docker.io/envoyproxy/gateway:v1.7.3 linux/amd64

docker.io/envoyproxy/gateway:v1.7.3 - Trivy安全扫描结果 扫描时间: 2026-05-14 16:19
全部漏洞信息
低危漏洞:7 中危漏洞:12 高危漏洞:8 严重漏洞:0

系统OS: debian 12.13 扫描引擎: Trivy 扫描时间: 2026-05-14 16:19

docker.io/envoyproxy/gateway:v1.7.3 (debian 12.13) (debian)
低危漏洞:7 中危漏洞:9 高危漏洞:1 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
libc6 CVE-2026-0861 高危 2.36-9+deb12u13 glibc: Integer overflow in memalign leads to heap corruption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0861

镜像层: sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe

发布日期: 2026-01-14 21:15 修改: 2026-02-03 18:26
libc6 CVE-2025-15281 中危 2.36-9+deb12u13 glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15281

镜像层: sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe

发布日期: 2026-01-20 14:16 修改: 2026-02-05 17:43
libc6 CVE-2026-0915 中危 2.36-9+deb12u13 glibc: glibc: Information disclosure via zero-valued network query

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0915

镜像层: sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe

发布日期: 2026-01-15 22:16 修改: 2026-01-23 19:36
libc6 CVE-2026-4046 中危 2.36-9+deb12u13 glibc: glibc: Denial of Service via iconv() function with specific character sets

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4046

镜像层: sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe

发布日期: 2026-03-30 18:16 修改: 2026-04-20 22:16
libc6 CVE-2026-4437 中危 2.36-9+deb12u13 glibc: glibc: Incorrect DNS response parsing via crafted DNS server response

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4437

镜像层: sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe

发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:41
libc6 CVE-2026-4438 中危 2.36-9+deb12u13 glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4438

镜像层: sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe

发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:40
libc6 CVE-2026-5435 中危 2.36-9+deb12u13 glibc: glibc: Out-of-bounds write via TSIG record processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5435

镜像层: sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe

发布日期: 2026-04-28 13:19 修改: 2026-05-05 17:38
libc6 CVE-2026-5450 中危 2.36-9+deb12u13 glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5450

镜像层: sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe

发布日期: 2026-04-20 21:16 修改: 2026-04-23 15:33
libc6 CVE-2026-5928 中危 2.36-9+deb12u13 glibc: glibc: Information disclosure or denial of service via ungetwc function with specific wide character encodings

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5928

镜像层: sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe

发布日期: 2026-04-20 21:16 修改: 2026-04-23 15:33
libc6 CVE-2026-6238 中危 2.36-9+deb12u13 glibc: glibc: Application crash or uninitialized memory read via crafted DNS response

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6238

镜像层: sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe

发布日期: 2026-04-28 19:37 修改: 2026-05-04 17:57
libc6 CVE-2010-4756 低危 2.36-9+deb12u13 glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2010-4756

镜像层: sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe

发布日期: 2011-03-02 20:00 修改: 2026-04-29 01:13
libc6 CVE-2018-20796 低危 2.36-9+deb12u13 glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-20796

镜像层: sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe

发布日期: 2019-02-26 02:29 修改: 2024-11-21 04:02
libc6 CVE-2019-1010022 低危 2.36-9+deb12u13 glibc: stack guard protection bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-1010022

镜像层: sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe

发布日期: 2019-07-15 04:15 修改: 2024-11-21 04:17
libc6 CVE-2019-1010023 低危 2.36-9+deb12u13 glibc: running ldd on malicious ELF leads to code execution because of wrong size computation

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-1010023

镜像层: sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe

发布日期: 2019-07-15 04:15 修改: 2024-11-21 04:17
libc6 CVE-2019-1010024 低危 2.36-9+deb12u13 glibc: ASLR bypass using cache of thread stack and heap

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-1010024

镜像层: sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe

发布日期: 2019-07-15 04:15 修改: 2024-11-21 04:17
libc6 CVE-2019-1010025 低危 2.36-9+deb12u13 glibc: information disclosure of heap addresses of pthread_created thread

