Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 53 results


CVE-2024-32473

Medium priority
Needs evaluation

Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. In 26.0.0, IPv6 is not disabled on network interfaces, including those...

2 affected packages

docker.io, docker.io-app

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
docker.io Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
docker.io-app Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-29018

Medium priority
Needs evaluation

Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows for many networks, each with...

2 affected packages

docker.io, docker.io-app

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
docker.io Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
docker.io-app Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-24557

Medium priority
Vulnerable

Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most...

2 affected packages

docker.io, docker.io-app

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
docker.io Vulnerable Vulnerable Vulnerable Vulnerable Not affected
docker.io-app Vulnerable Vulnerable Vulnerable Not in release Not in release
Show less packages

CVE-2024-23653

Medium priority
Vulnerable

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive...

2 affected packages

docker.io, docker.io-app

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
docker.io Vulnerable Vulnerable Vulnerable Vulnerable Not affected
docker.io-app Vulnerable Vulnerable Vulnerable Not in release Not in release
Show less packages

CVE-2024-23652

Medium priority
Vulnerable

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files...

2 affected packages

docker.io, docker.io-app

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
docker.io Vulnerable Vulnerable Vulnerable Vulnerable Ignored
docker.io-app Vulnerable Vulnerable Vulnerable Not in release Not in release
Show less packages

CVE-2024-23651

Medium priority
Vulnerable

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race...

2 affected packages

docker.io, docker.io-app

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
docker.io Vulnerable Vulnerable Vulnerable Vulnerable Not affected
docker.io-app Vulnerable Vulnerable Vulnerable Not in release Not in release
Show less packages

CVE-2024-23650

Medium priority
Vulnerable

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with...

2 affected packages

docker.io, docker.io-app

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
docker.io Vulnerable Vulnerable Vulnerable Vulnerable Not affected
docker.io-app Vulnerable Vulnerable Vulnerable Not in release Not in release
Show less packages

CVE-2023-26054

Medium priority
Not affected

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and...

2 affected packages

docker.io, docker.io-app

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
docker.io Not affected Not affected Not affected Not affected Not affected
docker.io-app Not affected Not affected Not affected Not in release Not in release
Show less packages

CVE-2022-36109

Medium priority

Some fixes available 3 of 5

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and...

1 affected packages

docker.io

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
docker.io Not affected Fixed Fixed Fixed Vulnerable
Show less packages

CVE-2021-41190

Low priority

Some fixes available 9 of 18

The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to...

3 affected packages

containerd, docker-registry, docker.io

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
containerd Fixed Fixed Fixed Fixed Needs evaluation
docker-registry Not affected Not affected Not affected Not affected Not affected
docker.io Not affected Not affected Not affected Vulnerable Vulnerable
Show less packages