VYPR

apk package

chainguard/envoy-gateway-fips-1.7-egctl

pkg:apk/chainguard/envoy-gateway-fips-1.7-egctl

Vulnerabilities (12)

  • CVE-2026-50162modJul 1, 2026
    affected < 1.7.4-r1fixed 1.7.4-r1

    oras-go: oras-go: File store write outside working directory via symlink traversal

  • CVE-2026-50151modJul 1, 2026
    affected < 1.7.4-r1fixed 1.7.4-r1

    oras-go: oras-go: Credential forwarding via unvalidated Location header during blob upload

  • CVE-2026-48978lowJul 1, 2026
    affected < 1.7.4-r1fixed 1.7.4-r1

    oras-go: oras-go: Information disclosure and TLS downgrade via malicious registry realm

  • CVE-2026-53488higJun 19, 2026
    affected < 1.7.4-r2fixed 1.7.4-r2

    ### Impact A bug was found in containerd where the CRI plugin propagates labels from an image config (`LABEL` instruction in Dockerfile) to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels f

  • CVE-2026-47262Jun 19, 2026
    affected < 1.7.4-r2fixed 1.7.4-r2

    ### Impact A vulnerability in containerd allows a maliciously crafted image to cause a Denial of Service (DoS) condition. When creating a container from this image, memory exhaustion occurs, leading to an Out Of Memory (OOM) kill of the containerd process. This renders the contai

  • CVE-2026-42306HigJun 12, 2026
    affected < 1.8.2-r0fixed 1.8.2-r0

    Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to redirect a bind mount targe

  • CVE-2026-41568MedJun 12, 2026
    affected < 1.8.2-r0fixed 1.8.2-r0

    Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to create empty files or direc

  • CVE-2026-41567HigJun 5, 2026
    affected < 1.8.2-r0fixed 1.8.2-r0

    Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via `PUT /containers/{id}/archive` or piped through `docker cp -`, the daemon resolves decompression binaries

  • CVE-2026-41178MedJun 4, 2026
    affected < 1.8.2-r0fixed 1.8.2-r0

    OpenTelemetry-Go is the Go implementation of OpenTelemetry. Versions 1.41.0 and 1.43.0 removed raw-length rejection and it causes `Parse` to process arbitrarily large/invalid baggage headers and log errors, enabling DoS via oversized inputs. Versions 1.42.0 and 1.44.0 fix the iss

  • CVE-2026-34040HigMar 31, 2026
    affected < 1.8.2-r0fixed 1.8.2-r0

    Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.

  • CVE-2026-33997MedMar 31, 2026
    affected < 1.8.2-r0fixed 1.8.2-r0

    Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorre

  • CVE-2026-26958LowFeb 19, 2026
    affected < 1.8.2-r0fixed 1.8.2-r0

    filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for building cryptographic primitives. In versions 1.1.0 and earlier, MultiScalarMult produces invalid results or undefined behavior if the receiver is not the identity point. If (*Poin