apk package
chainguard/kyverno-reports-controller-fips-1.16
pkg:apk/chainguard/kyverno-reports-controller-fips-1.16
Vulnerabilities (43)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-22703 | — | < 1.16.3-r1 | 1.16.3-r1 | Jan 10, 2026 | Cosign provides code signing and transparency for containers and binaries. Prior to versions 2.6.2 and 3.0.4, Cosign bundle can be crafted to successfully verify an artifact even if the embedded Rekor entry does not reference the artifact's digest, signature or public key. When v | ||
| CVE-2025-66564 | — | < 1.16.3-r1 | 1.16.3-r1 | Dec 4, 2025 | Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits (via a call to strings.Split) an optionally-provided OID (which is untrusted data) on periods. Similarly, function api.getContentType splits t | ||
| CVE-2025-66506 | — | < 1.16.2-r1 | 1.16.2-r1 | Dec 4, 2025 | Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.3, function identity.extractIssuerURL splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in th |
- CVE-2026-22703Jan 10, 2026affected < 1.16.3-r1fixed 1.16.3-r1
Cosign provides code signing and transparency for containers and binaries. Prior to versions 2.6.2 and 3.0.4, Cosign bundle can be crafted to successfully verify an artifact even if the embedded Rekor entry does not reference the artifact's digest, signature or public key. When v
- CVE-2025-66564Dec 4, 2025affected < 1.16.3-r1fixed 1.16.3-r1
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits (via a call to strings.Split) an optionally-provided OID (which is untrusted data) on periods. Similarly, function api.getContentType splits t
- CVE-2025-66506Dec 4, 2025affected < 1.16.2-r1fixed 1.16.2-r1
Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.3, function identity.extractIssuerURL splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in th
Page 3 of 3