VYPR

apk package

chainguard/k3s-1.33

pkg:apk/chainguard/k3s-1.33

Vulnerabilities (89)

  • CVE-2025-47913Nov 13, 2025
    affected < 1.33.10.1-r12fixed 1.33.10.1-r12

    SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.

  • CVE-2025-64329Nov 7, 2025
    affected < 0fixed 0

    containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks

  • CVE-2025-52881Nov 6, 2025
    affected < 1.33.7.1-r0fixed 1.33.7.1-r0

    runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have

  • CVE-2025-52565Nov 6, 2025
    affected < 1.33.5.1-r2fixed 1.33.5.1-r2

    runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the conta

  • CVE-2025-31133Nov 6, 2025
    affected < 1.33.5.1-r2fixed 1.33.5.1-r2

    runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container

  • CVE-2024-25621Nov 6, 2025
    affected < 0fixed 0

    containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths `/var/lib/containerd`, `/run/containerd

  • CVE-2025-59530HigOct 10, 2025
    affected < 1.33.5.1-r1fixed 1.33.5.1-r1

    quic-go is an implementation of the QUIC protocol in Go. In versions prior to 0.49.0, 0.54.1, and 0.55.0, a misbehaving or malicious server can cause a denial-of-service (DoS) attack on the quic-go client by triggering an assertion failure, leading to a process crash. This requir

  • CVE-2025-54410Jul 30, 2025
    affected < 1.33.10.1-r5fixed 1.33.10.1-r5

    Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby releases before 28.0.0. When firewalld reloads, Docker fail

  • CVE-2024-36623Nov 29, 2024
    affected < 1.33.10.1-r5fixed 1.33.10.1-r5

    moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes.

Page 5 of 5