docker.io/istio/proxyv2:1.28.8 linux/amd64

docker.io/istio/proxyv2:1.28.8 - Trivy安全扫描结果扫描时间: 2026-06-11 16:10

全部漏洞信息

低危漏洞:29

中危漏洞:58

高危漏洞:14

严重漏洞:0

系统OS: ubuntu 24.04 扫描引擎: Trivy 扫描时间: 2026-06-11 16:10

docker.io/istio/proxyv2:1.28.8 (ubuntu 24.04) (ubuntu)

低危漏洞:29

中危漏洞:54

高危漏洞:2

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
libssl3t64	CVE-2026-45447	高危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	Issue summary: A specially crafted PKCS#7 or S/MIME signed message cou ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45447 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
openssl	CVE-2026-45447	高危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	Issue summary: A specially crafted PKCS#7 or S/MIME signed message cou ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45447 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
curl	CVE-2026-5545	中危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	curl: libcurl: Authentication bypass due to incorrect HTTP Negotiate connection reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5545 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-05-13 13:01 修改: 2026-05-13 19:31
curl	CVE-2026-6253	中危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	curl: curl: Proxy credential disclosure via redirects to unauthenticated proxies 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6253 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-05-13 13:01 修改: 2026-05-14 13:40
curl	CVE-2026-6429	中危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	curl: libcurl: Credential leak via reused proxy connection during HTTP redirects 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6429 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-05-13 13:01 修改: 2026-05-14 14:18
curl	CVE-2026-7168	中危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	curl: libcurl: Information disclosure via incorrect Proxy-Authorization header reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7168 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-05-13 13:01 修改: 2026-05-14 14:12
dpkg	CVE-2026-2219	中危	1.22.6ubuntu6.5	1.22.6ubuntu6.6	It was discovered that dpkg-deb (a component of dpkg, the Debian packa ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2219 镜像层: sha256:5e732af9e7c568c9b41ecabc76ac93a58471934d5155070dfd64a9567667fd9d 发布日期: 2026-03-07 09:16 修改: 2026-06-02 19:12
libblkid1	CVE-2026-27456	中危	2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:5e732af9e7c568c9b41ecabc76ac93a58471934d5155070dfd64a9567667fd9d 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
libc-bin	CVE-2026-4046	中危	2.39-0ubuntu8.7		glibc: glibc: Denial of Service via iconv() function with specific character sets 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4046 镜像层: sha256:5e732af9e7c568c9b41ecabc76ac93a58471934d5155070dfd64a9567667fd9d 发布日期: 2026-03-30 18:16 修改: 2026-04-20 22:16
libc-bin	CVE-2026-4437	中危	2.39-0ubuntu8.7		glibc: glibc: Incorrect DNS response parsing via crafted DNS server response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4437 镜像层: sha256:5e732af9e7c568c9b41ecabc76ac93a58471934d5155070dfd64a9567667fd9d 发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:41
libc-bin	CVE-2026-4438	中危	2.39-0ubuntu8.7		glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4438 镜像层: sha256:5e732af9e7c568c9b41ecabc76ac93a58471934d5155070dfd64a9567667fd9d 发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:40
libc-bin	CVE-2026-5435	中危	2.39-0ubuntu8.7		glibc: glibc: Out-of-bounds write via TSIG record processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5435 镜像层: sha256:5e732af9e7c568c9b41ecabc76ac93a58471934d5155070dfd64a9567667fd9d 发布日期: 2026-04-28 13:19 修改: 2026-05-05 17:38
libc-bin	CVE-2026-6238	中危	2.39-0ubuntu8.7		glibc: glibc: Application crash or uninitialized memory read via crafted DNS response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6238 镜像层: sha256:5e732af9e7c568c9b41ecabc76ac93a58471934d5155070dfd64a9567667fd9d 发布日期: 2026-04-28 19:37 修改: 2026-05-04 17:57
libc6	CVE-2026-4046	中危	2.39-0ubuntu8.7		glibc: glibc: Denial of Service via iconv() function with specific character sets 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4046 镜像层: sha256:5e732af9e7c568c9b41ecabc76ac93a58471934d5155070dfd64a9567667fd9d 发布日期: 2026-03-30 18:16 修改: 2026-04-20 22:16
libc6	CVE-2026-4437	中危	2.39-0ubuntu8.7		glibc: glibc: Incorrect DNS response parsing via crafted DNS server response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4437 镜像层: sha256:5e732af9e7c568c9b41ecabc76ac93a58471934d5155070dfd64a9567667fd9d 发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:41
