rpm package
opensuse/docker-compose&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/docker-compose&distro=openSUSE%20Tumbleweed
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-28840 | — | < 2.17.3-1.1 | 2.17.3-1.1 | Apr 4, 2023 | Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docke | ||
| CVE-2022-41723 | — | < 2.17.0-1.1 | 2.17.0-1.1 | Feb 28, 2023 | A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. | ||
| CVE-2022-39253 | — | < 2.12.2-1.1 | 2.12.2-1.1 | Oct 19, 2022 | Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and ta | ||
| CVE-2022-2879 | — | < 2.12.0-1.1 | 2.12.0-1.1 | Oct 14, 2022 | Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 Mi | ||
| CVE-2022-27664 | — | < 2.15.1-1.1 | 2.15.1-1.1 | Sep 6, 2022 | In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. |
- CVE-2023-28840Apr 4, 2023affected < 2.17.3-1.1fixed 2.17.3-1.1
Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docke
- CVE-2022-41723Feb 28, 2023affected < 2.17.0-1.1fixed 2.17.0-1.1
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
- CVE-2022-39253Oct 19, 2022affected < 2.12.2-1.1fixed 2.12.2-1.1
Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and ta
- CVE-2022-2879Oct 14, 2022affected < 2.12.0-1.1fixed 2.12.0-1.1
Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 Mi
- CVE-2022-27664Sep 6, 2022affected < 2.15.1-1.1fixed 2.15.1-1.1
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.