docker.io/rancher/rancher:stable linux/amd64
docker.io/rancher/rancher:stable - Trivy安全扫描结果 扫描时间: 2025-02-17 15:30
全部漏洞信息
低危漏洞:6
中危漏洞:63
高危漏洞:32
严重漏洞:15
系统OS: suse linux enterprise server 15.6 扫描引擎: Trivy 扫描时间: 2025-02-17 15:30
docker.io/rancher/rancher:stable (suse linux enterprise server 15.6) (suse linux enterprise server)
低危漏洞:0
中危漏洞:0
高危漏洞:0
严重漏洞:0
| 软件包 | 漏洞 | 安全状态 | 安装版本 | 修复版本 | 漏洞信息 |
|---|
Node.js (node-pkg)
低危漏洞:0
中危漏洞:0
高危漏洞:0
严重漏洞:0
| 软件包 | 漏洞 | 安全状态 | 安装版本 | 修复版本 | 漏洞信息 |
|---|
opt/drivers/management-state/bin/docker-machine-driver-harvester (gobinary)
低危漏洞:0
中危漏洞:7
高危漏洞:3
严重漏洞:1
| 软件包 | 漏洞 | 安全状态 | 安装版本 | 修复版本 | 漏洞信息 |
|---|---|---|---|---|---|
| golang.org/x/crypto | CVE-2024-45337 | 严重 | v0.27.0 | 0.31.0 |
golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:cd897625c3e87a91318c9db1ff8d955e8aed39c088bd304fe724aaec0a5ef852 发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15 |
| github.com/moby/moby | CVE-2024-36623 | 高危 | v1.4.2-0.20170731201646-1009e6a40b29 | 26.0.0 |
moby: Race Condition in Moby's streamformatter Package
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-36623 镜像层: sha256:cd897625c3e87a91318c9db1ff8d955e8aed39c088bd304fe724aaec0a5ef852 发布日期: 2024-11-29 18:15 修改: 2024-12-04 17:15 |
| github.com/moby/moby | CVE-2024-36621 | 高危 | v1.4.2-0.20170731201646-1009e6a40b29 | 26.0.0 |
moby: Race Condition in Moby's Snapshot Layer Handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-36621 镜像层: sha256:cd897625c3e87a91318c9db1ff8d955e8aed39c088bd304fe724aaec0a5ef852 发布日期: 2024-11-29 18:15 修改: 2024-12-04 17:15 |
| golang.org/x/net | CVE-2024-45338 | 高危 | v0.29.0 | 0.33.0 |
golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:cd897625c3e87a91318c9db1ff8d955e8aed39c088bd304fe724aaec0a5ef852 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16 |
| github.com/moby/moby | CVE-2021-21285 | 中危 | v1.4.2-0.20170731201646-1009e6a40b29 | 19.3.15, 20.10.3 |
docker: daemon crash during image pull of malicious image
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21285 镜像层: sha256:cd897625c3e87a91318c9db1ff8d955e8aed39c088bd304fe724aaec0a5ef852 发布日期: 2021-02-02 18:15 修改: 2022-10-25 12:55 |
| github.com/moby/moby | CVE-2021-41091 | 中危 | v1.4.2-0.20170731201646-1009e6a40b29 | 20.10.9 |
moby: data directory contains subdirectories with insufficiently restricted permissions, which could lead to directory traversal
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-41091 镜像层: sha256:cd897625c3e87a91318c9db1ff8d955e8aed39c088bd304fe724aaec0a5ef852 发布日期: 2021-10-04 21:15 修改: 2023-11-07 03:38 |
| github.com/moby/moby | CVE-2022-24769 | 中危 | v1.4.2-0.20170731201646-1009e6a40b29 | 20.10.14 |
moby: Default inheritable capabilities for linux container should be empty
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24769 镜像层: sha256:cd897625c3e87a91318c9db1ff8d955e8aed39c088bd304fe724aaec0a5ef852 发布日期: 2022-03-24 20:15 修改: 2024-01-31 13:15 |
| github.com/moby/moby | CVE-2024-24557 | 中危 | v1.4.2-0.20170731201646-1009e6a40b29 | 24.0.9, 25.0.2 |
moby: classic builder cache poisoning
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24557 镜像层: sha256:cd897625c3e87a91318c9db1ff8d955e8aed39c088bd304fe724aaec0a5ef852 发布日期: 2024-02-01 17:15 修改: 2024-02-09 20:21 |
| github.com/moby/moby | GHSA-xmmx-7jpf-fx42 | 中危 | v1.4.2-0.20170731201646-1009e6a40b29 | 20.10.11 |