libc6	CVE-2026-4438	中危	2.39-0ubuntu8.7		glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4438 镜像层: sha256:5e732af9e7c568c9b41ecabc76ac93a58471934d5155070dfd64a9567667fd9d 发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:40
libc6	CVE-2026-5435	中危	2.39-0ubuntu8.7		glibc: glibc: Out-of-bounds write via TSIG record processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5435 镜像层: sha256:5e732af9e7c568c9b41ecabc76ac93a58471934d5155070dfd64a9567667fd9d 发布日期: 2026-04-28 13:19 修改: 2026-05-05 17:38
libc6	CVE-2026-6238	中危	2.39-0ubuntu8.7		glibc: glibc: Application crash or uninitialized memory read via crafted DNS response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6238 镜像层: sha256:5e732af9e7c568c9b41ecabc76ac93a58471934d5155070dfd64a9567667fd9d 发布日期: 2026-04-28 19:37 修改: 2026-05-04 17:57
libcap2	CVE-2026-4878	中危	1:2.66-5ubuntu2.2	1:2.66-5ubuntu2.4	libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4878 镜像层: sha256:5e732af9e7c568c9b41ecabc76ac93a58471934d5155070dfd64a9567667fd9d 发布日期: 2026-04-09 16:16 修改: 2026-06-08 03:16
libcap2-bin	CVE-2026-4878	中危	1:2.66-5ubuntu2.2	1:2.66-5ubuntu2.4	libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4878 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-04-09 16:16 修改: 2026-06-08 03:16
libcurl4t64	CVE-2026-5545	中危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	curl: libcurl: Authentication bypass due to incorrect HTTP Negotiate connection reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5545 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-05-13 13:01 修改: 2026-05-13 19:31
libcurl4t64	CVE-2026-6253	中危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	curl: curl: Proxy credential disclosure via redirects to unauthenticated proxies 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6253 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-05-13 13:01 修改: 2026-05-14 13:40
libcurl4t64	CVE-2026-6429	中危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	curl: libcurl: Credential leak via reused proxy connection during HTTP redirects 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6429 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-05-13 13:01 修改: 2026-05-14 14:18
libcurl4t64	CVE-2026-7168	中危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	curl: libcurl: Information disclosure via incorrect Proxy-Authorization header reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7168 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-05-13 13:01 修改: 2026-05-14 14:12
libgcrypt20	CVE-2026-41989	中危	1.10.3-2build1	1.10.3-2ubuntu0.1	Libgcrypt: Libgcrypt: Denial of Service and buffer overflow via crafted ECDH ciphertext 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41989 镜像层: sha256:5e732af9e7c568c9b41ecabc76ac93a58471934d5155070dfd64a9567667fd9d 发布日期: 2026-04-23 05:16 修改: 2026-04-27 18:33
libgnutls30t64	CVE-2026-33845	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33845 镜像层: sha256:5e732af9e7c568c9b41ecabc76ac93a58471934d5155070dfd64a9567667fd9d 发布日期: 2026-04-30 18:16 修改: 2026-06-02 16:16
libgnutls30t64	CVE-2026-33846	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33846 镜像层: sha256:5e732af9e7c568c9b41ecabc76ac93a58471934d5155070dfd64a9567667fd9d 发布日期: 2026-05-04 10:15 修改: 2026-06-02 16:16
libgnutls30t64	CVE-2026-3832	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Security bypass allows acceptance of revoked server certificates via crafted OCSP response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3832 镜像层: sha256:5e732af9e7c568c9b41ecabc76ac93a58471934d5155070dfd64a9567667fd9d 发布日期: 2026-04-30 18:16 修改: 2026-06-02 17:16
libgnutls30t64	CVE-2026-3833	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3833 镜像层: sha256:5e732af9e7c568c9b41ecabc76ac93a58471934d5155070dfd64a9567667fd9d 发布日期: 2026-04-30 18:16 修改: 2026-06-02 16:16
libgnutls30t64	CVE-2026-42009	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42009 镜像层: sha256:5e732af9e7c568c9b41ecabc76ac93a58471934d5155070dfd64a9567667fd9d 发布日期: 2026-05-18 13:16 修改: 2026-06-08 17:16
libgnutls30t64	CVE-2026-42010	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Authentication Bypass via NUL Character in Username 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42010 镜像层: sha256:5e732af9e7c568c9b41ecabc76ac93a58471934d5155070dfd64a9567667fd9d 发布日期: 2026-05-07 12:16 修改: 2026-06-02 16:16
