9114 matches found
CVE-2014-5277
Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to...
CVE-2014-5277
CVE-2014-5277 affects Docker before 1.3.1 and docker-py before 0.5.3, where fallbacks to HTTP occur if HTTPS to the registry fails. This enables man-in-the-middle downgrade attacks that can lead to exposure of authentication and image data when an attacker sits between the client and registry. Co...
CVE-2014-5277
Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to...
PT-2014-6389 · Docker +1 · Docker +2
Name of the Vulnerable Software and Affected Versions: Docker versions prior to 1.3.1 docker-py versions prior to 0.5.3 Description: The issue allows man-in-the-middle attackers to conduct downgrade attacks. This can be achieved by leveraging a network position between the client and the registry...
openSUSE Security Update : docker / go (openSUSE-SU-2014:1411-1)
Docker was updated to version 1.3.1 to fix two security issues and several other bugs. These security issues were fixed : - Prevent fallback to SSL protocols lower than TLS 1.0 for client, daemon and registry CVE-2014-5277. - Secure HTTPS connection to registries with certificate verification and...
RHEL 7 : docker (RHSA-2014:0820)
An updated docker package that fixes one security issue is now available for Red Hat Enterprise Linux 7 Extras. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Scientific Linux Security Update : bash on SL5.x, SL6.x i386/x86_64 (20140926) (Shellshock)
It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell...
Important: Red Hat Security Advisory: bash Shift_JIS security update
Updated September 30, 2014 This advisory has been updated with information on restarting system services after applying this update. No changes have been made to the original packages. Updated bash ShiftJIS packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and ...
Important: Red Hat Security Advisory: bash security update
Updated September 30, 2014 This advisory has been updated with information on restarting system services after applying this update. No changes have been made to the original packages. Updated bash packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Re...
docker-version NSE Script
Detects the Docker service version. Script Arguments slaxml.debug See the documentation for the slaxml library. http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent See the documentation for the http library. smbdomain, smbhash,...
Fedora Update for docker-io FEDORA-2014-8021
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for docker-io FEDORA-2014-8034
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 20 Update: docker-io-1.0.0-6.fc20
Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. Docker containers can encapsulate any payload, and will run consistently on and between virtually any server. The same container...
[SECURITY] Fedora 19 Update: docker-io-1.0.0-6.fc19
Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. Docker containers can encapsulate any payload, and will run consistently on and between virtually any server. The same container...
Fedora 20 : docker-io-1.0.0-6.fc20 (2014-8021)
Resolves: rhbz1114810 - CVE-2014-3499 correct bz Set mode,user,group in docker.socket file Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...
Fedora 19 : docker-io-1.0.0-6.fc19 (2014-8034)
Resolves: rhbz1114810 - CVE-2014-3499 correct bz Set mode,user,group in docker.socket file Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...
CVE-2014-3499
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors...
CVE-2014-3499
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors...
Code injection
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors...
CVE-2014-3499
Technical details beyond the general description for CVE-2014-3499 are not provided in the connected documents. Monitor for updates from OSV/OpenVAS/Nessus entries for affected products and fixes.