Moby (Docker Engine) is vulnerable to Ambiguous OCI manifest parsing
漏洞详情: https://github.com/advisories/GHSA-xmmx-7jpf-fx42 镜像层: sha256:cd897625c3e87a91318c9db1ff8d955e8aed39c088bd304fe724aaec0a5ef852 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00 |
| github.com/moby/moby | CVE-2020-27534 | 中危 | v1.4.2-0.20170731201646-1009e6a40b29 | 19.03.9 |
moby/buildkit: calls os.OpenFile with a potentially unsafe qemu-check temporary pathname
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-27534 镜像层: sha256:cd897625c3e87a91318c9db1ff8d955e8aed39c088bd304fe724aaec0a5ef852 发布日期: 2020-12-30 23:15 修改: 2021-01-05 20:19 |
| github.com/moby/moby | CVE-2021-21284 | 中危 | v1.4.2-0.20170731201646-1009e6a40b29 | 19.3.15, 20.10.3 |
docker: access to remapped root allows privilege escalation to real root
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21284 镜像层: sha256:cd897625c3e87a91318c9db1ff8d955e8aed39c088bd304fe724aaec0a5ef852 发布日期: 2021-02-02 18:15 修改: 2022-04-29 19:22 |
opt/drivers/management-state/bin/docker-machine-driver-linode (gobinary)
低危漏洞:0
中危漏洞:6
高危漏洞:3
严重漏洞:3
| 软件包 | 漏洞 | 安全状态 | 安装版本 | 修复版本 | 漏洞信息 |
|---|---|---|---|---|---|
| github.com/docker/docker | CVE-2024-41110 | 严重 | v20.10.27+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 |
moby: Authz zero length regression
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41110 镜像层: sha256:68932be0784b66a93b6e1f67d8553b3e47f21ccf675dc989366b29f683f0e2c5 发布日期: 2024-07-24 17:15 修改: 2024-07-30 20:15 |
| golang.org/x/crypto | CVE-2024-45337 | 严重 | v0.22.0 | 0.31.0 |
golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:68932be0784b66a93b6e1f67d8553b3e47f21ccf675dc989366b29f683f0e2c5 发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15 |
| stdlib | CVE-2024-24790 | 严重 | 1.22.2 | 1.21.11, 1.22.4 |
golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:68932be0784b66a93b6e1f67d8553b3e47f21ccf675dc989366b29f683f0e2c5 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35 |
| golang.org/x/net | CVE-2024-45338 | 高危 | v0.24.0 | 0.33.0 |
golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:68932be0784b66a93b6e1f67d8553b3e47f21ccf675dc989366b29f683f0e2c5 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16 |
| stdlib | CVE-2024-24788 | 高危 | 1.22.2 | 1.22.3 |
golang: net: malformed DNS message can cause infinite loop
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24788 镜像层: sha256:68932be0784b66a93b6e1f67d8553b3e47f21ccf675dc989366b29f683f0e2c5 发布日期: 2024-05-08 16:15 修改: 2024-06-14 13:15 |
| stdlib | CVE-2024-34156 | 高危 | 1.22.2 | 1.22.7, 1.23.1 |
encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:68932be0784b66a93b6e1f67d8553b3e47f21ccf675dc989366b29f683f0e2c5 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35 |
| github.com/docker/docker | CVE-2024-29018 | 中危 | v20.10.27+incompatible | 26.0.0-rc3, 25.0.5, 23.0.11 |
moby: external DNS requests from 'internal' networks could lead to data exfiltration
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29018 镜像层: sha256:68932be0784b66a93b6e1f67d8553b3e47f21ccf675dc989366b29f683f0e2c5 发布日期: 2024-03-20 21:15 修改: 2024-03-21 12:58 |
| github.com/docker/docker | CVE-2024-24557 | 中危 | v20.10.27+incompatible | 24.0.9, 25.0.2 |
moby: classic builder cache poisoning
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24557 镜像层: sha256:68932be0784b66a93b6e1f67d8553b3e47f21ccf675dc989366b29f683f0e2c5 发布日期: 2024-02-01 17:15 修改: 2024-02-09 20:21 |
