apk package
chainguard/loki-2.9-promtail
pkg:apk/chainguard/loki-2.9-promtail
Vulnerabilities (47)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-41110 | Cri | 9.9 | < 2.9.17-r0 | 2.9.17-r0 | Jul 24, 2024 | Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood | |
| CVE-2024-6104 | — | < 2.9.8-r4 | 2.9.8-r4 | Jun 24, 2024 | go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7. | ||
| CVE-2024-35255 | — | < 2.9.8-r3 | 2.9.8-r3 | Jun 11, 2024 | Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability | ||
| CVE-2024-24789 | — | < 2.9.8-r2 | 2.9.8-r2 | Jun 5, 2024 | The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip pac | ||
| CVE-2024-24790 | — | < 2.9.8-r2 | 2.9.8-r2 | Jun 5, 2024 | The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. | ||
| CVE-2024-29018 | — | < 2.9.8-r1 | 2.9.8-r1 | Mar 20, 2024 | Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows for many networks, each with their own IP address range and gateway, to be define | ||
| CVE-2024-24557 | — | < 2.9.8-r1 | 2.9.8-r1 | Feb 1, 2024 | Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause |
- affected < 2.9.17-r0fixed 2.9.17-r0
Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood
- CVE-2024-6104Jun 24, 2024affected < 2.9.8-r4fixed 2.9.8-r4
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.
- CVE-2024-35255Jun 11, 2024affected < 2.9.8-r3fixed 2.9.8-r3
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
- CVE-2024-24789Jun 5, 2024affected < 2.9.8-r2fixed 2.9.8-r2
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip pac
- CVE-2024-24790Jun 5, 2024affected < 2.9.8-r2fixed 2.9.8-r2
The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.
- CVE-2024-29018Mar 20, 2024affected < 2.9.8-r1fixed 2.9.8-r1
Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows for many networks, each with their own IP address range and gateway, to be define
- CVE-2024-24557Feb 1, 2024affected < 2.9.8-r1fixed 2.9.8-r1
Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause
Page 3 of 3