apk package
chainguard/kubelet-fips-1.27-default
pkg:apk/chainguard/kubelet-fips-1.27-default
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-24788 | Med | 5.9 | < 1.27.13-r1 | 1.27.13-r1 | May 8, 2024 | A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop. | |
| CVE-2024-3177 | Low | 2.7 | < 1.27.14-r0 | 1.27.14-r0 | Apr 22, 2024 | A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. T | |
| CVE-2024-28180 | — | < 0 | 0 | Mar 9, 2024 | Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now ret | ||
| CVE-2024-21626 | — | < 1.27.12-r1 | 1.27.12-r1 | Jan 31, 2024 | runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the h | ||
| CVE-2023-48795 | Med | 5.9 | < 1.27.12-r1 | 1.27.12-r1 | Dec 18, 2023 | The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end | |
| CVE-2023-47108 | — | < 1.27.12-r1 | 1.27.12-r1 | Nov 10, 2023 | OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. | ||
| CVE-2023-45142 | — | < 1.27.12-r1 | 1.27.12-r1 | Oct 12, 2023 | OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests | ||
| CVE-2023-2253 | — | < 1.27.12-r1 | 1.27.12-r1 | Jun 6, 2023 | A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the all |
- affected < 1.27.13-r1fixed 1.27.13-r1
A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.
- affected < 1.27.14-r0fixed 1.27.14-r0
A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. T
- CVE-2024-28180Mar 9, 2024affected < 0fixed 0
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now ret
- CVE-2024-21626Jan 31, 2024affected < 1.27.12-r1fixed 1.27.12-r1
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the h
- affected < 1.27.12-r1fixed 1.27.12-r1
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end
- CVE-2023-47108Nov 10, 2023affected < 1.27.12-r1fixed 1.27.12-r1
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality.
- CVE-2023-45142Oct 12, 2023affected < 1.27.12-r1fixed 1.27.12-r1
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests
- CVE-2023-2253Jun 6, 2023affected < 1.27.12-r1fixed 1.27.12-r1
A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the all