VYPR

apk package

chainguard/mattermost-fips-11.5

pkg:apk/chainguard/mattermost-fips-11.5

Vulnerabilities (46)

  • CVE-2026-32281HigApr 8, 2026
    affected < 11.5.3-r0fixed 11.5.3-r0

    Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root C

  • CVE-2026-32280HigApr 8, 2026
    affected < 11.5.3-r0fixed 11.5.3-r0

    During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls

  • CVE-2026-27140HigApr 8, 2026
    affected < 11.5.3-r0fixed 11.5.3-r0

    SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass.

  • CVE-2026-33487HigMar 26, 2026
    affected < 11.5.1-r2fixed 11.5.1-r2

    goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the `validateSignature` function in `validate.go` goes through the references in the `SignedInfo` block to find one that matches the signed element's ID. In Go versions before 1.22, or when `go.mo

  • CVE-2026-33809MedMar 25, 2026
    affected < 11.5.3-r0fixed 11.5.3-r0

    A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error.

  • CVE-2026-33186CriMar 20, 2026
    affected < 11.5.1-r1fixed 11.5.1-r1

    gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omi

Page 3 of 3