VYPR

apk package

chainguard/kayenta-2026.1

pkg:apk/chainguard/kayenta-2026.1

Vulnerabilities (33)

  • CVE-2026-42577HigMay 13, 2026
    affected < 2026.1.0-r0fixed 2026.1.0-r0

    Netty is an asynchronous, event-driven network application framework. From 4.2.0.Final to 4.2.13.Final , Netty's epoll transport fails to detect and close TCP connections that receive a RST after being half-closed, leading to stale channels that are never cleaned up and, in some

  • CVE-2026-43515CriMay 12, 2026
    affected < 2026.1.0-r1fixed 2026.1.0-r1

    Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 throug

  • CVE-2026-43514LowMay 12, 2026
    affected < 2026.1.0-r1fixed 2026.1.0-r1

    Observable Timing Discrepancy vulnerability when comparing AJP secret in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Older

  • CVE-2026-43513HigMay 12, 2026
    affected < 2026.1.0-r1fixed 2026.1.0-r1

    Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Older un

  • CVE-2026-43512CriMay 12, 2026
    affected < 2026.1.0-r1fixed 2026.1.0-r1

    DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0. Older

  • CVE-2026-42498HigMay 12, 2026
    affected < 2026.1.0-r1fixed 2026.1.0-r1

    Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.2 through 9.0.117, from 8.5.24 through 8.5.100, f

  • CVE-2026-41293CriMay 12, 2026
    affected < 2026.1.0-r1fixed 2026.1.0-r1

    Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 10.0.0-M1 through 10.0.27. Older, end of support versions may also be affected. Users

  • CVE-2026-41284HigMay 12, 2026
    affected < 2026.1.0-r1fixed 2026.1.0-r1

    Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117. Older, unsupported versions may also be affected. Users are reco

  • CVE-2026-41417MedMay 6, 2026
    affected < 2026.1.0-r1fixed 2026.1.0-r1

    Netty allows request-line validation to be bypassed when a `DefaultHttpRequest` or `DefaultFullHttpRequest` is created first and its URI is later changed via `setUri()`. The constructors reject CRLF and whitespace characters that would break the start-line, but `setUri()` does no

  • CVE-2026-42198HigApr 29, 2026
    affected < 2026.1.0-r1fixed 2026.1.0-r1

    pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. A malicious server can instruct the driver to perform SCRAM authentication with a very larg

  • CVE-2024-29371Dec 17, 2025
    affected < 2026.1.0-r1fixed 2026.1.0-r1

    In jose4j before 0.9.6, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and proc

  • CVE-2024-25710Feb 19, 2024
    affected < 2026.1.0-r1fixed 2026.1.0-r1

    Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue.

  • CVE-2024-26308Feb 19, 2024
    affected < 2026.1.0-r1fixed 2026.1.0-r1

    Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue.

Page 2 of 2