libgnutls30t64	CVE-2026-42011	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Security bypass due to incorrect name constraint handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42011 镜像层: sha256:5e732af9e7c568c9b41ecabc76ac93a58471934d5155070dfd64a9567667fd9d 发布日期: 2026-05-07 15:16 修改: 2026-06-02 16:16
libgnutls30t64	CVE-2026-42012	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Certificate validation bypass due to improper handling of URI and SRV SANs 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42012 镜像层: sha256:5e732af9e7c568c9b41ecabc76ac93a58471934d5155070dfd64a9567667fd9d 发布日期: 2026-05-26 22:16 修改: 2026-06-02 16:16
libgnutls30t64	CVE-2026-42013	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Certificate validation bypass due to oversized Subject Alternative Name 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42013 镜像层: sha256:5e732af9e7c568c9b41ecabc76ac93a58471934d5155070dfd64a9567667fd9d 发布日期: 2026-05-26 22:16 修改: 2026-06-02 16:16
libgnutls30t64	CVE-2026-42014	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: Fix use-after-free in gnutls_pkcs11_token_set_pin 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42014 镜像层: sha256:5e732af9e7c568c9b41ecabc76ac93a58471934d5155070dfd64a9567667fd9d 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libgnutls30t64	CVE-2026-42015	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Memory corruption due to off-by-one error in PKCS#12 bag handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42015 镜像层: sha256:5e732af9e7c568c9b41ecabc76ac93a58471934d5155070dfd64a9567667fd9d 发布日期: 2026-05-26 22:16 修改: 2026-06-02 16:16
libgnutls30t64	CVE-2026-5260	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Information disclosure via heap overread in RSA key exchange 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5260 镜像层: sha256:5e732af9e7c568c9b41ecabc76ac93a58471934d5155070dfd64a9567667fd9d 发布日期: 2026-05-26 22:16 修改: 2026-06-02 16:16
libgnutls30t64	CVE-2026-5419	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	guntls: gnutls: Information disclosure via timing side-channel in PKCS#7 padding removal 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5419 镜像层: sha256:5e732af9e7c568c9b41ecabc76ac93a58471934d5155070dfd64a9567667fd9d 发布日期: 2026-06-01 21:16 修改: 2026-06-02 17:16
liblmdb0	CVE-2026-22185	中危	0.9.31-1build1		OpenLDAP: OpenLDAP LMDB: Denial of Service and Information Disclosure via Heap Buffer Underflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22185 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-01-07 21:16 修改: 2026-04-15 00:35
libmount1	CVE-2026-27456	中危	2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:5e732af9e7c568c9b41ecabc76ac93a58471934d5155070dfd64a9567667fd9d 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
libnghttp2-14	CVE-2026-27135	中危	1.59.0-1ubuntu0.2	1.59.0-1ubuntu0.3	nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27135 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-03-18 18:16 修改: 2026-05-13 22:16
libsmartcols1	CVE-2026-27456	中危	2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:5e732af9e7c568c9b41ecabc76ac93a58471934d5155070dfd64a9567667fd9d 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
bsdextrautils	CVE-2026-27456	中危	2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
libssl3t64	CVE-2026-34182	中危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	Issue Summary: Cryptographic Message Services (CMS) processing fails t ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34182 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3t64	CVE-2026-45445	中危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	Issue summary: When an application drives an AES-OCB context through t ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45445 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libsystemd0	CVE-2026-40226	中危	255.4-1ubuntu8.15	255.4-1ubuntu8.16	systemd: systemd nspawn: Escape-to-host action via crafted config file 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40226 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-04-10 16:16 修改: 2026-04-17 22:02
libudev1	CVE-2026-40226	中危	255.4-1ubuntu8.15	255.4-1ubuntu8.16	systemd: systemd nspawn: Escape-to-host action via crafted config file 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40226 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-04-10 16:16 修改: 2026-04-17 22:02
libuuid1	CVE-2026-27456	中危	2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:5e732af9e7c568c9b41ecabc76ac93a58471934d5155070dfd64a9567667fd9d 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
