VYPR

apk package

chainguard/gitlab-toolbox-ce-fips-18.8

pkg:apk/chainguard/gitlab-toolbox-ce-fips-18.8

Vulnerabilities (5)

  • CVE-2026-30922HigMar 18, 2026
    affected < 18.8.5-r1fixed 18.8.5-r1

    pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousa

  • CVE-2026-27459Mar 17, 2026
    affected < 18.8.5-r1fixed 18.8.5-r1

    pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Sta

  • CVE-2026-27448Mar 17, 2026
    affected < 18.8.5-r1fixed 18.8.5-r1

    pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to `set_tlsext_servername_callback` raised an unhandled exception, this would result in a connection being accepted. If a user was relying

  • CVE-2026-26007Feb 10, 2026
    affected < 18.8.5-r1fixed 18.8.5-r1

    cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the public_key_from_numbers (or EllipticCurvePublicNumbers.public_key()), EllipticCurvePublicNumbers.public_key(), load_der_public_key() and load_pem_public_ke

  • CVE-2024-12797MedFeb 11, 2025
    affected < 18.8.5-r1fixed 18.8.5-r1

    Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode is set. Impact summary: TLS and DTLS connections u