145 matches found
Unintended Secret Exposure
github.com/docker/buildx is vulnerable to unintended secret exposure. The vulnerability is due to improper handling of sensitive data in OpenTelemetry traces and BuildKit daemon's history records, that allows an attacker to access sensitive secrets by extracting them...
CVE-2025-0495
Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the form of credentials being passed as parameter values when registering a new user via the OpenTelemetry endpoint. These values may be passed in a cache-to/cache-from configuration a...
AZL-58863 CVE-2025-0495 affecting package docker-buildx for versions less than 0.14.0-5
Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...
CVE-2025-0495
Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...
CVE-2025-22869 affecting package docker-buildx for versions less than 0.14.0-4
CVE-2025-22869 affecting package docker-buildx for versions less than 0.14.0-4. A patched version of the package is available...
AZL-57362 CVE-2025-22869 affecting package docker-buildx for versions less than 0.14.0-4
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...
Azure Linux 3.0 Security Update: cert-manager / cf-cli / docker-buildx / erlang / kubernetes / kubevirt (CVE-2023-48795)
The version of cert-manager / cf-cli / docker-buildx / erlang / kubernetes / kubevirt installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-48795 advisory. - The SSH transport protocol with certain...
CVE-2024-45338 affecting package docker-buildx for versions less than 0.14.0-3
CVE-2024-45338 affecting package docker-buildx for versions less than 0.14.0-3. A patched version of the package is available...
CVE-2024-45337 affecting package docker-buildx for versions less than 0.14.0-2
CVE-2024-45337 affecting package docker-buildx for versions less than 0.14.0-2. A patched version of the package is available...
SUSE SLES15: docker-stable / docker-stable-bash-completion / etc (SUSE-SU-SUSE-RU-2024:4391-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-SUSE-RU-2024:4391-1 advisory. - Update docker-buildx to v0.19.2. See upstream changelog online at . Some notable changelogs from the last...
SUSE-RU-2024:4391-1 Recommended update for docker-stable
This update for docker-stable fixes the following issues: - Update docker-buildx to v0.19.2. See upstream changelog online at . Some notable changelogs from the last update: - Add a new toggle file /etc/docker/suse-secrets-enable which allows users to disable the SUSEConnect integration with Dock...
AZL-54404 CVE-2024-45338 affecting package docker-buildx for versions less than 0.14.0-3
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...
SUSE SLES15: docker / docker-bash-completion / docker-fish-completion / etc (SUSE-SU-2024:4360-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4360-1 advisory. - Update docker-buildx to v0.19.2. See upstream changelog online at . Some notable changelogs from the last update: -...
SUSE-SU-2024:4360-1 Security update for docker
This update for docker fixes the following issues: - Update docker-buildx to v0.19.2. See upstream changelog online at . Some notable changelogs from the last update: - Add a new toggle file /etc/docker/suse-secrets-enable which allows users to disable the SUSEConnect integration with Docker whic...
SUSE SLES12 Security Update : docker (SUSE-SU-2024:4319-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4319-1 advisory. - Update docker-buildx to v0.19.2. See upstream changelog online at . Some notable changelogs from the last update: - Add a new toggle file...
Security update for docker
This update for docker fixes the following issues: Update docker-buildx to v0.19.2. See upstream changelog online at . Some notable changelogs from the last update: Add a new toggle file /etc/docker/suse-secrets-enable which allows users to disable the SUSEConnect integration with Docker which...
SUSE-SU-2024:4319-1 Security update for docker
This update for docker fixes the following issues: - Update docker-buildx to v0.19.2. See upstream changelog online at . Some notable changelogs from the last update: - Add a new toggle file /etc/docker/suse-secrets-enable which allows users to disable the SUSEConnect integration with Docker whic...
AZL-54345 CVE-2024-45337 affecting package docker-buildx for versions less than 0.14.0-2
Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...
SUSE SLES12 Security Update : docker-stable (SUSE-SU-2024:4205-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:4205-1 advisory. - Remove DOCKERNETWORKOPTS from docker.service. This was removed from sysconfig a long time ago, and apparently this causes issues with systemd in some...