mount	CVE-2026-27456	中危	2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:5e732af9e7c568c9b41ecabc76ac93a58471934d5155070dfd64a9567667fd9d 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
bsdutils	CVE-2026-27456	中危	1:2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:5e732af9e7c568c9b41ecabc76ac93a58471934d5155070dfd64a9567667fd9d 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
openssl	CVE-2026-34182	中危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	Issue Summary: Cryptographic Message Services (CMS) processing fails t ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34182 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
openssl	CVE-2026-45445	中危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	Issue summary: When an application drives an AES-OCB context through t ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45445 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
sed	CVE-2026-5958	中危	4.9-2build1	4.9-2ubuntu0.24.04.1	sed: GNU sed TOCTOU race condition 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5958 镜像层: sha256:5e732af9e7c568c9b41ecabc76ac93a58471934d5155070dfd64a9567667fd9d 发布日期: 2026-04-20 12:16 修改: 2026-05-19 15:17
tar	CVE-2025-45582	中危	1.35+dfsg-3build1		tar: Tar path traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-45582 镜像层: sha256:5e732af9e7c568c9b41ecabc76ac93a58471934d5155070dfd64a9567667fd9d 发布日期: 2025-07-11 17:15 修改: 2025-11-02 01:15
tar	CVE-2026-5704	中危	1.35+dfsg-3build1		tar: tar: Hidden file injection via crafted archives 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5704 镜像层: sha256:5e732af9e7c568c9b41ecabc76ac93a58471934d5155070dfd64a9567667fd9d 发布日期: 2026-04-06 16:16 修改: 2026-04-22 20:08
util-linux	CVE-2026-27456	中危	2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:5e732af9e7c568c9b41ecabc76ac93a58471934d5155070dfd64a9567667fd9d 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
libssl3t64	CVE-2026-34180	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a pr ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34180 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3t64	CVE-2026-42766	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	Issue summary: A specially crafted password-encrypted CMS message can ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42766 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3t64	CVE-2026-42767	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	Issue summary: An attacker-controlled CMP (Certificate Management Prot ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42767 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3t64	CVE-2026-42770	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42770 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3t64	CVE-2026-45446	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-S ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45446 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3t64	CVE-2026-7383	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	Issue summary: A signed integer overflow when sizing the destination b ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7383 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3t64	CVE-2026-9076	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9076 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
curl	CVE-2026-4873	低危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	curl: curl: Information disclosure due to incorrect TLS connection reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4873 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-05-13 13:01 修改: 2026-05-14 13:45
libsystemd0	CVE-2026-40228	低危	255.4-1ubuntu8.15		systemd: systemd-journald: Unintended output to user terminals via logger command 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40228 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-04-10 16:16 修改: 2026-05-05 02:16
curl	CVE-2026-5773	低危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	curl: libcurl: Wrong file transfer due to incorrect SMB connection reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5773 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-05-13 13:01 修改: 2026-05-13 19:13
libudev1	CVE-2026-40228	低危	255.4-1ubuntu8.15		systemd: systemd-journald: Unintended output to user terminals via logger command 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40228 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-04-10 16:16 修改: 2026-05-05 02:16
