docker.io/envoyproxy/gateway:v1.6.7 linux/amd64

docker.io/envoyproxy/gateway:v1.6.7 - Trivy安全扫描结果 扫描时间: 2026-06-15 11:25
全部漏洞信息
低危漏洞:10 中危漏洞:14 高危漏洞:18 严重漏洞:0

系统OS: debian 12.12 扫描引擎: Trivy 扫描时间: 2026-06-15 11:25

docker.io/envoyproxy/gateway:v1.6.7 (debian 12.12) (debian)
低危漏洞:10 中危漏洞:7 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
libc6 CVE-2026-0915 中危 2.36-9+deb12u13 2.36-9+deb12u14 glibc: glibc: Information disclosure via zero-valued network query

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0915

镜像层: sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe

发布日期: 2026-01-15 22:16 修改: 2026-01-23 19:36
libc6 CVE-2026-4046 中危 2.36-9+deb12u13 2.36-9+deb12u14 glibc: glibc: Denial of Service via iconv() function with specific character sets

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4046

镜像层: sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe

发布日期: 2026-03-30 18:16 修改: 2026-04-20 22:16
libc6 CVE-2026-4437 中危 2.36-9+deb12u13 2.36-9+deb12u14 glibc: glibc: Incorrect DNS response parsing via crafted DNS server response

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4437

镜像层: sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe

发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:41
libc6 CVE-2026-5435 中危 2.36-9+deb12u13 glibc: glibc: Out-of-bounds write via TSIG record processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5435

镜像层: sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe

发布日期: 2026-04-28 13:19 修改: 2026-05-05 17:38
libc6 CVE-2026-5450 中危 2.36-9+deb12u13 glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5450

镜像层: sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe

发布日期: 2026-04-20 21:16 修改: 2026-04-23 15:33
libc6 CVE-2026-5928 中危 2.36-9+deb12u13 glibc: glibc: Information disclosure or denial of service via ungetwc function with specific wide character encodings

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5928

镜像层: sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe

发布日期: 2026-04-20 21:16 修改: 2026-04-23 15:33
libc6 CVE-2026-6238 中危 2.36-9+deb12u13 glibc: glibc: Application crash or uninitialized memory read via crafted DNS response

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6238

镜像层: sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe

发布日期: 2026-04-28 19:37 修改: 2026-05-04 17:57
libc6 CVE-2010-4756 低危 2.36-9+deb12u13 glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2010-4756

镜像层: sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe

发布日期: 2011-03-02 20:00 修改: 2026-04-29 01:13
libc6 CVE-2018-20796 低危 2.36-9+deb12u13 glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-20796

镜像层: sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe

发布日期: 2019-02-26 02:29 修改: 2024-11-21 04:02
libc6 CVE-2019-1010022 低危 2.36-9+deb12u13 glibc: stack guard protection bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-1010022

镜像层: sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe

发布日期: 2019-07-15 04:15 修改: 2024-11-21 04:17
libc6 CVE-2019-1010023 低危 2.36-9+deb12u13 glibc: running ldd on malicious ELF leads to code execution because of wrong size computation

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-1010023

镜像层: sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe

发布日期: 2019-07-15 04:15 修改: 2024-11-21 04:17
libc6 CVE-2019-1010024 低危 2.36-9+deb12u13 glibc: ASLR bypass using cache of thread stack and heap

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-1010024

镜像层: sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe

发布日期: 2019-07-15 04:15 修改: 2024-11-21 04:17
libc6 CVE-2019-1010025 低危 2.36-9+deb12u13 glibc: information disclosure of heap addresses of pthread_created thread

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-1010025

镜像层: sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe

发布日期: 2019-07-15 04:15 修改: 2024-11-21 04:17
libc6 CVE-2019-9192 低危 2.36-9+deb12u13 glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-9192

镜像层: sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe

发布日期: 2019-02-26 18:29 修改: 2024-11-21 04:51
libc6 CVE-2025-15281 低危 2.36-9+deb12u13 2.36-9+deb12u14 glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15281

