VYPR

apk package

chainguard/spire-oidc-discovery-provider-fips

pkg:apk/chainguard/spire-oidc-discovery-provider-fips

Vulnerabilities (62)

  • CVE-2023-46737Nov 7, 2023
    affected < 1.8.5-r0fixed 1.8.5-r0

    Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long

  • CVE-2020-8559Jul 22, 2020
    affected < 1.12.0-r0fixed 1.12.0-r0

    The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.

Page 4 of 4