Lucene search
K

11 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-2367

Malware in sbrugna...

5CVSS5.8AI score0.02085EPSS
Exploits0References35
Github Security Blog
Github Security Blog
added 2024/06/10 6:39 p.m.12 views

Moby (Docker Engine) is vulnerable to Ambiguous OCI manifest parsing

Impact In the OCI Distribution Specification version 1.0.0 and prior and in the OCI Image Specification version 1.0.1 and prior, manifest and index documents are ambiguous without an accompanying Content-Type HTTP header. Versions of Moby Docker Engine prior to 20.10.11 treat the Content-Type...

7AI score
Exploits0References2Affected Software2
Tenable Nessus
Tenable Nessus
added 2023/11/16 12:0 a.m.28 views

Amazon Linux 2 : containerd (ALASECS-2023-026)

The version of containerd installed on the remote host is prior to 1.4.6-7. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2023-026 advisory. The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OC...

5CVSS7AI score0.02085EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2023/07/13 12:0 a.m.5 views

The vulnerability of the application for simplifying and standardizing the distribution of content within Open Container Initiative Distribution Specification (OCI Distribution Specification) lies in a type mixing error. This allows attackers to compromise the integrity of the protected information.

The vulnerability of the application for simplifying and standardizing the distribution of content within Open Container Initiative Distribution Specification OCI Distribution Specification is related to an error in mixing types during the processing of the Content-Type header, which contains...

4CVSS6.6AI score0.02085EPSS
Exploits0References19Affected Software13
Tenable Nessus
Tenable Nessus
added 2022/05/04 12:0 a.m.72 views

SUSE SLES12 Security Update : containerd, docker (SUSE-SU-2022:1507-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1507-1 advisory. - CVE-2022-24769: Fixed incorrect default inheritable capabilities bsc1197517. - CVE-2022-23648: Fixed directory traversal issue...

7.5CVSS7AI score0.27392EPSS
Exploits4References17
Mageia
Mageia
added 2021/12/02 4:49 p.m.304 views

Updated docker-containerd packages fix security vulnerability

The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents...

5CVSS1.6AI score0.02085EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2021/11/18 4:13 p.m.60 views

Clarify Content-Type handling

Impact In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both “manifests” and “layers” fields could be interpreted as either a manifest or an index in the...

5CVSS1AI score0.02085EPSS
Exploits0References13Affected Software1
Amazon
Amazon
added 2021/11/18 12:0 a.m.53 views

Medium: containerd, docker

Issue Overview: In the OCI Distribution Specification version 1.0.0 and prior and in the OCI Image Specification version 1.0.1 and prior, manifest and index documents are ambiguous without an accompanying Content-Type HTTP header. Versions of Moby Docker Engine prior to 20.10.11 and versions of...

5CVSS6.9AI score0.02085EPSS
Exploits0
OSV
OSV
added 2021/11/17 8:15 p.m.6 views

AZL-44925 CVE-2021-41190 affecting package umoci 0.4.7-13

The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents...

5CVSS6.5AI score0.02085EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2021/11/17 8:15 p.m.39 views

CVE-2021-41190

The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents...

5CVSS6.6AI score0.02085EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2021/11/17 12:0 a.m.4 views

PT-2021-7848 · Unknown +7 · Oci Distribution Specification +7

Name of the Vulnerable Software and Affected Versions: OCI Distribution Specification versions 1.0.0 and prior Description: The issue concerns the OCI Distribution Specification, which defines an API protocol for content distribution. In versions 1.0.0 and prior, the Content-Type header alone was...

8.5CVSS6.8AI score0.27392EPSS
Exploits19References303
Rows per page
Query Builder