9 matches found
MAL-2026-4606 Malicious code in martinez-polygon-clipping-tony (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dabf04b2f99e28eb10740bd7459bf64513fac98a064b60071b1e7aabf8674dd0 Package name impersonates the legitimate martinez-polygon-clipping library: README, badges, and API surface are copied verbatim, while repository...
Docker before 1.3.3 does not properly validate image IDs which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation or (2) "registry communications."
...
DEBIAN-CVE-2014-9358
Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a 1 "docker load" operation or 2 "registry communications."...
UBUNTU-CVE-2014-9358
Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a 1 "docker load" operation or 2 "registry communications."...
CVE-2014-9358
Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a 1 "docker load" operation or 2 "registry communications."...
CVE-2014-9358
Docker before 1.3.3 is affected by CVE-2014-9358: it does not properly validate image IDs, enabling remote attackers to perform path traversal and spoof repositories via crafted images in docker load or during registry communications. Affected product: Docker engine up to 1.3.3 (CVE-2014-9358). R...
PT-2014-8958 · Docker +1 · Docker +1
Name of the Vulnerable Software and Affected Versions: Docker versions prior to 1.3.3 Description: The issue allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a "docker load" operation or "registry communications." This is due to improper...
Amazon Linux AMI : docker (ALAS-2014-461)
Path traversal attacks are possible in the processing of absolute symlinks. In checking symlinks for traversals, only relative links were considered. This allowed path traversals to exist where they should have otherwise been prevented. This was exploitable via both archive extraction and through...
docker: Path traversal and spoofing opportunities presented through image identifiers
Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a 1 "docker load" operation or 2 "registry communications."...