20 matches found
Security Bulletin: IBM Storage Ceph is vulnerable to Insufficient Verification of Data Authenticity in Moby via Grafana (CVE-2024-24557)
Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Ceph. CVE-2024-24557 Vulnerability Details CVEID:CVE-2024-24557 DESCRIPTION: Moby is an open-source project created by Docker to enable softwa...
NewStart CGSL MAIN 7.02 : docker-ce Vulnerability (NS-SA-2025-0150)
The remote NewStart CGSL host, running version MAIN 7.02, has docker-ce packages installed that are affected by a vulnerability: - Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is bui...
TencentOS Server 4: moby (TSSA-2024:0823)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0823 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in moby: classic builder cache poisoning
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of moby: classic builder cache poisoning Vulnerability Details CVEID:CVE-2024-24557 DESCRIPTION: Moby could provide weaker than expected security, caused by improper cache validation in the classic builder cache system. By...
Photon OS 4.0: Docker PHSA-2024-4.0-0710
An update of the docker package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-4.0-0710. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
EulerOS 2.0 SP8 : docker-engine (EulerOS-SA-2024-2462)
According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache...
Amazon Linux 2 : docker (ALASNITRO-ENCLAVES-2024-045)
The version of docker installed on the remote host is prior to 25.0.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2024-045 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body ...
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-2024)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP8 : docker-engine (EulerOS-SA-2024-2024)
According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache...
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1955)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1866)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP12 : docker-engine (EulerOS-SA-2024-1866)
According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache...
Security Bulletin: IBM Edge Application Manager 4.5.6 addresses the security vulnerabilities listed in the CVEs below.
Summary IBM Edge Application Manager 4.5.6 addresses the security vulnerabilities listed in the CVEs below. Vulnerability Details CVEID:CVE-2024-29018 DESCRIPTION: moby could allow a remote attacker to obtain sensitive information, caused by incorrect resource transfer between spheres. By sending...
EulerOS 2.0 SP11 : docker-engine (EulerOS-SA-2024-1797)
According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache...
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1785)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-24557 affecting package moby-engine for versions less than 25.0.3-1
CVE-2024-24557 affecting package moby-engine for versions less than 25.0.3-1. An upgraded version of the package is available that resolves this issue...
BELL-CVE-2024-24557
Bulletin has no description...
CVE-2024-24557 vulnerabilities
Vulnerabilities for packages: cosign-fips, bom, eksctl, helm-operator-fips, docker-machine-driver-harvester, k9s, falcoctl-fips, kubeflow-katib, loki, kpt, cadvisor-fips, dagger, datadog-agent-fips, policy-controller-fips, kubescape, argo-workflows, pulumi, buildkitd, ctop, chartmuseum, scorecard...
CVE-2024-24557 vulnerabilities
Vulnerabilities for packages: argo-workflows, k9s, kubevela, up, kubescape, vexctl, chartmuseum, gitsign, bom, cadvisor, kubeflow-katib, cosign, nerdctl, flux-helm-controller, trivy, flux, policy-controller, kots, falcoctl, pulumi, helm, docker-credential-gcr, helm-operator,...
CVE-2024-24557 Moby classic builder cache poisoning
Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions most important being HEALTHCHECK and ONBUILD would not cause a cache miss. An...