docker.io/cloudflare/cloudflared:2026.5.0 linux/amd64

docker.io/cloudflare/cloudflared:2026.5.0 - Trivy安全扫描结果 扫描时间: 2026-05-14 15:55
全部漏洞信息
低危漏洞:7 中危漏洞:11 高危漏洞:8 严重漏洞:1

系统OS: debian 13.4 扫描引擎: Trivy 扫描时间: 2026-05-14 15:55

docker.io/cloudflare/cloudflared:2026.5.0 (debian 13.4) (debian)
低危漏洞:7 中危漏洞:8 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
libc6 CVE-2026-4046 中危 2.41-12+deb13u2 glibc: glibc: Denial of Service via iconv() function with specific character sets

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4046

镜像层: sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1

发布日期: 2026-03-30 18:16 修改: 2026-04-20 22:16
libc6 CVE-2026-4437 中危 2.41-12+deb13u2 glibc: glibc: Incorrect DNS response parsing via crafted DNS server response

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4437

镜像层: sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1

发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:41
libc6 CVE-2026-4438 中危 2.41-12+deb13u2 glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4438

镜像层: sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1

发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:40
libc6 CVE-2026-5435 中危 2.41-12+deb13u2 glibc: glibc: Out-of-bounds write via TSIG record processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5435

镜像层: sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1

发布日期: 2026-04-28 13:19 修改: 2026-05-05 17:38
libc6 CVE-2026-5450 中危 2.41-12+deb13u2 glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5450

镜像层: sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1

发布日期: 2026-04-20 21:16 修改: 2026-04-23 15:33
libc6 CVE-2026-5928 中危 2.41-12+deb13u2 glibc: glibc: Information disclosure or denial of service via ungetwc function with specific wide character encodings

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5928

镜像层: sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1

发布日期: 2026-04-20 21:16 修改: 2026-04-23 15:33
libc6 CVE-2026-6238 中危 2.41-12+deb13u2 glibc: glibc: Application crash or uninitialized memory read via crafted DNS response

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6238

镜像层: sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1

发布日期: 2026-04-28 19:37 修改: 2026-05-04 17:57
zlib1g CVE-2026-27171 中危 1:1.3.dfsg+really1.3.1-1+b1 zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27171

镜像层: sha256:e4ba966d7f0527dfe0fcb559e4e18d4da42c4e6beae924719255e0dedb554ed0

发布日期: 2026-02-18 04:16 修改: 2026-03-25 21:27
libc6 CVE-2018-20796 低危 2.41-12+deb13u2 glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-20796

镜像层: sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1

发布日期: 2019-02-26 02:29 修改: 2024-11-21 04:02
libc6 CVE-2019-1010022 低危 2.41-12+deb13u2 glibc: stack guard protection bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-1010022

镜像层: sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1

发布日期: 2019-07-15 04:15 修改: 2024-11-21 04:17
libc6 CVE-2019-1010023 低危 2.41-12+deb13u2 glibc: running ldd on malicious ELF leads to code execution because of wrong size computation

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-1010023

镜像层: sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1

发布日期: 2019-07-15 04:15 修改: 2024-11-21 04:17
libc6 CVE-2019-1010024 低危 2.41-12+deb13u2 glibc: ASLR bypass using cache of thread stack and heap

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-1010024

镜像层: sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1

发布日期: 2019-07-15 04:15 修改: 2024-11-21 04:17
libc6 CVE-2019-1010025 低危 2.41-12+deb13u2 glibc: information disclosure of heap addresses of pthread_created thread

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-1010025

镜像层: sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1

发布日期: 2019-07-15 04:15 修改: 2024-11-21 04:17
libc6 CVE-2019-9192 低危 2.41-12+deb13u2 glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-9192

镜像层: sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1

发布日期: 2019-02-26 18:29 修改: 2024-11-21 04:51
libc6 CVE-2010-4756 低危 2.41-12+deb13u2 glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2010-4756

镜像层: sha256:318bc252656ce5b3c77fc9a13e302bba683f813d4b19c21be6e0ad3acc7adaf1

发布日期: 2011-03-02 20:00 修改: 2026-04-29 01:13
usr/local/bin/cloudflared (gobinary)
低危漏洞:0 中危漏洞:3 高危漏洞:8 严重漏洞:1
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
google.golang.org/grpc CVE-2026-33186 严重 v1.72.2 1.79.3 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186

镜像层: sha256:56b95a8e5274d7b33865fca983698624765196c654f98986a5a3d96e00bd447a

发布日期: 2026-03-20 23:16 修改: 2026-04-10 20:49
go.opentelemetry.io/otel CVE-2026-29181 高危 v1.40.0 1.41.0 OpenTelemetry-Go: multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29181

镜像层: sha256:56b95a8e5274d7b33865fca983698624765196c654f98986a5a3d96e00bd447a

发布日期: 2026-04-07 21:17 修改: 2026-04-14 18:45
go.opentelemetry.io/otel/sdk CVE-2026-39883 高危 v1.40.0 1.43.0 opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39883

镜像层: sha256:56b95a8e5274d7b33865fca983698624765196c654f98986a5a3d96e00bd447a

发布日期: 2026-04-08 21:17 修改: 2026-04-10 21:16
github.com/go-jose/go-jose/v4 CVE-2026-34986 高危 v4.1.3 4.1.4 github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34986

镜像层: sha256:56b95a8e5274d7b33865fca983698624765196c654f98986a5a3d96e00bd447a

发布日期: 2026-04-06 17:17 修改: 2026-05-04 15:20
stdlib CVE-2026-33811 高危 v1.26.2 1.25.10, 1.26.3 When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:56b95a8e5274d7b33865fca983698624765196c654f98986a5a3d96e00bd447a

发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib CVE-2026-33814 高危 v1.26.2 1.25.10, 1.26.3 When processing HTTP/2 SETTINGS frames, transport will enter an infini ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:56b95a8e5274d7b33865fca983698624765196c654f98986a5a3d96e00bd447a

发布日期: 2026-05-07 20:16 修改: 2026-05-08 19:16
stdlib CVE-2026-39820 高危 v1.26.2 1.25.10, 1.26.3 Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:56b95a8e5274d7b33865fca983698624765196c654f98986a5a3d96e00bd447a

发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib CVE-2026-39836 高危 v1.26.2 1.25.10, 1.26.3 Panic in Dial and LookupPort when handling NUL byte on Windows in net

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:56b95a8e5274d7b33865fca983698624765196c654f98986a5a3d96e00bd447a

发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib CVE-2026-42499 高危 v1.26.2 1.25.10, 1.26.3 Pathological inputs could cause DoS through consumePhrase when parsing ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:56b95a8e5274d7b33865fca983698624765196c654f98986a5a3d96e00bd447a

发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib CVE-2026-39823 中危 v1.26.2 1.25.10, 1.26.3 CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:56b95a8e5274d7b33865fca983698624765196c654f98986a5a3d96e00bd447a

发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib CVE-2026-39825 中危 v1.26.2 1.25.10, 1.26.3 ReverseProxy can forward queries containing parameters not visible to ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:56b95a8e5274d7b33865fca983698624765196c654f98986a5a3d96e00bd447a

发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib CVE-2026-39826 中危 v1.26.2 1.25.10, 1.26.3 If a trusted template author were to write a <script> tag containing a ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:56b95a8e5274d7b33865fca983698624765196c654f98986a5a3d96e00bd447a

发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16