apk package
chainguard/neuvector-scanner-monitor-fips
pkg:apk/chainguard/neuvector-scanner-monitor-fips
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-34158 | Hig | 7.5 | < 0_git20240528-r6 | 0_git20240528-r6 | Sep 6, 2024 | Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. | |
| CVE-2024-34156 | Hig | 7.5 | < 0_git20240528-r6 | 0_git20240528-r6 | Sep 6, 2024 | Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. | |
| CVE-2024-34155 | Med | 4.3 | < 0_git20240528-r6 | 0_git20240528-r6 | Sep 6, 2024 | Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. | |
| CVE-2024-45310 | — | < 0_git20240528-r5 | 0_git20240528-r5 | Sep 3, 2024 | runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between | ||
| CVE-2024-41110 | Cri | 9.9 | < 0_git20240528-r3 | 0_git20240528-r3 | Jul 24, 2024 | Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood |
- affected < 0_git20240528-r6fixed 0_git20240528-r6
Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
- affected < 0_git20240528-r6fixed 0_git20240528-r6
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
- affected < 0_git20240528-r6fixed 0_git20240528-r6
Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.
- CVE-2024-45310Sep 3, 2024affected < 0_git20240528-r5fixed 0_git20240528-r5
runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between
- affected < 0_git20240528-r3fixed 0_git20240528-r3
Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood
Page 2 of 2