| golang.org/x/crypto |
CVE-2024-45337 |
严重 |
v0.24.0 |
0.31.0 |
golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337
镜像层: sha256:988e53f2c387a916c9512d32173ea967d5cc082ae1194050ed0fca2c77dfb051
发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15
|
| github.com/docker/distribution |
CVE-2023-2253 |
高危 |
v0.0.0-20191216044856-a8371794149d |
2.8.2-beta.1 |
distribution/distribution: DoS from malicious API request
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2253
镜像层: sha256:988e53f2c387a916c9512d32173ea967d5cc082ae1194050ed0fca2c77dfb051
发布日期: 2023-06-06 20:15 修改: 2025-01-07 22:15
|
| github.com/moby/moby |
CVE-2024-36621 |
高危 |
v17.12.0-ce-rc1.0.20200618181300-9dc6525e6118+incompatible |
26.0.0 |
moby: Race Condition in Moby's Snapshot Layer Handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-36621
镜像层: sha256:988e53f2c387a916c9512d32173ea967d5cc082ae1194050ed0fca2c77dfb051
发布日期: 2024-11-29 18:15 修改: 2024-12-04 17:15
|
| github.com/moby/moby |
CVE-2024-36623 |
高危 |
v17.12.0-ce-rc1.0.20200618181300-9dc6525e6118+incompatible |
26.0.0 |
moby: Race Condition in Moby's streamformatter Package
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-36623
镜像层: sha256:988e53f2c387a916c9512d32173ea967d5cc082ae1194050ed0fca2c77dfb051
发布日期: 2024-11-29 18:15 修改: 2024-12-04 17:15
|
| github.com/docker/distribution |
CVE-2017-11468 |
高危 |
v0.0.0-20191216044856-a8371794149d |
2.7.0-rc.0 |
docker-distribution: Does not properly restrict the amount of content accepted from a user
漏洞详情: https://avd.aquasec.com/nvd/cve-2017-11468
镜像层: sha256:988e53f2c387a916c9512d32173ea967d5cc082ae1194050ed0fca2c77dfb051
发布日期: 2017-07-20 23:29 修改: 2023-01-20 15:24
|
| golang.org/x/net |
CVE-2024-45338 |
高危 |
v0.25.0 |
0.33.0 |
golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338
镜像层: sha256:988e53f2c387a916c9512d32173ea967d5cc082ae1194050ed0fca2c77dfb051
发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16
|
| stdlib |
CVE-2024-34156 |
高危 |
1.21.13 |
1.22.7, 1.23.1 |
encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156
镜像层: sha256:988e53f2c387a916c9512d32173ea967d5cc082ae1194050ed0fca2c77dfb051
发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
|
| github.com/moby/moby |
CVE-2021-21284 |
中危 |
v17.12.0-ce-rc1.0.20200618181300-9dc6525e6118+incompatible |
19.3.15, 20.10.3 |
docker: access to remapped root allows privilege escalation to real root
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21284
镜像层: sha256:988e53f2c387a916c9512d32173ea967d5cc082ae1194050ed0fca2c77dfb051
发布日期: 2021-02-02 18:15 修改: 2022-04-29 19:22
|
| github.com/moby/moby |
CVE-2021-21285 |
中危 |
v17.12.0-ce-rc1.0.20200618181300-9dc6525e6118+incompatible |
19.3.15, 20.10.3 |
docker: daemon crash during image pull of malicious image
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21285
镜像层: sha256:988e53f2c387a916c9512d32173ea967d5cc082ae1194050ed0fca2c77dfb051
发布日期: 2021-02-02 18:15 修改: 2022-10-25 12:55
|
| github.com/moby/moby |
CVE-2021-41091 |
中危 |
v17.12.0-ce-rc1.0.20200618181300-9dc6525e6118+incompatible |
20.10.9 |
moby: data directory contains subdirectories with insufficiently restricted permissions, which could lead to directory traversal