| stdlib | CVE-2024-24789 | 中危 | 1.22.2 | 1.21.11, 1.22.4 |
golang: archive/zip: Incorrect handling of certain ZIP files
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:68932be0784b66a93b6e1f67d8553b3e47f21ccf675dc989366b29f683f0e2c5 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48 |
| stdlib | CVE-2024-24791 | 中危 | 1.22.2 | 1.21.12, 1.22.5 |
net/http: Denial of service due to improper 100-continue handling in net/http
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:68932be0784b66a93b6e1f67d8553b3e47f21ccf675dc989366b29f683f0e2c5 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17 |
| stdlib | CVE-2024-34155 | 中危 | 1.22.2 | 1.22.7, 1.23.1 |
go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:68932be0784b66a93b6e1f67d8553b3e47f21ccf675dc989366b29f683f0e2c5 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35 |
| stdlib | CVE-2024-34158 | 中危 | 1.22.2 | 1.22.7, 1.23.1 |
go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:68932be0784b66a93b6e1f67d8553b3e47f21ccf675dc989366b29f683f0e2c5 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35 |
usr/bin/bandwidth (gobinary)
低危漏洞:0
中危漏洞:2
高危漏洞:1
严重漏洞:0
| 软件包 | 漏洞 | 安全状态 | 安装版本 | 修复版本 | 漏洞信息 |
|---|---|---|---|---|---|
| stdlib | CVE-2024-34156 | 高危 | 1.22.6 | 1.22.7, 1.23.1 |
encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:291da71d5e8a5ce0340d7e905465f677a46f5665c2deaf39bccf781a986f3e54 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35 |
| stdlib | CVE-2024-34155 | 中危 | 1.22.6 | 1.22.7, 1.23.1 |
go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:291da71d5e8a5ce0340d7e905465f677a46f5665c2deaf39bccf781a986f3e54 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35 |
| stdlib | CVE-2024-34158 | 中危 | 1.22.6 | 1.22.7, 1.23.1 |
go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:291da71d5e8a5ce0340d7e905465f677a46f5665c2deaf39bccf781a986f3e54 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35 |
usr/bin/cni (gobinary)
低危漏洞:0
中危漏洞:2
高危漏洞:1
严重漏洞:0
| 软件包 | 漏洞 | 安全状态 | 安装版本 | 修复版本 | 漏洞信息 |
|---|---|---|---|---|---|
| stdlib | CVE-2024-34156 | 高危 | 1.22.6 | 1.22.7, 1.23.1 |
encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:291da71d5e8a5ce0340d7e905465f677a46f5665c2deaf39bccf781a986f3e54 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35 |
| stdlib | CVE-2024-34155 | 中危 | 1.22.6 | 1.22.7, 1.23.1 |
go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:291da71d5e8a5ce0340d7e905465f677a46f5665c2deaf39bccf781a986f3e54 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35 |
| stdlib | CVE-2024-34158 | 中危 | 1.22.6 | 1.22.7, 1.23.1 |
go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:291da71d5e8a5ce0340d7e905465f677a46f5665c2deaf39bccf781a986f3e54 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35 |
usr/bin/containerd (gobinary)
低危漏洞:2
中危漏洞:4
高危漏洞:3
严重漏洞:1
| 软件包 | 漏洞 | 安全状态 | 安装版本 | 修复版本 | 漏洞信息 |
|---|---|---|---|---|---|
| golang.org/x/crypto | CVE-2024-45337 | 严重 | v0.24.0 | 0.31.0 |
golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:291da71d5e8a5ce0340d7e905465f677a46f5665c2deaf39bccf781a986f3e54 发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15 |
| go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc | CVE-2023-47108 | 高危 | v0.45.0 | 0.46.0 |
opentelemetry-go-contrib: DoS vulnerability in otelgrpc due to unbound cardinality metrics
