to the BuildKit daemon crashing with a panic due to the lack of input validation. A frontend is usually specified as the syntax line on a Dockerfile or with the...

5.3CVSS7.2AI score0.00957EPSS
Exploits0References4
OSV
OSV
added 2024/01/31 10:15 p.m.6 views

AZL-35438 CVE-2024-23650 affecting package docker-compose for versions less than 2.27.0-1

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoi...

5.3CVSS6.6AI score0.00957EPSS
Exploits0References1
OSV
OSV
added 2024/01/31 10:15 p.m.7 views

AZL-34080 CVE-2024-23650 affecting package moby-compose for versions less than 2.17.3-5

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoi...

5.3CVSS6.6AI score0.00957EPSS
Exploits0References1
Rows per page
Query Builder