apk package
chainguard/metricbeat-fips-7
pkg:apk/chainguard/metricbeat-fips-7
Vulnerabilities (49)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-40635 | Med | 4.6 | < 7.17.28-r5 | 7.17.28-r5 | Mar 17, 2025 | containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a `UID:GID` larger than the maximum 32-bit signed integer can cause an overflow condition where the container ult | |
| CVE-2025-22870 | Med | 4.4 | < 7.17.28-r3 | 7.17.28-r3 | Mar 12, 2025 | Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied. | |
| CVE-2025-22869 | Hig | 7.5 | < 7.17.28-r2 | 7.17.28-r2 | Feb 26, 2025 | SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted. | |
| CVE-2025-22868 | Hig | 7.5 | < 7.17.28-r1 | 7.17.28-r1 | Feb 26, 2025 | An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. | |
| CVE-2024-45338 | Med | 5.3 | < 7.17.26-r2 | 7.17.26-r2 | Dec 18, 2024 | An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service. | |
| CVE-2024-45337 | Cri | 9.1 | < 7.17.26-r1 | 7.17.26-r1 | Dec 12, 2024 | Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that | |
| CVE-2020-13401 | Med | 6.0 | < 7.17.28-r5 | 7.17.28-r5 | Jun 2, 2020 | An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service. | |
| CVE-2019-3826 | Med | 6.1 | < 0 | 0 | Mar 26, 2019 | A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scri | |
| CVE-2018-20699 | Med | 4.9 | < 7.17.28-r5 | 7.17.28-r5 | Jan 12, 2019 | Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go. |
- affected < 7.17.28-r5fixed 7.17.28-r5
containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a `UID:GID` larger than the maximum 32-bit signed integer can cause an overflow condition where the container ult
- affected < 7.17.28-r3fixed 7.17.28-r3
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.
- affected < 7.17.28-r2fixed 7.17.28-r2
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.
- affected < 7.17.28-r1fixed 7.17.28-r1
An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.
- affected < 7.17.26-r2fixed 7.17.26-r2
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.
- affected < 7.17.26-r1fixed 7.17.26-r1
Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that
- affected < 7.17.28-r5fixed 7.17.28-r5
An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service.
- affected < 0fixed 0
A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scri
- affected < 7.17.28-r5fixed 7.17.28-r5
Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go.
Page 3 of 3