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-47108 镜像层: sha256:291da71d5e8a5ce0340d7e905465f677a46f5665c2deaf39bccf781a986f3e54 发布日期: 2023-11-10 19:15 修改: 2023-11-20 19:34 |
| golang.org/x/net | CVE-2024-45338 | 高危 | v0.26.0 | 0.33.0 |
golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:291da71d5e8a5ce0340d7e905465f677a46f5665c2deaf39bccf781a986f3e54 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16 |
| stdlib | CVE-2024-34156 | 高危 | 1.22.6 | 1.22.7, 1.23.1 |
encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:291da71d5e8a5ce0340d7e905465f677a46f5665c2deaf39bccf781a986f3e54 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35 |
| gopkg.in/square/go-jose.v2 | CVE-2024-28180 | 中危 | v2.6.0 |
jose-go: improper handling of highly compressed data
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28180 镜像层: sha256:291da71d5e8a5ce0340d7e905465f677a46f5665c2deaf39bccf781a986f3e54 发布日期: 2024-03-09 01:15 修改: 2024-06-12 02:15 |
|
| github.com/quic-go/quic-go | CVE-2024-53259 | 中危 | v0.42.0 | 0.48.2 |
quic-go: quic-go affected by an ICMP Packet Too Large Injection Attack on Linux
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-53259 镜像层: sha256:291da71d5e8a5ce0340d7e905465f677a46f5665c2deaf39bccf781a986f3e54 发布日期: 2024-12-02 17:15 修改: 2024-12-02 17:15 |
| stdlib | CVE-2024-34155 | 中危 | 1.22.6 | 1.22.7, 1.23.1 |
go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:291da71d5e8a5ce0340d7e905465f677a46f5665c2deaf39bccf781a986f3e54 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35 |
| stdlib | CVE-2024-34158 | 中危 | 1.22.6 | 1.22.7, 1.23.1 |
go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:291da71d5e8a5ce0340d7e905465f677a46f5665c2deaf39bccf781a986f3e54 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35 |
| github.com/golang-jwt/jwt/v4 | CVE-2024-51744 | 低危 | v4.5.0 | 4.5.1 |
golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-51744 镜像层: sha256:291da71d5e8a5ce0340d7e905465f677a46f5665c2deaf39bccf781a986f3e54 发布日期: 2024-11-04 22:15 修改: 2024-11-05 16:04 |
| google.golang.org/grpc | GHSA-xr7q-jx4m-x55m | 低危 | v1.64.0 | 1.64.1 |
Private tokens could appear in logs if context containing gRPC metadata is logged in github.com/grpc/grpc-go
漏洞详情: https://github.com/advisories/GHSA-xr7q-jx4m-x55m 镜像层: sha256:291da71d5e8a5ce0340d7e905465f677a46f5665c2deaf39bccf781a986f3e54 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00 |
usr/bin/containerd-shim-runc-v2 (gobinary)
低危漏洞:0
中危漏洞:2
高危漏洞:2
严重漏洞:0
| 软件包 | 漏洞 | 安全状态 | 安装版本 | 修复版本 | 漏洞信息 |
|---|---|---|---|---|---|
| golang.org/x/net | CVE-2024-45338 | 高危 | v0.23.0 | 0.33.0 |
golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:291da71d5e8a5ce0340d7e905465f677a46f5665c2deaf39bccf781a986f3e54 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16 |
| stdlib | CVE-2024-34156 | 高危 | 1.22.6 | 1.22.7, 1.23.1 |
encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:291da71d5e8a5ce0340d7e905465f677a46f5665c2deaf39bccf781a986f3e54 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35 |
| stdlib | CVE-2024-34155 | 中危 | 1.22.6 | 1.22.7, 1.23.1 |
go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:291da71d5e8a5ce0340d7e905465f677a46f5665c2deaf39bccf781a986f3e54 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35 |
| stdlib | CVE-2024-34158 | 中危 | 1.22.6 | 1.22.7, 1.23.1 |
go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:291da71d5e8a5ce0340d7e905465f677a46f5665c2deaf39bccf781a986f3e54 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35 |
