Lucene search
K

145 matches found

Veracode
Veracode
added 2025/03/21 2:33 a.m.13 views

Unintended Secret Exposure

github.com/docker/buildx is vulnerable to unintended secret exposure. The vulnerability is due to improper handling of sensitive data in OpenTelemetry traces and BuildKit daemon's history records, that allows an attacker to access sensitive secrets by extracting them...

4.1CVSS6.4AI score0.0018EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/19 7:40 p.m.11 views

CVE-2025-0495

Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...

4.1CVSS7.2AI score0.0018EPSS
Exploits0References1
Snyk
Snyk
added 2025/03/17 9:27 p.m.3 views

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the form of credentials being passed as parameter values when registering a new user via the OpenTelemetry endpoint. These values may be passed in a cache-to/cache-from configuration a...

5.9CVSS4.5AI score0.0018EPSS
Exploits0References2
OSV
OSV
added 2025/03/17 8:15 p.m.7 views

AZL-58863 CVE-2025-0495 affecting package docker-buildx for versions less than 0.14.0-5

Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...

4.1CVSS7.1AI score0.0018EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/03/17 7:21 p.m.8 views

CVE-2025-0495

Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...

4.1CVSS7.6AI score0.0018EPSS
Exploits0
CBLMariner
CBLMariner
added 2025/03/13 3:10 p.m.8 views

CVE-2025-22869 affecting package docker-buildx for versions less than 0.14.0-4

CVE-2025-22869 affecting package docker-buildx for versions less than 0.14.0-4. A patched version of the package is available...

7.5CVSS7.6AI score0.00868EPSS
Exploits0
OSV
OSV
added 2025/02/26 8:14 a.m.7 views

AZL-57362 CVE-2025-22869 affecting package docker-buildx for versions less than 0.14.0-4

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...

7.5CVSS6.6AI score0.00868EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/02/10 12:0 a.m.16 views

Azure Linux 3.0 Security Update: cert-manager / cf-cli / docker-buildx / erlang / kubernetes / kubevirt (CVE-2023-48795)

The version of cert-manager / cf-cli / docker-buildx / erlang / kubernetes / kubevirt installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-48795 advisory. - The SSH transport protocol with certain...

5.9CVSS7.1AI score0.93305EPSS
Exploits4References2
CBLMariner
CBLMariner
added 2025/01/21 11:41 p.m.11 views

CVE-2024-45338 affecting package docker-buildx for versions less than 0.14.0-3

CVE-2024-45338 affecting package docker-buildx for versions less than 0.14.0-3. A patched version of the package is available...

5.3CVSS7.3AI score0.00856EPSS
Exploits0
CBLMariner
CBLMariner
added 2024/12/23 2:23 a.m.35 views

CVE-2024-45337 affecting package docker-buildx for versions less than 0.14.0-2

CVE-2024-45337 affecting package docker-buildx for versions less than 0.14.0-2. A patched version of the package is available...

9.1CVSS9.6AI score0.03153EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2024/12/21 12:0 a.m.10 views

SUSE SLES15: docker-stable / docker-stable-bash-completion / etc (SUSE-SU-SUSE-RU-2024:4391-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-SUSE-RU-2024:4391-1 advisory. - Update docker-buildx to v0.19.2. See upstream changelog online at . Some notable changelogs from the last...

9.9CVSS7AI score0.16496EPSS
Exploits0References7
OSV
OSV
added 2024/12/20 9:13 a.m.11 views

SUSE-RU-2024:4391-1 Recommended update for docker-stable

This update for docker-stable fixes the following issues: - Update docker-buildx to v0.19.2. See upstream changelog online at . Some notable changelogs from the last update: - Add a new toggle file /etc/docker/suse-secrets-enable which allows users to disable the SUSEConnect integration with Dock...

9.9CVSS9.6AI score0.16496EPSS
Exploits0References5
OSV
OSV
added 2024/12/18 9:15 p.m.9 views

AZL-54404 CVE-2024-45338 affecting package docker-buildx for versions less than 0.14.0-3

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

5.3CVSS6.6AI score0.00856EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/12/18 12:0 a.m.17 views

SUSE SLES15: docker / docker-bash-completion / docker-fish-completion / etc (SUSE-SU-2024:4360-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4360-1 advisory. - Update docker-buildx to v0.19.2. See upstream changelog online at . Some notable changelogs from the last update: -...

9.9CVSS7AI score0.16496EPSS
Exploits0References17
OSV
OSV
added 2024/12/17 2:35 p.m.7 views

SUSE-SU-2024:4360-1 Security update for docker

This update for docker fixes the following issues: - Update docker-buildx to v0.19.2. See upstream changelog online at . Some notable changelogs from the last update: - Add a new toggle file /etc/docker/suse-secrets-enable which allows users to disable the SUSEConnect integration with Docker whic...

9.9CVSS8.8AI score0.16496EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2024/12/17 12:0 a.m.18 views

SUSE SLES12 Security Update : docker (SUSE-SU-2024:4319-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4319-1 advisory. - Update docker-buildx to v0.19.2. See upstream changelog online at . Some notable changelogs from the last update: - Add a new toggle file...

9.9CVSS7.5AI score0.16496EPSS
Exploits0References17
SUSE Linux
SUSE Linux
added 2024/12/13 8:16 p.m.3 views

Security update for docker

This update for docker fixes the following issues: Update docker-buildx to v0.19.2. See upstream changelog online at . Some notable changelogs from the last update: Add a new toggle file /etc/docker/suse-secrets-enable which allows users to disable the SUSEConnect integration with Docker which...

9.9CVSS7.1AI score0.16496EPSS
Exploits0References26
OSV
OSV
added 2024/12/13 8:16 p.m.9 views

SUSE-SU-2024:4319-1 Security update for docker

This update for docker fixes the following issues: - Update docker-buildx to v0.19.2. See upstream changelog online at . Some notable changelogs from the last update: - Add a new toggle file /etc/docker/suse-secrets-enable which allows users to disable the SUSEConnect integration with Docker whic...

9.9CVSS8.8AI score0.16496EPSS
Exploits0References14
OSV
OSV
added 2024/12/12 2:2 a.m.8 views

AZL-54345 CVE-2024-45337 affecting package docker-buildx for versions less than 0.14.0-2

Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...

9.1CVSS6.8AI score0.03153EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.18 views

SUSE SLES12 Security Update : docker-stable (SUSE-SU-2024:4205-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:4205-1 advisory. - Remove DOCKERNETWORKOPTS from docker.service. This was removed from sysconfig a long time ago, and apparently this causes issues with systemd in some...

9.9CVSS7.4AI score0.16496EPSS
Exploits0References9
Rows per page
Query Builder