VYPR

apk package

chainguard/ko-fips

pkg:apk/chainguard/ko-fips

Vulnerabilities (109)

  • CVE-2024-24788MedMay 8, 2024
    affected < 0.15.2-r6fixed 0.15.2-r6

    A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.

  • CVE-2024-24787MedMay 8, 2024
    affected < 0.15.2-r6fixed 0.15.2-r6

    On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.

  • CVE-2024-29903Apr 10, 2024
    affected < 0.15.2-r4fixed 0.15.2-r4

    Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, maliciously-crafted software artifacts can cause denial of service of the machine running Cosign thereby impacting all services on the machine. The root cause is that Cosign creates

  • CVE-2024-29902Apr 10, 2024
    affected < 0.15.2-r4fixed 0.15.2-r4

    Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, a remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory a

  • CVE-2023-45288HigApr 4, 2024
    affected < 0.15.2-r5fixed 0.15.2-r5

    An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed Ma

  • CVE-2024-28180Mar 9, 2024
    affected < 0.15.1-r5fixed 0.15.1-r5

    Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now ret

  • CVE-2024-24557MedFeb 1, 2024
    affected < 0.15.2-r0fixed 0.15.2-r0

    Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause

  • CVE-2023-48795MedDec 18, 2023
    affected < 0.15.1-r3fixed 0.15.1-r3

    The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end

  • CVE-2020-8559MedJul 22, 2020
    affected < 0.17.1-r10fixed 0.17.1-r10

    The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.

Page 6 of 6