usr/bin/etcdctl (gobinary)
低危漏洞:1
中危漏洞:5
高危漏洞:2
严重漏洞:2
| 软件包 | 漏洞 | 安全状态 | 安装版本 | 修复版本 | 漏洞信息 |
|---|---|---|---|---|---|
| golang.org/x/crypto | CVE-2024-45337 | 严重 | v0.17.0 | 0.31.0 |
golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:397f6fc4a7426e8743726a1f1acbd6e0eebfece32f6e8a5b7d56168b67ac9727 发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15 |
| stdlib | CVE-2024-24790 | 严重 | 1.21.10 | 1.21.11, 1.22.4 |
golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:397f6fc4a7426e8743726a1f1acbd6e0eebfece32f6e8a5b7d56168b67ac9727 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35 |
| golang.org/x/net | CVE-2024-45338 | 高危 | v0.17.0 | 0.33.0 |
golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:397f6fc4a7426e8743726a1f1acbd6e0eebfece32f6e8a5b7d56168b67ac9727 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16 |
| stdlib | CVE-2024-34156 | 高危 | 1.21.10 | 1.22.7, 1.23.1 |
encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:397f6fc4a7426e8743726a1f1acbd6e0eebfece32f6e8a5b7d56168b67ac9727 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35 |
| golang.org/x/net | CVE-2023-45288 | 中危 | v0.17.0 | 0.23.0 |
golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:397f6fc4a7426e8743726a1f1acbd6e0eebfece32f6e8a5b7d56168b67ac9727 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35 |
| stdlib | CVE-2024-24789 | 中危 | 1.21.10 | 1.21.11, 1.22.4 |
golang: archive/zip: Incorrect handling of certain ZIP files
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:397f6fc4a7426e8743726a1f1acbd6e0eebfece32f6e8a5b7d56168b67ac9727 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48 |
| stdlib | CVE-2024-24791 | 中危 | 1.21.10 | 1.21.12, 1.22.5 |
net/http: Denial of service due to improper 100-continue handling in net/http
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:397f6fc4a7426e8743726a1f1acbd6e0eebfece32f6e8a5b7d56168b67ac9727 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17 |
| stdlib | CVE-2024-34155 | 中危 | 1.21.10 | 1.22.7, 1.23.1 |
go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:397f6fc4a7426e8743726a1f1acbd6e0eebfece32f6e8a5b7d56168b67ac9727 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35 |
| stdlib | CVE-2024-34158 | 中危 | 1.21.10 | 1.22.7, 1.23.1 |
go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:397f6fc4a7426e8743726a1f1acbd6e0eebfece32f6e8a5b7d56168b67ac9727 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35 |
| github.com/golang-jwt/jwt/v4 | CVE-2024-51744 | 低危 | v4.4.2 | 4.5.1 |
golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-51744 镜像层: sha256:397f6fc4a7426e8743726a1f1acbd6e0eebfece32f6e8a5b7d56168b67ac9727 发布日期: 2024-11-04 22:15 修改: 2024-11-05 16:04 |
usr/bin/firewall (gobinary)
低危漏洞:0
中危漏洞:2
高危漏洞:1
严重漏洞:0
| 软件包 | 漏洞 | 安全状态 | 安装版本 | 修复版本 | 漏洞信息 |
|---|---|---|---|---|---|
| stdlib | CVE-2024-34156 | 高危 | 1.22.6 | 1.22.7, 1.23.1 |
encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:291da71d5e8a5ce0340d7e905465f677a46f5665c2deaf39bccf781a986f3e54 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35 |
| stdlib | CVE-2024-34155 | 中危 | 1.22.6 | 1.22.7, 1.23.1 |
go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:291da71d5e8a5ce0340d7e905465f677a46f5665c2deaf39bccf781a986f3e54 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35 |
