Lucene search
+L

20 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/07/29 8:49 p.m.8 views

Security Bulletin: IBM Storage Ceph is vulnerable to Insufficient Verification of Data Authenticity in Moby via Grafana (CVE-2024-24557)

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Ceph. CVE-2024-24557 Vulnerability Details CVEID:CVE-2024-24557 DESCRIPTION: Moby is an open-source project created by Docker to enable softwa...

7.8CVSS6.5AI score0.00258EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/07/25 12:0 a.m.4 views

NewStart CGSL MAIN 7.02 : docker-ce Vulnerability (NS-SA-2025-0150)

The remote NewStart CGSL host, running version MAIN 7.02, has docker-ce packages installed that are affected by a vulnerability: - Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is bui...

7.8CVSS7AI score0.00258EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.4 views

TencentOS Server 4: moby (TSSA-2024:0823)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0823 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

7.8CVSS7AI score0.00258EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/26 6:52 p.m.11 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in moby: classic builder cache poisoning

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of moby: classic builder cache poisoning Vulnerability Details CVEID:CVE-2024-24557 DESCRIPTION: Moby could provide weaker than expected security, caused by improper cache validation in the classic builder cache system. By...

7.8CVSS7.5AI score0.00258EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/11/12 12:0 a.m.13 views

Photon OS 4.0: Docker PHSA-2024-4.0-0710

An update of the docker package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-4.0-0710. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

7.8CVSS6.7AI score0.00258EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/09/24 12:0 a.m.24 views

EulerOS 2.0 SP8 : docker-engine (EulerOS-SA-2024-2462)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache...

7.8CVSS7AI score0.00258EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/08/29 12:0 a.m.38 views

Amazon Linux 2 : docker (ALASNITRO-ENCLAVES-2024-045)

The version of docker installed on the remote host is prior to 25.0.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2024-045 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body ...

10CVSS7AI score0.02983EPSS
Exploits0References12
OpenVAS
OpenVAS
added 2024/07/22 12:0 a.m.16 views

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-2024)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.6CVSS7.2AI score0.18087EPSS
Exploits18References2
Tenable Nessus
Tenable Nessus
added 2024/07/22 12:0 a.m.24 views

EulerOS 2.0 SP8 : docker-engine (EulerOS-SA-2024-2024)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache...

8.6CVSS7.5AI score0.18087EPSS
Exploits18References3
OpenVAS
OpenVAS
added 2024/07/16 12:0 a.m.19 views

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1955)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.7CVSS8.8AI score0.02733EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2024/07/01 12:0 a.m.23 views

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1866)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.8AI score0.00258EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/06/28 12:0 a.m.21 views

EulerOS 2.0 SP12 : docker-engine (EulerOS-SA-2024-1866)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache...

7.8CVSS7AI score0.00258EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/26 2:33 p.m.78 views

Security Bulletin: IBM Edge Application Manager 4.5.6 addresses the security vulnerabilities listed in the CVEs below.

Summary IBM Edge Application Manager 4.5.6 addresses the security vulnerabilities listed in the CVEs below. Vulnerability Details CVEID:CVE-2024-29018 DESCRIPTION: moby could allow a remote attacker to obtain sensitive information, caused by incorrect resource transfer between spheres. By sending...

7.8CVSS7.6AI score0.01429EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.34 views

EulerOS 2.0 SP11 : docker-engine (EulerOS-SA-2024-1797)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache...

7.8CVSS7.1AI score0.04561EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2024/06/03 12:0 a.m.26 views

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1785)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7AI score0.04561EPSS
Exploits0References2
CBLMariner
CBLMariner
added 2024/03/19 5:21 p.m.27 views

CVE-2024-24557 affecting package moby-engine for versions less than 25.0.3-1

CVE-2024-24557 affecting package moby-engine for versions less than 25.0.3-1. An upgraded version of the package is available that resolves this issue...

7.8CVSS7.8AI score0.00258EPSS
Exploits0
OSV
OSV
added 2024/02/03 5:59 a.m.1 views

BELL-CVE-2024-24557

Bulletin has no description...

7.8CVSS7AI score0.00258EPSS
Exploits0References1
Chainguard
Chainguard
added 2024/02/01 5:15 p.m.51 views

CVE-2024-24557 vulnerabilities

Vulnerabilities for packages: cosign-fips, bom, eksctl, helm-operator-fips, docker-machine-driver-harvester, k9s, falcoctl-fips, kubeflow-katib, loki, kpt, cadvisor-fips, dagger, datadog-agent-fips, policy-controller-fips, kubescape, argo-workflows, pulumi, buildkitd, ctop, chartmuseum, scorecard...

7.8CVSS6.8AI score0.00258EPSS
Exploits0
Wolfi
Wolfi
added 2024/02/01 5:15 p.m.66 views

CVE-2024-24557 vulnerabilities

Vulnerabilities for packages: argo-workflows, k9s, kubevela, up, kubescape, vexctl, chartmuseum, gitsign, bom, cadvisor, kubeflow-katib, cosign, nerdctl, flux-helm-controller, trivy, flux, policy-controller, kots, falcoctl, pulumi, helm, docker-credential-gcr, helm-operator,...

7.8CVSS6.8AI score0.00258EPSS
Exploits0
Cvelist
Cvelist
added 2024/02/01 4:26 p.m.29 views

CVE-2024-24557 Moby classic builder cache poisoning

Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions most important being HEALTHCHECK and ONBUILD would not cause a cache miss. An...

6.9CVSS7.8AI score0.00258EPSS
Exploits0References2
Rows per page
Query Builder