Search CVE reports
1 – 3 of 3 results
Some fixes available 5 of 6
A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an...
1 affected package
docker-registry
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| docker-registry | Not affected | Fixed | Fixed | Fixed |
Some fixes available 10 of 19
The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to...
3 affected packages
docker.io, containerd, docker-registry
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| docker.io | Not affected | Not affected | Not affected | Vulnerable |
| containerd | Fixed | Fixed | Fixed | Fixed |
| docker-registry | Not affected | Not affected | Not affected | Not affected |
Some fixes available 1 of 3
Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.
1 affected package
docker-registry
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| docker-registry | — | Not affected | Not affected | Not affected |