VYPR

apk package

chainguard/kubescape

pkg:apk/chainguard/kubescape

Vulnerabilities (117)

  • CVE-2024-25620Feb 14, 2024
    affected < 3.0.3-r8fixed 3.0.3-r8

    Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whose name within the `Chart.yaml` file includes a relative path change, the chart would be saved outside its expected direct

  • CVE-2024-24557Feb 1, 2024
    affected < 3.0.7-r1fixed 3.0.7-r1

    Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause

  • CVE-2024-23653Jan 31, 2024
    affected < 3.0.3-r7fixed 3.0.3-r7

    BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use th

  • CVE-2024-23652Jan 31, 2024
    affected < 3.0.3-r7fixed 3.0.3-r7

    BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files created for the mountpoints into removing a file o

  • CVE-2024-23651Jan 31, 2024
    affected < 3.0.3-r7fixed 3.0.3-r7

    BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host syste

  • CVE-2024-23650Jan 31, 2024
    affected < 3.0.3-r7fixed 3.0.3-r7

    BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a

  • CVE-2024-21626Jan 31, 2024
    affected < 3.0.3-r7fixed 3.0.3-r7

    runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the h

  • CVE-2024-24579Jan 31, 2024
    affected < 3.0.3-r7fixed 3.0.3-r7

    stereoscope is a go library for processing container images and simulating a squash filesystem. Prior to version 0.0.1, it is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive

  • CVE-2024-21664Jan 9, 2024
    affected < 3.0.3-r4fixed 3.0.3-r4

    jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. Calling `jws.Parse` with a JSON serialized payload where the `signature` field is present while `protected` is absent can lead to a nil pointer dereference. The vulnerability

  • CVE-2023-48795MedDec 18, 2023
    affected < 3.0.3-r1fixed 3.0.3-r1

    The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end

  • CVE-2023-49290Dec 4, 2023
    affected < 3.0.3-r4fixed 3.0.3-r4

    lestrrat-go/jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. A p2c parameter set too high in JWE's algorithm PBES2-* could lead to a denial of service. The JWE key management algorithms based on PBKDF2 require a JOSE Header

  • CVE-2023-47108Nov 10, 2023
    affected < 3.0.3-r1fixed 3.0.3-r1

    OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality.

  • CVE-2023-45284Nov 9, 2023
    affected < 0fixed 0

    On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now corr

  • CVE-2023-45283Nov 9, 2023
    affected < 0fixed 0

    The filepath package does not recognize paths with a \??\ prefix as special. On Windows, a path beginning with \??\ is a Root Local Device path equivalent to a path beginning with \\?\. Paths with a \??\ prefix may be used to access arbitrary locations on the system. For example,

  • CVE-2023-46737Nov 7, 2023
    affected < 3.0.3-r3fixed 3.0.3-r3

    Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long

  • CVE-2023-39325Oct 11, 2023
    affected < 3.0.0-r0fixed 3.0.0-r0

    A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attack

  • CVE-2023-44487HigKEVOct 10, 2023
    affected < 3.0.0-r0fixed 3.0.0-r0

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Page 6 of 6