libbpf1	CVE-2025-29481	低危	1:1.3.0-2build2		libbpf: Heap Buffer Overflow in libbpf 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-29481 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2025-04-07 20:15 修改: 2026-02-25 08:16
login	CVE-2024-56433	低危	1:4.13+dfsg1-4ubuntu3.2		shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56433 镜像层: sha256:5e732af9e7c568c9b41ecabc76ac93a58471934d5155070dfd64a9567667fd9d 发布日期: 2024-12-26 09:15 修改: 2026-04-15 00:35
libcurl4t64	CVE-2026-4873	低危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	curl: curl: Information disclosure due to incorrect TLS connection reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4873 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-05-13 13:01 修改: 2026-05-14 13:45
liblzma5	CVE-2026-34743	低危	5.6.1+really5.4.5-1ubuntu0.2	5.6.1+really5.4.5-1ubuntu0.3	xz: XZ Utils: Denial of Service via buffer overflow in index decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34743 镜像层: sha256:5e732af9e7c568c9b41ecabc76ac93a58471934d5155070dfd64a9567667fd9d 发布日期: 2026-04-02 19:21 修改: 2026-04-15 17:33
libcurl4t64	CVE-2026-5773	低危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	curl: libcurl: Wrong file transfer due to incorrect SMB connection reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5773 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-05-13 13:01 修改: 2026-05-13 19:13
libcurl4t64	CVE-2026-6276	低危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	curl: libcurl: Information disclosure due to cookie leak when reusing connections with custom Host headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6276 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-05-13 13:01 修改: 2026-05-14 14:21
openssl	CVE-2026-34180	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a pr ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34180 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
openssl	CVE-2026-42766	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	Issue summary: A specially crafted password-encrypted CMS message can ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42766 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
openssl	CVE-2026-42767	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	Issue summary: An attacker-controlled CMP (Certificate Management Prot ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42767 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
openssl	CVE-2026-42770	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42770 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
openssl	CVE-2026-45446	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-S ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45446 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
openssl	CVE-2026-7383	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	Issue summary: A signed integer overflow when sizing the destination b ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7383 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
openssl	CVE-2026-9076	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9076 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
passwd	CVE-2024-56433	低危	1:4.13+dfsg1-4ubuntu3.2		shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56433 镜像层: sha256:5e732af9e7c568c9b41ecabc76ac93a58471934d5155070dfd64a9567667fd9d 发布日期: 2024-12-26 09:15 修改: 2026-04-15 00:35
libelf1t64	CVE-2025-1352	低危	0.190-1.1ubuntu0.1		elfutils: GNU elfutils eu-readelf libdw_alloc.c __libdw_thread_tail memory corruption 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-1352 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2025-02-16 15:15 修改: 2026-06-02 14:16
libelf1t64	CVE-2025-1376	低危	0.190-1.1ubuntu0.1		elfutils: GNU elfutils eu-strip elf_strptr.c elf_strptr denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-1376 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2025-02-17 05:15 修改: 2026-06-02 14:16
curl	CVE-2026-6276	低危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	curl: libcurl: Information disclosure due to cookie leak when reusing connections with custom Host headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6276 镜像层: sha256:908814054466751e1fe726b18fd8a17e664e52c57469d7c3f3d43e65f935a28e 发布日期: 2026-05-13 13:01 修改: 2026-05-14 14:21
libgcrypt20	CVE-2024-2236	低危	1.10.3-2build1		libgcrypt: vulnerable to Marvin Attack 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2236 镜像层: sha256:5e732af9e7c568c9b41ecabc76ac93a58471934d5155070dfd64a9567667fd9d 发布日期: 2024-03-06 22:15 修改: 2026-04-15 00:35

