11 matches found
docker-stable-24.0.9_ce-15.1 on GA media (moderate)
docker-stable-24.0.9ce-15.1 on GA media Announcement ID: openSUSE-SU-2025:15589-1 Rating: moderate Cross-References: CVE-2014-3499 CVE-2014-5277 CVE-2014-6407 CVE-2014-6408 CVE-2014-8178 CVE-2014-8179 CVE-2014-9356 CVE-2014-9357 CVE-2014-9358 CVE-2015-3627 CVE-2015-3629 CVE-2015-3630 CVE-2015-363...
Linux Distros Unpatched Vulnerability : CVE-2014-5277
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to...
CVE-2014-5277 affecting package moby-buildx 0.4.1-3
CVE-2014-5277 affecting package moby-buildx 0.4.1-3. An upgraded version of the package is available that resolves this issue...
Authentication flaw
The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position...
CVE-2015-1843
CVE-2015-1843 corresponds to a downgrade vulnerability in the Red Hat Docker package prior to 1.5.0-28 when using the --add-registry option, where a failed HTTPS connection to the registry causes the client to fall back to HTTP. This enables a man-in-the-middle to block TLS and potentially obtain...
Moderate: Red Hat Security Advisory: docker security update
Updated docker packages that fix one security issue are now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available...
docker: regression of CVE-2014-5277
It was found that the fix for the CVE-2014-5277 issue was incomplete: the docker client could under certain circumstances erroneously fall back to HTTP when an HTTPS connection to a registry failed. This could allow a man-in-the-middle attacker to obtain authentication and image data from traffic...
DEBIAN-CVE-2014-5277
Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to...
CVE-2014-5277
Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to...
CVE-2014-5277
CVE-2014-5277 affects Docker before 1.3.1 and docker-py before 0.5.3, where fallbacks to HTTP occur if HTTPS to the registry fails. This enables man-in-the-middle downgrade attacks that can lead to exposure of authentication and image data when an attacker sits between the client and registry. Co...
CVE-2014-5277
Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to...