Lucene search
K

28 matches found

OSV
OSV
added 2022/03/28 7:33 p.m.32 views

GHSA-8V99-48M9-C8PM Incorrect Authorization in imgcrypt

Imgcrypt implements a function CheckAuthorization that is supposed to check whether a user is authorized to access an encrypted image given the keys that the user has provided on the command line that would enable decryption of the image. The check is to prevent that a user can start a container...

7.5CVSS7.4AI score0.02676EPSS
Exploits1References10
Amazon
Amazon
added 2021/11/18 12:0 a.m.9 views

Medium: docker

Issue Overview: Lack of content verification in Docker-CE Also known as Moby versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing...

6.5CVSS6.8AI score0.0247EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2021/07/16 7:0 a.m.5 views

Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands.

...

5.5CVSS7AI score0.00493EPSS
Exploits0
NVD
NVD
added 2019/12/17 2:15 p.m.22 views

CVE-2014-8178

Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands...

5.5CVSS5.3AI score0.00493EPSS
Exploits0References5
OSV
OSV
added 2019/12/17 2:15 p.m.2 views

DEBIAN-CVE-2014-8178

Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands...

5.5CVSS6.1AI score0.00493EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2019/12/17 2:15 p.m.25 views

CVE-2014-8178

Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands...

5.5CVSS6.8AI score0.00493EPSS
Exploits0References1
OSV
OSV
added 2019/12/17 2:15 p.m.11 views

UBUNTU-CVE-2014-8178

Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands...

5.5CVSS6.7AI score0.00493EPSS
Exploits0References2
CVE
CVE
added 2018/04/30 8:0 p.m.54 views

CVE-2018-1277

Cloud Foundry Garden-runC vulnerability (CVE-2018-1277): Garden-runC/ cf-deployment prior to fixed versions fail to enforce disk quotas for Docker image layers, allowing a remote authenticated user to push a malicious image that can exhaust Diego cell disk space and cause a DoS. Affected: Garden-...

6.5CVSS6.2AI score0.01118EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder