196 matches found
AZL-53824 CVE-2024-36623 affecting package moby-engine for versions less than 25.0.3-9
moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes...
AZL-53828 CVE-2024-36620 affecting package moby-engine for versions less than 25.0.3-9
moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/imagehistory.go...
AZL-53810 CVE-2024-36621 affecting package moby-engine for versions less than 25.0.3-9
moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion...
AZL-53813 CVE-2024-36621 affecting package moby-engine for versions less than 24.0.9-13
moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion...
Fedora 37 : moby-engine (2022-2c33bba286)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-2c33bba286 advisory. - Update to 20.10.20. - Mitigates CVE-2022-39253 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
AZL-52221 CVE-2024-51744 affecting package moby-engine for versions less than 24.0.9-17
golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...
CVE-2024-29018 affecting package moby-engine for versions less than 25.0.3-6
CVE-2024-29018 affecting package moby-engine for versions less than 25.0.3-6. A patched version of the package is available...
CVE-2023-45142 affecting package moby-engine for versions less than 24.0.9-10
CVE-2023-45142 affecting package moby-engine for versions less than 24.0.9-10. A patched version of the package is available...
CVE-2024-29018 affecting package moby-engine for versions less than 24.0.9-9
CVE-2024-29018 affecting package moby-engine for versions less than 24.0.9-9. A patched version of the package is available...
CVE-2024-41110 affecting package moby-engine for versions less than 25.0.3-5
CVE-2024-41110 affecting package moby-engine for versions less than 25.0.3-5. A patched version of the package is available...
CVE-2022-2879 affecting package moby-engine for versions less than 25.0.3-3
CVE-2022-2879 affecting package moby-engine for versions less than 25.0.3-3. A patched version of the package is available...
CBL Mariner 2.0 Security Update: moby-engine (CVE-2024-41110)
The version of moby-engine installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-41110 advisory. - Moby is an open-source project created by Docker for software containerization. A security vulnerabilit...
CVE-2024-41110 affecting package moby-engine for versions less than 24.0.9-7
CVE-2024-41110 affecting package moby-engine for versions less than 24.0.9-7. A patched version of the package is available...
AZL-47017 CVE-2024-41110 affecting package moby-engine for versions less than 25.0.3-5
Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being...
AZL-47042 CVE-2024-41110 affecting package moby-engine for versions less than 24.0.9-7
Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being...
CBL Mariner 2.0 Security Update: docker-buildx / docker-compose / moby-compose / moby-engine (CVE-2024-23650)
The version of docker-buildx / docker-compose / moby-compose / moby-engine installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-23650 advisory. - BuildKit is a toolkit for converting source code to bui...
CBL Mariner 2.0 Security Update: moby-engine (CVE-2024-24557)
The version of moby-engine installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-24557 advisory. - Moby is an open-source project created by Docker to enable software containerization. The classic build...
CBL Mariner 2.0 Security Update: docker-compose / moby-engine / docker-buildx / moby-cli (CVE-2024-23653)
The version of docker-compose / moby-engine / docker-buildx / moby-cli installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-23653 advisory. - BuildKit is a toolkit for converting source code to build...
CBL Mariner 2.0 Security Update: cert-manager / helm / moby-cli / moby-compose / moby-engine (CVE-2023-2253)
The version of cert-manager / helm / moby-cli / moby-compose / moby-engine installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-2253 advisory. - A flaw was found in the /v2/catalog endpoint in...
CBL Mariner 2.0 Security Update: moby-containerd / moby-engine (CVE-2023-25153)
The version of moby-containerd / moby-engine installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-25153 advisory. - containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, wh...