镜像层: sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe

发布日期: 2026-01-20 14:16 修改: 2026-02-05 17:43
libc6 CVE-2026-0861 低危 2.36-9+deb12u13 2.36-9+deb12u14 glibc: Integer overflow in memalign leads to heap corruption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0861

镜像层: sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe

发布日期: 2026-01-14 21:15 修改: 2026-02-03 18:26
libc6 CVE-2026-4438 低危 2.36-9+deb12u13 2.36-9+deb12u14 glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4438

镜像层: sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe

发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:40
usr/local/bin/envoy-gateway (gobinary)
低危漏洞:0 中危漏洞:7 高危漏洞:18 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
github.com/docker/cli CVE-2025-15558 高危 v28.5.1+incompatible 29.2.0 docker/cli: Docker CLI for Windows: Privilege escalation via malicious plugin binaries

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15558

镜像层: sha256:522a453cd17c07e1f5cad55d19c901baca29075592455d418044f4b10c040a59

发布日期: 2026-03-04 17:16 修改: 2026-03-09 17:38
github.com/docker/docker CVE-2026-34040 高危 v28.3.3+incompatible 29.3.1 Moby: Moby: Authorization bypass vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34040

镜像层: sha256:522a453cd17c07e1f5cad55d19c901baca29075592455d418044f4b10c040a59

发布日期: 2026-03-31 03:15 修改: 2026-04-03 16:51
github.com/docker/docker CVE-2026-41567 高危 v28.3.3+incompatible Moby is an open source container framework. In versions prior to 29.5. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41567

镜像层: sha256:522a453cd17c07e1f5cad55d19c901baca29075592455d418044f4b10c040a59

发布日期: 2026-06-05 02:17 修改: 2026-06-05 16:01
github.com/docker/docker CVE-2026-42306 高危 v28.3.3+incompatible Moby is an open source container framework. In Docker Engine prior to ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42306

镜像层: sha256:522a453cd17c07e1f5cad55d19c901baca29075592455d418044f4b10c040a59

发布日期: 2026-06-12 19:16 修改: 2026-06-12 19:16
github.com/envoyproxy/gateway CVE-2025-24030 高危 v0.0.0-20260427140945-bdb5efd61007 1.2.6 github.com/envoyproxy/gateway: Envoy Admin Interface Exposed through prometheus metrics endpoint

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24030

镜像层: sha256:522a453cd17c07e1f5cad55d19c901baca29075592455d418044f4b10c040a59

发布日期: 2025-01-23 04:15 修改: 2025-09-04 14:02
github.com/envoyproxy/gateway CVE-2026-22771 高危 v0.0.0-20260427140945-bdb5efd61007 1.6.2, 1.5.7 envoyproxy/gateway: Envoy Gateway: Unauthorized access to secrets via Lua script credential leakage

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22771

镜像层: sha256:522a453cd17c07e1f5cad55d19c901baca29075592455d418044f4b10c040a59

发布日期: 2026-01-12 19:16 修改: 2026-02-05 21:04
github.com/go-jose/go-jose/v4 CVE-2026-34986 高危 v4.1.3 4.1.4 github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34986

镜像层: sha256:522a453cd17c07e1f5cad55d19c901baca29075592455d418044f4b10c040a59

发布日期: 2026-04-06 17:17 修改: 2026-05-04 15:20
github.com/moby/spdystream CVE-2026-35469 高危 v0.5.0 0.5.1 Kubelet: CRI-O: kube-apiserver: Kubelet, CRI-O, kube-apiserver: Denial of Service via SPDY streaming code

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35469

镜像层: sha256:522a453cd17c07e1f5cad55d19c901baca29075592455d418044f4b10c040a59

发布日期: 2026-04-16 22:16 修改: 2026-04-29 21:04
go.opentelemetry.io/otel CVE-2026-29181 高危 v1.40.0 1.41.0 github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Denial of Service via crafted multi-value baggage headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29181

镜像层: sha256:522a453cd17c07e1f5cad55d19c901baca29075592455d418044f4b10c040a59

发布日期: 2026-04-07 21:17 修改: 2026-04-14 18:45
go.opentelemetry.io/otel/sdk CVE-2026-39883 高危 v1.40.0 1.43.0 github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Arbitrary code execution via PATH hijacking on BSD/Solaris

