CVE-2025-11065 affecting package moby-compose for versions less than 2.17.3-14

CVE-2025-11065 affecting package moby-compose for versions less than 2.17.3-14. A patched version of the package is available...

AZL-75530 CVE-2025-11065 affecting package moby-compose for versions less than 2.17.3-14

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...

CVE-2025-65637 affecting package moby-compose for versions less than 2.17.3-13

CVE-2025-65637 affecting package moby-compose for versions less than 2.17.3-13. A patched version of the package is available...

AZL-71632 CVE-2025-65637 affecting package moby-compose for versions less than 2.17.3-13

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving...

CVE-2025-47913 affecting package moby-compose for versions less than 2.17.3-12

CVE-2025-47913 affecting package moby-compose for versions less than 2.17.3-12. A patched version of the package is available...

AZL-70322 CVE-2025-47913 affecting package moby-compose for versions less than 2.17.3-12

SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process...

CVE-2025-22869 affecting package moby-compose for versions less than 2.17.3-10

CVE-2025-22869 affecting package moby-compose for versions less than 2.17.3-10. A patched version of the package is available...

AZL-57434 CVE-2025-22869 affecting package moby-compose for versions less than 2.17.3-10

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...

Azure Linux 3.0 Security Update: cert-manager / helm / moby-cli / moby-compose / moby-engine (CVE-2023-2253)

The version of cert-manager / helm / moby-cli / moby-compose / moby-engine installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-2253 advisory. - A flaw was found in the /v2/catalog endpoint in...

Azure Linux 3.0 Security Update: docker-cli / moby-cli / moby-compose / moby-engine (CVE-2024-36623)

The version of docker-cli / moby-cli / moby-compose / moby-engine installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-36623 advisory. - moby through v25.0.3 has a Race Condition vulnerability in the...

CVE-2024-45337 affecting package moby-compose for versions less than 2.17.3-9

CVE-2024-45337 affecting package moby-compose for versions less than 2.17.3-9. A patched version of the package is available...

CVE-2024-36623 affecting package moby-compose for versions less than 2.17.3-8

CVE-2024-36623 affecting package moby-compose for versions less than 2.17.3-8. A patched version of the package is available...

AZL-54286 CVE-2024-45337 affecting package moby-compose for versions less than 2.17.3-9

Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...

AZL-53804 CVE-2024-36623 affecting package moby-compose for versions less than 2.17.3-8

moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes...

CVE-2023-45142 affecting package moby-compose for versions less than 2.17.3-7

CVE-2023-45142 affecting package moby-compose for versions less than 2.17.3-7. A patched version of the package is available...

CBL Mariner 2.0 Security Update: docker-buildx / docker-compose / moby-compose / moby-engine (CVE-2024-23650)

The version of docker-buildx / docker-compose / moby-compose / moby-engine installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-23650 advisory. - BuildKit is a toolkit for converting source code to bui...

CBL Mariner 2.0 Security Update: cert-manager / helm / moby-cli / moby-compose / moby-engine (CVE-2023-2253)

The version of cert-manager / helm / moby-cli / moby-compose / moby-engine installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-2253 advisory. - A flaw was found in the /v2/catalog endpoint in...

CVE-2024-23650 affecting package moby-compose for versions less than 2.17.3-5

CVE-2024-23650 affecting package moby-compose for versions less than 2.17.3-5. A patched version of the package is available...

CVE-2023-2253 affecting package moby-compose for versions less than 2.17.3-5

CVE-2023-2253 affecting package moby-compose for versions less than 2.17.3-5. A patched version of the package is available...

CVE-2023-45288 affecting package moby-compose for versions less than 2.17.3-3

CVE-2023-45288 affecting package moby-compose for versions less than 2.17.3-3. A patched version of the package is available...