VYPR

apk package

chainguard/ctop

pkg:apk/chainguard/ctop

Vulnerabilities (91)

  • CVE-2024-24786HigMar 5, 2024
    affected < 0.7.7-r13fixed 0.7.7-r13

    The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

  • CVE-2024-24785MedMar 5, 2024
    affected < 0.7.7-r11fixed 0.7.7-r11

    If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.

  • CVE-2024-24784HigMar 5, 2024
    affected < 0.7.7-r11fixed 0.7.7-r11

    The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.

  • CVE-2024-24783MedMar 5, 2024
    affected < 0.7.7-r11fixed 0.7.7-r11

    Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The defaul

  • CVE-2023-45290MedMar 5, 2024
    affected < 0.7.7-r11fixed 0.7.7-r11

    When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line

  • CVE-2023-45289MedMar 5, 2024
    affected < 0.7.7-r11fixed 0.7.7-r11

    When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorizati

  • CVE-2024-24557MedFeb 1, 2024
    affected < 0.7.7-r13fixed 0.7.7-r13

    Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause

  • CVE-2024-21626HigJan 31, 2024
    affected < 0.7.7-r13fixed 0.7.7-r13

    runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the h

  • CVE-2023-45285HigDec 6, 2023
    affected < 0.7.7-r10fixed 0.7.7-r10

    Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not

  • CVE-2023-39326MedDec 6, 2023
    affected < 0.7.7-r10fixed 0.7.7-r10

    A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of d

  • CVE-2023-45284MedNov 9, 2023
    affected < 0fixed 0

    On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now corr

  • CVE-2023-45283HigNov 9, 2023
    affected < 0fixed 0

    The filepath package does not recognize paths with a \??\ prefix as special. On Windows, a path beginning with \??\ is a Root Local Device path equivalent to a path beginning with \\?\. Paths with a \??\ prefix may be used to access arbitrary locations on the system. For example,

  • CVE-2023-28842MedApr 4, 2023
    affected < 0.7.7-r13fixed 0.7.7-r13

    Moby) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docke

  • CVE-2023-28841MedApr 4, 2023
    affected < 0.7.7-r13fixed 0.7.7-r13

    Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docker

  • CVE-2023-28840HigApr 4, 2023
    affected < 0.7.7-r13fixed 0.7.7-r13

    Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docke

  • CVE-2023-28642MedMar 29, 2023
    affected < 0.7.7-r13fixed 0.7.7-r13

    runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibitin

  • CVE-2023-25809MedMar 29, 2023
    affected < 0.7.7-r13fixed 0.7.7-r13

    runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes `/sys/fs/cgroup` writable in following conditons: 1. when runc is executed inside the user namespace, and the `config.json` does n

  • CVE-2023-27561HigMar 3, 2023
    affected < 0.7.7-r13fixed 0.7.7-r13

    runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this is

  • CVE-2023-25173MedFeb 16, 2023
    affected < 0.7.7-r13fixed 0.7.7-r13

    containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group acces

  • CVE-2023-25153MedFeb 16, 2023
    affected < 0.7.7-r13fixed 0.7.7-r13

    containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of se

Page 4 of 5