VYPR

apk package

wolfi/kyverno-cli-1.16

pkg:apk/wolfi/kyverno-cli-1.16

Vulnerabilities (45)

  • CVE-2026-22703Jan 10, 2026
    affected < 1.16.2-r2fixed 1.16.2-r2

    Cosign provides code signing and transparency for containers and binaries. Prior to versions 2.6.2 and 3.0.4, Cosign bundle can be crafted to successfully verify an artifact even if the embedded Rekor entry does not reference the artifact's digest, signature or public key. When v

  • CVE-2025-66564Dec 4, 2025
    affected < 1.16.2-r2fixed 1.16.2-r2

    Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits (via a call to strings.Split) an optionally-provided OID (which is untrusted data) on periods. Similarly, function api.getContentType splits t

  • CVE-2025-66506Dec 4, 2025
    affected < 1.16.2-r1fixed 1.16.2-r1

    Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.3, function identity.extractIssuerURL splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in th

  • CVE-2025-47914Nov 19, 2025
    affected < 1.16.0-r2fixed 1.16.0-r2

    SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.

  • CVE-2025-58181Nov 19, 2025
    affected < 1.16.0-r2fixed 1.16.0-r2

    SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.

Page 3 of 3