Lucene search
K

11 matches found

OPENSUSE Linux
OPENSUSE Linux
added 2025/10/01 12:0 a.m.3 views

docker-stable-24.0.9_ce-15.1 on GA media (moderate)

docker-stable-24.0.9ce-15.1 on GA media Announcement ID: openSUSE-SU-2025:15589-1 Rating: moderate Cross-References: CVE-2014-3499 CVE-2014-5277 CVE-2014-6407 CVE-2014-6408 CVE-2014-8178 CVE-2014-8179 CVE-2014-9356 CVE-2014-9357 CVE-2014-9358 CVE-2015-3627 CVE-2015-3629 CVE-2015-3630 CVE-2015-363...

8.3CVSS8.4AI score0.66252EPSS
Exploits11
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2014-5277

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to...

5CVSS7.2AI score0.01867EPSS
Exploits0References2
CBLMariner
CBLMariner
added 2021/07/08 9:56 p.m.55 views

CVE-2014-5277 affecting package moby-buildx 0.4.1-3

CVE-2014-5277 affecting package moby-buildx 0.4.1-3. An upgraded version of the package is available that resolves this issue...

5CVSS7.4AI score0.01867EPSS
Exploits0
Prion
Prion
added 2015/04/06 3:59 p.m.18 views

Authentication flaw

The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position...

4.3CVSS6.6AI score0.01867EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2015/04/06 3:0 p.m.60 views

CVE-2015-1843

CVE-2015-1843 corresponds to a downgrade vulnerability in the Red Hat Docker package prior to 1.5.0-28 when using the --add-registry option, where a failed HTTPS connection to the registry causes the client to fall back to HTTP. This enables a man-in-the-middle to block TLS and potentially obtain...

4.3CVSS7.4AI score0.01618EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2015/04/02 7:31 p.m.42 views

Moderate: Red Hat Security Advisory: docker security update

Updated docker packages that fix one security issue are now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available...

4.3CVSS7AI score0.01618EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2015/04/02 7:31 p.m.5 views

docker: regression of CVE-2014-5277

It was found that the fix for the CVE-2014-5277 issue was incomplete: the docker client could under certain circumstances erroneously fall back to HTTP when an HTTPS connection to a registry failed. This could allow a man-in-the-middle attacker to obtain authentication and image data from traffic...

5CVSS7.1AI score0.01867EPSS
Exploits0References4
OSV
OSV
added 2014/11/17 4:59 p.m.9 views

CVE-2014-5277

Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to...

6.3AI score
Exploits0References2
OSV
OSV
added 2014/11/17 4:59 p.m.2 views

DEBIAN-CVE-2014-5277

Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to...

5CVSS7AI score0.01867EPSS
Exploits0References1
CVE
CVE
added 2014/11/17 4:0 p.m.84 views

CVE-2014-5277

CVE-2014-5277 affects Docker before 1.3.1 and docker-py before 0.5.3, where fallbacks to HTTP occur if HTTPS to the registry fails. This enables man-in-the-middle downgrade attacks that can lead to exposure of authentication and image data when an attacker sits between the client and registry. Co...

5CVSS7.8AI score0.01867EPSS
Exploits0References2Affected Software2
Debian CVE
Debian CVE
added 2014/11/17 4:0 p.m.31 views

CVE-2014-5277

Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to...

5CVSS7.6AI score0.01867EPSS
Exploits0
Rows per page
Query Builder