VYPR

apk package

chainguard/docker-machine-driver-harvester

pkg:apk/chainguard/docker-machine-driver-harvester

Vulnerabilities (59)

  • CVE-2025-47910MedSep 22, 2025
    affected < 1.0.3-r4fixed 1.0.3-r4

    When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended sec

  • CVE-2025-5187MedAug 27, 2025
    affected < 1.0.6-r4fixed 1.0.6-r4

    A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is su

  • CVE-2025-47907Aug 7, 2025
    affected < 1.0.3-r2fixed 1.0.3-r2

    Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the ex

  • CVE-2025-4563LowJun 23, 2025
    affected < 1.0.6-r4fixed 1.0.6-r4

    A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When the DynamicResourceAllocation feature gate is enabled, the controller properly validates resource claim statuses during pod status upda

  • CVE-2025-4673MedJun 11, 2025
    affected < 1.0.2-r2fixed 1.0.2-r2

    Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.

  • CVE-2025-22874HigJun 11, 2025
    affected < 1.0.2-r2fixed 1.0.2-r2

    Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.

  • CVE-2025-22872MedApr 16, 2025
    affected < 1.0.2-r1fixed 1.0.2-r1

    The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can resul

  • CVE-2024-7598LowMar 20, 2025
    affected < 0fixed 0

    A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined, and it is possible for

  • CVE-2025-1767MedMar 13, 2025
    affected < 0fixed 0

    This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using t

  • CVE-2024-36623Nov 29, 2024
    affected < 0fixed 0

    moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes.

  • CVE-2024-36621Nov 29, 2024
    affected < 1.0.5-r0fixed 1.0.5-r0

    moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion.

  • CVE-2024-33394May 2, 2024
    affected < 0fixed 0

    An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component.

  • CVE-2024-31420MedApr 3, 2024
    affected < 0fixed 0

    A NULL pointer dereference flaw was found in KubeVirt. This flaw allows an attacker who has access to a virtual machine guest on a node with DownwardMetrics enabled to cause a denial of service by issuing a high number of calls to vm-dump-metrics --virtio and then deleting the vi

  • CVE-2024-24557Feb 1, 2024
    affected < 1.0.5-r0fixed 1.0.5-r0

    Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause

  • CVE-2022-24769Mar 24, 2022
    affected < 1.0.5-r0fixed 1.0.5-r0

    Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atyp

  • CVE-2021-41091Oct 4, 2021
    affected < 1.0.5-r0fixed 1.0.5-r0

    Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivilege

  • CVE-2021-21284Feb 2, 2021
    affected < 1.0.5-r0fixed 1.0.5-r0

    In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesy

  • CVE-2021-21285Feb 2, 2021
    affected < 1.0.5-r0fixed 1.0.5-r0

    In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.

  • CVE-2020-27534Dec 30, 2020
    affected < 1.0.5-r0fixed 1.0.5-r0

    util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call.

Page 3 of 3