VYPR

apk package

chainguard/gitlab-docker-machine-fips-17.6

pkg:apk/chainguard/gitlab-docker-machine-fips-17.6

Vulnerabilities (9)

  • CVE-2025-22866MedFeb 6, 2025
    affected < 17.6.0-r4fixed 17.6.0-r4

    Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recover

  • CVE-2024-45338MedDec 18, 2024
    affected < 17.6.0-r2fixed 17.6.0-r2

    An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

  • CVE-2024-45337CriDec 12, 2024
    affected < 17.6.0-r1fixed 17.6.0-r1

    Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that

  • CVE-2024-11828Nov 26, 2024
    affected < 17.6.1-r0fixed 17.6.1-r0

    A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls. This was a regr

  • CVE-2024-11669Nov 26, 2024
    affected < 17.6.1-r0fixed 17.6.1-r0

    An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to overly broad application of token scopes.

  • CVE-2024-8114Nov 26, 2024
    affected < 17.6.1-r0fixed 17.6.1-r0

    An issue has been discovered in GitLab CE/EE affecting all versions from 8.12 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. This issue allows an attacker with access to a victim's Personal Access Token (PAT) to escalate privileges.

  • CVE-2024-8177Nov 26, 2024
    affected < 17.6.1-r0fixed 17.6.1-r0

    An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.4.5, starting from 17.5 prior to 17.5.3, starting from 17.6 prior to 17.6.1 which could cause Denial of Service via integrating a malicious harbor registry.

  • CVE-2024-8237Nov 26, 2024
    affected < 17.6.1-r0fixed 17.6.1-r0

    A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 12.6 prior to 17.4.5, 17.5 prior to 17.5.3, and 17.6 prior to 17.6.1. An attacker could cause a denial of service with a crafted cargo.toml file.

  • CVE-2024-11668Nov 26, 2024
    affected < 17.6.1-r0fixed 17.6.1-r0

    An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Long-lived connections could potentially bypass authentication controls, allowing unauthorized access to streaming results.