Search CVE reports
1 – 3 of 3 results
CVE-2023-2253
Medium prioritySome fixes available 5 of 6
A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an...
1 affected packages
docker-registry
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| docker-registry | — | Fixed | Fixed | Fixed | Fixed |
CVE-2021-41190
Low prioritySome fixes available 8 of 17
The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to...
3 affected packages
containerd, docker-registry, docker.io
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| containerd | Fixed | Fixed | Fixed | Fixed | Needs evaluation |
| docker-registry | Not affected | Not affected | Not affected | Not affected | Not affected |
| docker.io | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
CVE-2017-11468
Low prioritySome fixes available 1 of 3
Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.
1 affected packages
docker-registry
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| docker-registry | — | Not affected | Not affected | Not affected | Fixed |