73 matches found
AZL-35584 CVE-2024-24786 affecting package moby-containerd for versions less than 1.6.26-8
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
AZL-35665 CVE-2024-24786 affecting package moby-containerd-cc for versions less than 1.7.7-5
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
CVE-2023-47108 affecting package moby-containerd-cc for versions less than 1.7.2-3
CVE-2023-47108 affecting package moby-containerd-cc for versions less than 1.7.2-3. A patched version of the package is available...
AZL-31896 CVE-2023-47108 affecting package moby-containerd-cc for versions less than 1.7.2-3
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the...
AZL-34995 CVE-2023-47108 affecting package moby-containerd-cc for versions less than 1.7.7-3
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the...
CVE-2023-39325 affecting package moby-containerd-cc for versions less than 1.7.1-5
CVE-2023-39325 affecting package moby-containerd-cc for versions less than 1.7.1-5. A patched version of the package is available...
CVE-2023-39325 affecting package moby-containerd for versions less than 1.6.22-2
CVE-2023-39325 affecting package moby-containerd for versions less than 1.6.22-2. A patched version of the package is available...
CVE-2023-44487 affecting package moby-containerd-cc for versions less than 1.7.1-5
CVE-2023-44487 affecting package moby-containerd-cc for versions less than 1.7.1-5. A patched version of the package is available...
CVE-2023-44487 affecting package moby-containerd for versions less than 1.6.22-2
CVE-2023-44487 affecting package moby-containerd for versions less than 1.6.22-2. A patched version of the package is available...
AZL-31647 CVE-2023-39325 affecting package moby-containerd-cc for versions less than 1.7.1-5
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...
AZL-31646 CVE-2023-39325 affecting package moby-containerd for versions less than 1.6.22-2
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...
AZL-34996 CVE-2023-39325 affecting package moby-containerd-cc for versions less than 1.7.1-5
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...
AZL-31328 CVE-2023-44487 affecting package moby-containerd for versions less than 1.6.22-2
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
AZL-34997 CVE-2023-44487 affecting package moby-containerd-cc for versions less than 1.7.1-5
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
AZL-31491 CVE-2023-44487 affecting package moby-containerd-cc for versions less than 1.7.1-5
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
CVE-2023-25173 affecting package moby-containerd for versions less than 1.6.18-2
CVE-2023-25173 affecting package moby-containerd for versions less than 1.6.18-2. An upgraded version of the package is available that resolves this issue...
CVE-2023-25153 affecting package moby-containerd for versions less than 1.6.18-2
CVE-2023-25153 affecting package moby-containerd for versions less than 1.6.18-2. An upgraded version of the package is available that resolves this issue...
CBL Mariner 2.0 Security Update: moby-containerd (CVE-2022-23471)
The version of moby-containerd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-23471 advisory. - containerd is an open source container runtime. A bug was found in containerd's CRI implementation...
CBL Mariner 2.0 Security Update: moby-containerd (CVE-2021-41103)
The version of moby-containerd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-41103 advisory. - containerd is an open source container runtime with an emphasis on simplicity, robustness and...
CVE-2023-25173 affecting package moby-containerd 1.6.6+azure-7
CVE-2023-25173 affecting package moby-containerd 1.6.6+azure-7. A patched version of the package is available...