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39883

镜像层: sha256:522a453cd17c07e1f5cad55d19c901baca29075592455d418044f4b10c040a59

发布日期: 2026-04-08 21:17 修改: 2026-04-10 21:16
stdlib CVE-2026-33811 高危 v1.25.9 1.25.10, 1.26.3 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:522a453cd17c07e1f5cad55d19c901baca29075592455d418044f4b10c040a59

发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib CVE-2026-33814 高危 v1.25.9 1.25.10, 1.26.3 When processing HTTP/2 SETTINGS frames, transport will enter an infini ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:522a453cd17c07e1f5cad55d19c901baca29075592455d418044f4b10c040a59

发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib CVE-2026-39820 高危 v1.25.9 1.25.10, 1.26.3 Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:522a453cd17c07e1f5cad55d19c901baca29075592455d418044f4b10c040a59

发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib CVE-2026-39823 高危 v1.25.9 1.25.10, 1.26.3 CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:522a453cd17c07e1f5cad55d19c901baca29075592455d418044f4b10c040a59

发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib CVE-2026-39825 高危 v1.25.9 1.25.10, 1.26.3 ReverseProxy can forward queries containing parameters not visible to ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:522a453cd17c07e1f5cad55d19c901baca29075592455d418044f4b10c040a59

发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib CVE-2026-39836 高危 v1.25.9 1.25.10, 1.26.3 ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:522a453cd17c07e1f5cad55d19c901baca29075592455d418044f4b10c040a59

发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib CVE-2026-42499 高危 v1.25.9 1.25.10, 1.26.3 Pathological inputs could cause DoS through consumePhrase when parsing ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:522a453cd17c07e1f5cad55d19c901baca29075592455d418044f4b10c040a59

发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib CVE-2026-42504 高危 v1.25.9 1.25.11, 1.26.4 Decoding a maliciously-crafted MIME header containing many invalid enc ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:522a453cd17c07e1f5cad55d19c901baca29075592455d418044f4b10c040a59

发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
github.com/docker/docker CVE-2026-41568 中危 v28.3.3+incompatible Moby is an open source container framework. In Docker Engine prior to ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41568

镜像层: sha256:522a453cd17c07e1f5cad55d19c901baca29075592455d418044f4b10c040a59

发布日期: 2026-06-12 19:16 修改: 2026-06-12 19:16
github.com/envoyproxy/gateway CVE-2025-25294 中危 v0.0.0-20260427140945-bdb5efd61007 1.2.7, 1.3.1 envoyproxy/gateway: Envoy Gateway Log Injection Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25294

镜像层: sha256:522a453cd17c07e1f5cad55d19c901baca29075592455d418044f4b10c040a59

发布日期: 2025-03-06 19:15 修改: 2025-09-04 13:52
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp CVE-2026-39882 中危 v1.38.0 1.43.0 OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1 ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39882

镜像层: sha256:522a453cd17c07e1f5cad55d19c901baca29075592455d418044f4b10c040a59

发布日期: 2026-04-08 21:17 修改: 2026-04-09 18:39
github.com/docker/docker CVE-2026-33997 中危 v28.3.3+incompatible 29.3.1 moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33997

镜像层: sha256:522a453cd17c07e1f5cad55d19c901baca29075592455d418044f4b10c040a59

发布日期: 2026-03-31 03:15 修改: 2026-04-03 17:23
stdlib CVE-2026-27145 中危 v1.25.9 1.25.11, 1.26.4 *x509.Certificate).VerifyHostname previously called matchHostnames in ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:522a453cd17c07e1f5cad55d19c901baca29075592455d418044f4b10c040a59

发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib CVE-2026-39826 中危 v1.25.9 1.25.10, 1.26.3 html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:522a453cd17c07e1f5cad55d19c901baca29075592455d418044f4b10c040a59

发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib CVE-2026-42507 中危 v1.25.9 1.25.11, 1.26.4 When returning errors, functions in the net/textproto package would in ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:522a453cd17c07e1f5cad55d19c901baca29075592455d418044f4b10c040a59

发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15