73 matches found
CVE-2024-28180 affecting package moby-containerd-cc for versions less than 1.7.7-9
CVE-2024-28180 affecting package moby-containerd-cc for versions less than 1.7.7-9. A patched version of the package is available...
CVE-2024-28180 affecting package moby-containerd for versions less than 1.6.26-9
CVE-2024-28180 affecting package moby-containerd for versions less than 1.6.26-9. A patched version of the package is available...
CVE-2024-24786 affecting package moby-containerd-cc for versions less than 1.7.7-8
CVE-2024-24786 affecting package moby-containerd-cc for versions less than 1.7.7-8. A patched version of the package is available...
CVE-2024-24786 affecting package moby-containerd for versions less than 1.6.26-8
CVE-2024-24786 affecting package moby-containerd for versions less than 1.6.26-8. A patched version of the package is available...
CVE-2024-24786 affecting package moby-containerd-cc for versions less than 1.7.7-5
CVE-2024-24786 affecting package moby-containerd-cc for versions less than 1.7.7-5. A patched version of the package is available...
CBL Mariner 2.0 Security Update: blobfuse2 / cert-manager / cf-cli / coredns / cri-tools / etcd (CVE-2023-39325)
The version of blobfuse2 / cert-manager / cf-cli / coredns / cri-tools / etcd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-39325 advisory. - A malicious HTTP/2 client which rapidly creates...
CBL Mariner 2.0 Security Update: containerd / cri-tools / docker-buildx / docker-compose / moby-containerd-cc (CVE-2023-47108)
The version of containerd / cri-tools / docker-buildx / docker-compose / moby-containerd-cc installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-47108 advisory. - OpenTelemetry-Go Contrib is a collecti...
CBL Mariner 2.0 Security Update: moby-containerd / moby-engine (CVE-2023-25153)
The version of moby-containerd / moby-engine installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-25153 advisory. - containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, wh...
CVE-2023-45288 affecting package moby-containerd for versions less than 1.6.26-5
CVE-2023-45288 affecting package moby-containerd for versions less than 1.6.26-5. A patched version of the package is available...
CVE-2023-45288 affecting package moby-containerd-cc for versions less than 1.7.7-4
CVE-2023-45288 affecting package moby-containerd-cc for versions less than 1.7.7-4. A patched version of the package is available...
CVE-2023-47108 affecting package moby-containerd-cc for versions less than 1.7.7-3
CVE-2023-47108 affecting package moby-containerd-cc for versions less than 1.7.7-3. A patched version of the package is available...
AZL-38542 CVE-2023-45288 affecting package moby-containerd-cc for versions less than 1.7.7-6
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...
AZL-39259 CVE-2023-45288 affecting package moby-containerd-cc for versions less than 1.7.7-4
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...
AZL-39223 CVE-2023-45288 affecting package moby-containerd for versions less than 1.6.26-5
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...
CVE-2023-44487 affecting package moby-containerd-cc for versions less than 1.7.1-5
CVE-2023-44487 affecting package moby-containerd-cc for versions less than 1.7.1-5. A patched version of the package is available...
CVE-2023-39325 affecting package moby-containerd-cc for versions less than 1.7.1-5
CVE-2023-39325 affecting package moby-containerd-cc for versions less than 1.7.1-5. A patched version of the package is available...
AZL-35850 CVE-2024-28180 affecting package moby-containerd-cc for versions less than 1.7.7-9
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...
AZL-35849 CVE-2024-28180 affecting package moby-containerd for versions less than 1.6.26-9
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...
AZL-35887 CVE-2024-28180 affecting package moby-containerd-cc for versions less than 1.7.7-6
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...
AZL-35585 CVE-2024-24786 affecting package moby-containerd-cc for versions less than 1.7.7-8
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...