VYPR

apk package

chainguard/ko

pkg:apk/chainguard/ko

Vulnerabilities (112)

  • CVE-2024-29018Mar 20, 2024
    affected < 0.15.2-r4fixed 0.15.2-r4

    Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows for many networks, each with their own IP address range and gateway, to be define

  • CVE-2024-28180Mar 9, 2024
    affected < 0.15.2-r3fixed 0.15.2-r3

    Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now ret

  • CVE-2023-48795MedDec 18, 2023
    affected < 0.15.1-r2fixed 0.15.1-r2

    The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end

  • CVE-2023-45284MedNov 9, 2023
    affected < 0fixed 0

    On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now corr

  • CVE-2023-45283HigNov 9, 2023
    affected < 0fixed 0

    The filepath package does not recognize paths with a \??\ prefix as special. On Windows, a path beginning with \??\ is a Root Local Device path equivalent to a path beginning with \\?\. Paths with a \??\ prefix may be used to access arbitrary locations on the system. For example,

  • CVE-2023-46737LowNov 7, 2023
    affected < 0.15.1-r0fixed 0.15.1-r0

    Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long

  • CVE-2023-44487HigKEVOct 10, 2023
    affected < 0.15.0-r1fixed 0.15.0-r1

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2023-24535HigJun 8, 2023
    affected < 0.13.0-r3fixed 0.13.0-r3

    Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic.

  • CVE-2023-30551HigMay 8, 2023
    affected < 0.13.0-r3fixed 0.13.0-r3

    Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can

  • CVE-2023-28842MedApr 4, 2023
    affected < 0.13.0-r3fixed 0.13.0-r3

    Moby) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docke

  • CVE-2023-28841MedApr 4, 2023
    affected < 0.13.0-r3fixed 0.13.0-r3

    Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docker

  • CVE-2023-28840HigApr 4, 2023
    affected < 0.13.0-r3fixed 0.13.0-r3

    Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docke

Page 6 of 6