usr/local/bin/pilot-agent (gobinary)

低危漏洞:0

中危漏洞:4

高危漏洞:12

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
istio.io/istio	CVE-2019-14993	高危	v0.0.0-20260604085046-07e4afa45ead	1.1.13, 1.2.4	istio/envoy: mishandling regular expressions for long URIs leading to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14993 镜像层: sha256:4223146b3d2108de58cbc4916105a0ccff04aa465792748e0198e9f4d47161dd 发布日期: 2019-08-13 18:15 修改: 2024-11-21 04:27
istio.io/istio	CVE-2021-39155	高危	v0.0.0-20260604085046-07e4afa45ead	1.9.8, 1.10.4, 1.11.1	istio/istio: HTTP request can bypass authorization mechanisms due to case insensitive host comparison 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-39155 镜像层: sha256:4223146b3d2108de58cbc4916105a0ccff04aa465792748e0198e9f4d47161dd 发布日期: 2021-08-24 23:15 修改: 2024-11-21 06:18
istio.io/istio	CVE-2021-39156	高危	v0.0.0-20260604085046-07e4afa45ead	1.9.8, 1.10.4, 1.11.1	istio/istio: HTTP request with fragment in URI can bypass authorization mechanisms 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-39156 镜像层: sha256:4223146b3d2108de58cbc4916105a0ccff04aa465792748e0198e9f4d47161dd 发布日期: 2021-08-24 23:15 修改: 2024-11-21 06:18
istio.io/istio	CVE-2022-23635	高危	v0.0.0-20260604085046-07e4afa45ead	1.13.1, 1.12.4, 1.11.7	istio: unauthenticated control plane denial of service attack 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23635 镜像层: sha256:4223146b3d2108de58cbc4916105a0ccff04aa465792748e0198e9f4d47161dd 发布日期: 2022-02-22 22:15 修改: 2024-11-21 06:48
stdlib	CVE-2026-33811	高危	v1.25.9	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:4223146b3d2108de58cbc4916105a0ccff04aa465792748e0198e9f4d47161dd 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.9	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:4223146b3d2108de58cbc4916105a0ccff04aa465792748e0198e9f4d47161dd 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.9	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:4223146b3d2108de58cbc4916105a0ccff04aa465792748e0198e9f4d47161dd 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.9	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:4223146b3d2108de58cbc4916105a0ccff04aa465792748e0198e9f4d47161dd 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.9	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:4223146b3d2108de58cbc4916105a0ccff04aa465792748e0198e9f4d47161dd 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.9	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:4223146b3d2108de58cbc4916105a0ccff04aa465792748e0198e9f4d47161dd 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.9	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:4223146b3d2108de58cbc4916105a0ccff04aa465792748e0198e9f4d47161dd 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.9	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:4223146b3d2108de58cbc4916105a0ccff04aa465792748e0198e9f4d47161dd 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
istio.io/istio	CVE-2022-31045	中危	v0.0.0-20260604085046-07e4afa45ead	1.12.18, 1.13.5, 1.14.1	Istio: Unsafe memory access in metadata exchange. 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-31045 镜像层: sha256:4223146b3d2108de58cbc4916105a0ccff04aa465792748e0198e9f4d47161dd 发布日期: 2022-06-09 21:15 修改: 2024-11-21 07:03
stdlib	CVE-2026-27145	中危	v1.25.9	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:4223146b3d2108de58cbc4916105a0ccff04aa465792748e0198e9f4d47161dd 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-39826	中危	v1.25.9	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:4223146b3d2108de58cbc4916105a0ccff04aa465792748e0198e9f4d47161dd 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.9	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:4223146b3d2108de58cbc4916105a0ccff04aa465792748e0198e9f4d47161dd 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15