Lucene search
K

25 matches found

nvd
nvd
added 2026/06/01 9:16 a.m.16 views

CVE-2026-10517

A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. When PSK authentication is not configured opt-in, not enforced by default, an unauthenticated attacker can submit a manifest with...

5.8CVSS0.00292EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/01 7:56 a.m.13 views

CVE-2026-10517 Clair: clair: unauthenticated ssrf via manifest layer uri enables internal network reconnaissance

A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. When PSK authentication is not configured opt-in, not enforced by default, an unauthenticated attacker can submit a manifest with...

5.8CVSS5.7AI score0.00292EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/01 7:56 a.m.12 views

CVE-2026-10517

A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. When PSK authentication is not configured opt-in, not enforced by default, an unauthenticated attacker can submit a manifest with...

5.8CVSS5.7AI score0.00292EPSS
Exploits0References2
euvd
euvd
added 2026/06/01 7:56 a.m.14 views

EUVD-2026-33599

A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. When PSK authentication is not configured opt-in, not enforced by default, an unauthenticated attacker can submit a manifest with...

5.8CVSS5.7AI score0.00292EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/01 7:56 a.m.41 views

CVE-2026-10517 Clair: clair: unauthenticated ssrf via manifest layer uri enables internal network reconnaissance

A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. When PSK authentication is not configured opt-in, not enforced by default, an unauthenticated attacker can submit a manifest with...

5.8CVSS0.00292EPSS
Exploits0References2
cve
cve
added 2026/06/01 7:56 a.m.21 views

CVE-2026-10517

The CVE describes a flaw in Clair’s fetcher where it makes outbound HTTP requests to attacker-supplied URIs taken from manifest layer descriptors without filtering IPs or schemes. If PSK authentication is not configured, an unauthenticated attacker can submit a manifest pointing to internal servi...

5.8CVSS5.7AI score0.00292EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/06/01 7:56 a.m.12 views

CVE-2026-10517

A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. When PSK authentication is not configured opt-in, not enforced by default, an unauthenticated attacker can submit a manifest with...

5.8CVSS5.7AI score0.00292EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/06/01 12:0 a.m.10 views

Clair 代码问题漏洞

Clair is a project open source by QUAY. It is used for static analysis of vulnerabilities in application containers currently including OCI and Docker. Clair has code-related vulnerabilities. These vulnerabilities arise from the fetcher component, which allows unauthenticated attackers to perform...

5.8CVSS5.3AI score0.00292EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/01 12:0 a.m.14 views

PT-2026-45353

Name of the Vulnerable Software and Affected Versions Clair affected versions not specified Description A flaw in the fetcher component allows the system to make outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors because it lacks IP or scheme filtering. When Pre-Shar...

5.8CVSS5.8AI score0.00292EPSS
Exploits0References4
opensuse
opensuse
added 2025/12/18 12:0 a.m.4 views

clair-4.9.0-1.1 on GA media (moderate)

clair-4.9.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:15823-1 Rating: moderate Cross-References: CVE-2025-47907 CVSS scores: CVE-2025-47907 SUSE : 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N CVE-2025-47907 SUSE : 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N...

5.7CVSS6.8AI score0.00355EPSS
Exploits0
osv
osv
added 2025/12/17 12:0 a.m.9 views

OPENSUSE-SU-2025:15823-1 clair-4.9.0-1.1 on GA media

These are all security issues fixed in the clair-4.9.0-1.1 package on the GA media of openSUSE Tumbleweed...

7CVSS6.1AI score0.00355EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-1483

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.04513EPSS
Exploits1References15
openbugbounty
openbugbounty
added 2024/04/03 10:59 a.m.16 views

drclair.com Cross Site Scripting vulnerability OBB-3897978

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
openbugbounty
openbugbounty
added 2023/11/27 2:40 a.m.15 views

clair-ah.com Improper Access Control vulnerability OBB-3795748

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

7AI score
Exploits0
nvd
nvd
added 2022/03/03 10:15 p.m.30 views

CVE-2021-3762

A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution...

9.8CVSS0.04513EPSS
Exploits1References6
prion
prion
added 2022/03/03 10:15 p.m.22 views

Directory traversal

A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution...

7.5CVSS9.7AI score0.04513EPSS
Exploits1References6Affected Software2
cvelist
cvelist
added 2022/03/03 9:41 p.m.31 views

CVE-2021-3762

A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution...

10AI score0.04513EPSS
Exploits1References6
cve
cve
added 2022/03/03 9:41 p.m.88 views

CVE-2021-3762

CVE-2021-3762 affects Clair’s ClairCore engine (directory traversal in Clair/ ClairCore) that allows arbitrary file writes when scanning a crafted container image, potentially enabling remote code execution. Several connected sources corroborate a path-traversal vulnerability within the ClairCore...

9.8CVSS9.6AI score0.04513EPSS
Exploits1References6Affected Software1
ptsecurity
ptsecurity
added 2022/03/03 12:0 a.m.6 views

PT-2022-10660 · Clair · Clair

Name of the Vulnerable Software and Affected Versions: Clair versions affected versions not specified Description: A directory traversal issue in the ClairCore engine allows an attacker to exploit the system by providing a crafted container image. When scanned by Clair, this can lead to arbitrary...

9.8CVSS9.4AI score0.04513EPSS
Exploits1References17
cnnvd
cnnvd
added 2021/09/28 12:0 a.m.4 views

Clair 路径遍历漏洞

Clair is an open source project. It is used to statically analyze vulnerabilities in application containers currently including Oci and Docker. Clair suffers from a path traversal vulnerability that stems from a directory traversal vulnerability found in Clair's ClairCore engine. An attacker can...

9.8CVSS8.8AI score0.04513EPSS
Exploits1References9
Rows per page
Query Builder