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-41091
镜像层: sha256:988e53f2c387a916c9512d32173ea967d5cc082ae1194050ed0fca2c77dfb051
发布日期: 2021-10-04 21:15 修改: 2023-11-07 03:38
|
| github.com/moby/moby |
CVE-2022-24769 |
中危 |
v17.12.0-ce-rc1.0.20200618181300-9dc6525e6118+incompatible |
20.10.14 |
moby: Default inheritable capabilities for linux container should be empty
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24769
镜像层: sha256:988e53f2c387a916c9512d32173ea967d5cc082ae1194050ed0fca2c77dfb051
发布日期: 2022-03-24 20:15 修改: 2024-01-31 13:15
|
| github.com/moby/moby |
CVE-2024-24557 |
中危 |
v17.12.0-ce-rc1.0.20200618181300-9dc6525e6118+incompatible |
24.0.9, 25.0.2 |
moby: classic builder cache poisoning
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24557
镜像层: sha256:988e53f2c387a916c9512d32173ea967d5cc082ae1194050ed0fca2c77dfb051
发布日期: 2024-02-01 17:15 修改: 2024-02-09 20:21
|
| github.com/moby/moby |
GHSA-xmmx-7jpf-fx42 |
中危 |
v17.12.0-ce-rc1.0.20200618181300-9dc6525e6118+incompatible |
20.10.11 |
Moby (Docker Engine) is vulnerable to Ambiguous OCI manifest parsing
漏洞详情: https://github.com/advisories/GHSA-xmmx-7jpf-fx42
镜像层: sha256:988e53f2c387a916c9512d32173ea967d5cc082ae1194050ed0fca2c77dfb051
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| github.com/containerd/containerd |
GHSA-7ww5-4wqc-m92c |
中危 |
v1.6.18 |
1.6.26, 1.7.11 |
containerd allows RAPL to be accessible to a container
漏洞详情: https://github.com/advisories/GHSA-7ww5-4wqc-m92c
镜像层: sha256:988e53f2c387a916c9512d32173ea967d5cc082ae1194050ed0fca2c77dfb051
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| github.com/hashicorp/go-retryablehttp |
CVE-2024-6104 |
中危 |
v0.7.2 |
0.7.7 |
go-retryablehttp: url might write sensitive information to log file
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6104
镜像层: sha256:988e53f2c387a916c9512d32173ea967d5cc082ae1194050ed0fca2c77dfb051
发布日期: 2024-06-24 17:15 修改: 2024-06-26 17:19
|
| github.com/moby/moby |
CVE-2020-27534 |
中危 |
v17.12.0-ce-rc1.0.20200618181300-9dc6525e6118+incompatible |
19.03.9 |
moby/buildkit: calls os.OpenFile with a potentially unsafe qemu-check temporary pathname
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-27534
镜像层: sha256:988e53f2c387a916c9512d32173ea967d5cc082ae1194050ed0fca2c77dfb051
发布日期: 2020-12-30 23:15 修改: 2021-01-05 20:19
|
| stdlib |
CVE-2024-34155 |
中危 |
1.21.13 |
1.22.7, 1.23.1 |
go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155
镜像层: sha256:988e53f2c387a916c9512d32173ea967d5cc082ae1194050ed0fca2c77dfb051
发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35
|
| stdlib |
CVE-2024-34158 |
中危 |
1.21.13 |
1.22.7, 1.23.1 |
go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158
镜像层: sha256:988e53f2c387a916c9512d32173ea967d5cc082ae1194050ed0fca2c77dfb051
发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35
|
| github.com/docker/distribution |
GHSA-qq97-vm5h-rrhg |
低危 |
v0.0.0-20191216044856-a8371794149d |
2.8.0 |
OCI Manifest Type Confusion Issue
漏洞详情: https://github.com/advisories/GHSA-qq97-vm5h-rrhg
镜像层: sha256:988e53f2c387a916c9512d32173ea967d5cc082ae1194050ed0fca2c77dfb051
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|