Lucene search
K

30 matches found

CBLMariner
CBLMariner
added 2024/06/12 10:23 p.m.26 views

CVE-2023-48795 affecting package moby-compose for versions less than 2.17.3-5

CVE-2023-48795 affecting package moby-compose for versions less than 2.17.3-5. A patched version of the package is available...

5.9CVSS6.2AI score0.93305EPSS
Exploits4
OSV
OSV
added 2024/04/04 9:15 p.m.12 views

AZL-39325 CVE-2023-45288 affecting package moby-compose for versions less than 2.17.3-3

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS7AI score0.91969EPSS
Exploits1References1
OSV
OSV
added 2024/03/05 11:15 p.m.7 views

AZL-35583 CVE-2024-24786 affecting package moby-compose for versions less than 2.17.3-5

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

7.5CVSS6.6AI score0.01262EPSS
Exploits0References1
OSV
OSV
added 2024/01/31 10:15 p.m.6 views

AZL-34081 CVE-2024-23653 affecting package moby-compose for versions less than 2.17.2-7

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask...

9.8CVSS6.6AI score0.02983EPSS
Exploits0References1
OSV
OSV
added 2024/01/31 10:15 p.m.7 views

AZL-34080 CVE-2024-23650 affecting package moby-compose for versions less than 2.17.3-5

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoi...

5.3CVSS6.6AI score0.00957EPSS
Exploits0References1
OSV
OSV
added 2023/12/18 4:15 p.m.8 views

AZL-32224 CVE-2023-48795 affecting package moby-compose for versions less than 2.17.3-5

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

5.9CVSS6.9AI score0.93305EPSS
Exploits4References1
CBLMariner
CBLMariner
added 2023/10/12 7:11 p.m.26 views

CVE-2023-39325 affecting package moby-compose for versions less than 2.17.2-5

CVE-2023-39325 affecting package moby-compose for versions less than 2.17.2-5. A patched version of the package is available...

7.5CVSS8.3AI score0.03796EPSS
Exploits0
CBLMariner
CBLMariner
added 2023/10/12 7:11 p.m.31 views

CVE-2023-44487 affecting package moby-compose for versions less than 2.17.2-5

CVE-2023-44487 affecting package moby-compose for versions less than 2.17.2-5. A patched version of the package is available...

7.5CVSS7.8AI score0.99999EPSS
Exploits19
OSV
OSV
added 2023/10/11 10:15 p.m.7 views

AZL-31645 CVE-2023-39325 affecting package moby-compose for versions less than 2.17.2-5

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.5CVSS6.6AI score0.03796EPSS
Exploits0References1
OSV
OSV
added 2023/10/10 2:15 p.m.10 views

AZL-31327 CVE-2023-44487 affecting package moby-compose for versions less than 2.17.2-5

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References1
Rows per page
Query Builder