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-1010025

镜像层: sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe

发布日期: 2019-07-15 04:15 修改: 2024-11-21 04:17
libc6 CVE-2019-9192 低危 2.36-9+deb12u13 glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-9192

镜像层: sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe

发布日期: 2019-02-26 18:29 修改: 2024-11-21 04:51
usr/local/bin/envoy-gateway (gobinary)
低危漏洞:0 中危漏洞:3 高危漏洞:7 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
github.com/docker/docker CVE-2026-34040 高危 v28.5.1+incompatible 29.3.1 Moby: Moby: Authorization bypass vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34040

镜像层: sha256:decf332233e177e66d072c99858c124f9a701cb9da0d8aee059d9e8b96e13e67

发布日期: 2026-03-31 03:15 修改: 2026-04-03 16:51
github.com/envoyproxy/gateway CVE-2025-24030 高危 v0.0.0-20260509092855-669e4568e99b 1.2.6 github.com/envoyproxy/gateway: Envoy Admin Interface Exposed through prometheus metrics endpoint

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24030

镜像层: sha256:decf332233e177e66d072c99858c124f9a701cb9da0d8aee059d9e8b96e13e67

发布日期: 2025-01-23 04:15 修改: 2025-09-04 14:02
github.com/envoyproxy/gateway CVE-2026-22771 高危 v0.0.0-20260509092855-669e4568e99b 1.6.2, 1.5.7 envoyproxy/gateway: Envoy Gateway: Unauthorized access to secrets via Lua script credential leakage

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22771

镜像层: sha256:decf332233e177e66d072c99858c124f9a701cb9da0d8aee059d9e8b96e13e67

发布日期: 2026-01-12 19:16 修改: 2026-02-05 21:04
github.com/go-jose/go-jose/v4 CVE-2026-34986 高危 v4.1.3 4.1.4 github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34986

镜像层: sha256:decf332233e177e66d072c99858c124f9a701cb9da0d8aee059d9e8b96e13e67

发布日期: 2026-04-06 17:17 修改: 2026-05-04 15:20
github.com/moby/spdystream CVE-2026-35469 高危 v0.5.0 0.5.1 Kubelet: CRI-O: kube-apiserver: Kubelet, CRI-O, kube-apiserver: Denial of Service via SPDY streaming code

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35469

镜像层: sha256:decf332233e177e66d072c99858c124f9a701cb9da0d8aee059d9e8b96e13e67

发布日期: 2026-04-16 22:16 修改: 2026-04-29 21:04
go.opentelemetry.io/otel CVE-2026-29181 高危 v1.40.0 1.41.0 OpenTelemetry-Go: multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29181

镜像层: sha256:decf332233e177e66d072c99858c124f9a701cb9da0d8aee059d9e8b96e13e67

发布日期: 2026-04-07 21:17 修改: 2026-04-14 18:45
go.opentelemetry.io/otel/sdk CVE-2026-39883 高危 v1.40.0 1.43.0 opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39883

镜像层: sha256:decf332233e177e66d072c99858c124f9a701cb9da0d8aee059d9e8b96e13e67

发布日期: 2026-04-08 21:17 修改: 2026-04-10 21:16
github.com/docker/docker CVE-2026-33997 中危 v28.5.1+incompatible 29.3.1 moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33997

镜像层: sha256:decf332233e177e66d072c99858c124f9a701cb9da0d8aee059d9e8b96e13e67

发布日期: 2026-03-31 03:15 修改: 2026-04-03 17:23
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp CVE-2026-39882 中危 v1.40.0 1.43.0 OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1 ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39882

镜像层: sha256:decf332233e177e66d072c99858c124f9a701cb9da0d8aee059d9e8b96e13e67

发布日期: 2026-04-08 21:17 修改: 2026-04-09 18:39
github.com/envoyproxy/gateway CVE-2025-25294 中危 v0.0.0-20260509092855-669e4568e99b 1.2.7, 1.3.1 envoyproxy/gateway: Envoy Gateway Log Injection Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25294

镜像层: sha256:decf332233e177e66d072c99858c124f9a701cb9da0d8aee059d9e8b96e13e67

发布日期: 2025-03-06 19:15 修改: 2025-09-04 13:52