VYPR

apk package

chainguard/kubescape

pkg:apk/chainguard/kubescape

Vulnerabilities (146)

  • CVE-2024-0406Apr 6, 2024
    affected < 3.0.10-r0fixed 3.0.10-r0

    A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or applic

  • CVE-2023-45288HigApr 4, 2024
    affected < 3.0.8-r3fixed 3.0.8-r3

    An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed Ma

  • CVE-2024-29018Mar 20, 2024
    affected < 3.0.7-r1fixed 3.0.7-r1

    Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows for many networks, each with their own IP address range and gateway, to be define

  • CVE-2024-28180Mar 9, 2024
    affected < 3.0.43-r0fixed 3.0.43-r0

    Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now ret

  • CVE-2024-24786HigMar 5, 2024
    affected < 3.0.6-r1fixed 3.0.6-r1

    The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

  • CVE-2019-25210Mar 3, 2024
    affected < 0fixed 0

    An issue was discovered in Cloud Native Computing Foundation (CNCF) Helm through 3.13.3. It displays values of secrets when the --dry-run flag is used. This is a security concern in some use cases, such as a --dry-run call by a CI/CD tool. NOTE: the vendor's position is that this

  • CVE-2024-26147Feb 21, 2024
    affected < 3.0.3-r8fixed 3.0.3-r8

    Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an `index.yaml` file or a plugins `plugin.yaml` file were missing all m

  • CVE-2024-25620Feb 14, 2024
    affected < 3.0.3-r8fixed 3.0.3-r8

    Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whose name within the `Chart.yaml` file includes a relative path change, the chart would be saved outside its expected direct

  • CVE-2024-24557Feb 1, 2024
    affected < 3.0.7-r1fixed 3.0.7-r1

    Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause

  • CVE-2024-23653Jan 31, 2024
    affected < 3.0.3-r7fixed 3.0.3-r7

    BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use th

  • CVE-2024-23652Jan 31, 2024
    affected < 3.0.3-r7fixed 3.0.3-r7

    BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files created for the mountpoints into removing a file o

  • CVE-2024-23651Jan 31, 2024
    affected < 3.0.3-r7fixed 3.0.3-r7

    BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host syste

  • CVE-2024-23650Jan 31, 2024
    affected < 3.0.3-r7fixed 3.0.3-r7

    BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a

  • CVE-2024-21626Jan 31, 2024
    affected < 3.0.3-r7fixed 3.0.3-r7

    runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the h

  • CVE-2024-24579Jan 31, 2024
    affected < 3.0.3-r7fixed 3.0.3-r7

    stereoscope is a go library for processing container images and simulating a squash filesystem. Prior to version 0.0.1, it is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive

  • CVE-2024-21664Jan 9, 2024
    affected < 3.0.3-r4fixed 3.0.3-r4

    jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. Calling `jws.Parse` with a JSON serialized payload where the `signature` field is present while `protected` is absent can lead to a nil pointer dereference. The vulnerability

  • CVE-2023-48795MedDec 18, 2023
    affected < 3.0.3-r1fixed 3.0.3-r1

    The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end

  • CVE-2023-49290Dec 4, 2023
    affected < 3.0.3-r4fixed 3.0.3-r4

    lestrrat-go/jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. A p2c parameter set too high in JWE's algorithm PBES2-* could lead to a denial of service. The JWE key management algorithms based on PBKDF2 require a JOSE Header

  • CVE-2023-47108Nov 10, 2023
    affected < 3.0.3-r1fixed 3.0.3-r1

    OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality.

  • CVE-2023-45284Nov 9, 2023
    affected < 0fixed 0

    On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now corr

Page 7 of 8