apk package
chainguard/kubectl-1.29-bitnami-compat
pkg:apk/chainguard/kubectl-1.29-bitnami-compat
Vulnerabilities (31)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-24786 | Hig | 7.5 | < 1.29.3-r0 | 1.29.3-r0 | Mar 5, 2024 | The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set. | |
| CVE-2024-21626 | — | < 1.29.3-r1 | 1.29.3-r1 | Jan 31, 2024 | runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the h | ||
| CVE-2023-48795 | Med | 5.9 | < 1.29.3-r1 | 1.29.3-r1 | Dec 18, 2023 | The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end | |
| CVE-2023-47108 | — | < 1.29.3-r1 | 1.29.3-r1 | Nov 10, 2023 | OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. | ||
| CVE-2023-45142 | — | < 1.29.3-r1 | 1.29.3-r1 | Oct 12, 2023 | OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests | ||
| CVE-2021-25740 | — | < 0 | 0 | Sep 20, 2021 | A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack. | ||
| CVE-2020-8554 | — | < 0 | 0 | Jan 21, 2021 | Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and | ||
| CVE-2016-7075 | — | < 0 | 0 | Sep 10, 2018 | It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate. | ||
| CVE-2015-7561 | Low | 3.1 | < 0 | 0 | Aug 7, 2017 | Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image. | |
| CVE-2016-1906 | Cri | 9.8 | < 0 | 0 | Feb 3, 2016 | Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed. | |
| CVE-2016-1905 | Hig | 7.7 | < 0 | 0 | Feb 3, 2016 | The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object. |
- affected < 1.29.3-r0fixed 1.29.3-r0
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
- CVE-2024-21626Jan 31, 2024affected < 1.29.3-r1fixed 1.29.3-r1
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the h
- affected < 1.29.3-r1fixed 1.29.3-r1
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end
- CVE-2023-47108Nov 10, 2023affected < 1.29.3-r1fixed 1.29.3-r1
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality.
- CVE-2023-45142Oct 12, 2023affected < 1.29.3-r1fixed 1.29.3-r1
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests
- CVE-2021-25740Sep 20, 2021affected < 0fixed 0
A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.
- CVE-2020-8554Jan 21, 2021affected < 0fixed 0
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and
- CVE-2016-7075Sep 10, 2018affected < 0fixed 0
It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate.
- affected < 0fixed 0
Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image.
- affected < 0fixed 0
Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed.
- affected < 0fixed 0
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.
Page 2 of 2