| stdlib | CVE-2024-34158 | 中危 | 1.22.6 | 1.22.7, 1.23.1 |
go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:291da71d5e8a5ce0340d7e905465f677a46f5665c2deaf39bccf781a986f3e54 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35 |
usr/bin/helm_v3 (gobinary)
低危漏洞:0
中危漏洞:0
高危漏洞:1
严重漏洞:1
| 软件包 | 漏洞 | 安全状态 | 安装版本 | 修复版本 | 漏洞信息 |
|---|---|---|---|---|---|
| golang.org/x/crypto | CVE-2024-45337 | 严重 | v0.26.0 | 0.31.0 |
golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:8682511ff7194a95b32351a0169a0aeeebe2559724e84e395e3f7f8bd2f6979f 发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15 |
| golang.org/x/net | CVE-2024-45338 | 高危 | v0.26.0 | 0.33.0 |
golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:8682511ff7194a95b32351a0169a0aeeebe2559724e84e395e3f7f8bd2f6979f 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16 |
usr/bin/k3s (gobinary)
低危漏洞:2
中危漏洞:4
高危漏洞:3
严重漏洞:1
| 软件包 | 漏洞 | 安全状态 | 安装版本 | 修复版本 | 漏洞信息 |
|---|---|---|---|---|---|
| golang.org/x/crypto | CVE-2024-45337 | 严重 | v0.24.0 | 0.31.0 |
golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:291da71d5e8a5ce0340d7e905465f677a46f5665c2deaf39bccf781a986f3e54 发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15 |
| go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc | CVE-2023-47108 | 高危 | v0.45.0 | 0.46.0 |
opentelemetry-go-contrib: DoS vulnerability in otelgrpc due to unbound cardinality metrics
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-47108 镜像层: sha256:291da71d5e8a5ce0340d7e905465f677a46f5665c2deaf39bccf781a986f3e54 发布日期: 2023-11-10 19:15 修改: 2023-11-20 19:34 |
| golang.org/x/net | CVE-2024-45338 | 高危 | v0.26.0 | 0.33.0 |
golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:291da71d5e8a5ce0340d7e905465f677a46f5665c2deaf39bccf781a986f3e54 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16 |
| stdlib | CVE-2024-34156 | 高危 | 1.22.6 | 1.22.7, 1.23.1 |
encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:291da71d5e8a5ce0340d7e905465f677a46f5665c2deaf39bccf781a986f3e54 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35 |
| gopkg.in/square/go-jose.v2 | CVE-2024-28180 | 中危 | v2.6.0 |
jose-go: improper handling of highly compressed data
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28180 镜像层: sha256:291da71d5e8a5ce0340d7e905465f677a46f5665c2deaf39bccf781a986f3e54 发布日期: 2024-03-09 01:15 修改: 2024-06-12 02:15 |
|
| github.com/quic-go/quic-go | CVE-2024-53259 | 中危 | v0.42.0 | 0.48.2 |
quic-go: quic-go affected by an ICMP Packet Too Large Injection Attack on Linux
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-53259 镜像层: sha256:291da71d5e8a5ce0340d7e905465f677a46f5665c2deaf39bccf781a986f3e54 发布日期: 2024-12-02 17:15 修改: 2024-12-02 17:15 |
| stdlib | CVE-2024-34155 | 中危 | 1.22.6 | 1.22.7, 1.23.1 |
go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:291da71d5e8a5ce0340d7e905465f677a46f5665c2deaf39bccf781a986f3e54 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35 |
| stdlib | CVE-2024-34158 | 中危 | 1.22.6 | 1.22.7, 1.23.1 |
go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:291da71d5e8a5ce0340d7e905465f677a46f5665c2deaf39bccf781a986f3e54 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35 |
| github.com/golang-jwt/jwt/v4 | CVE-2024-51744 | 低危 | v4.5.0 | 4.5.1 |
golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-51744 镜像层: sha256:291da71d5e8a5ce0340d7e905465f677a46f5665c2deaf39bccf781a986f3e54 发布日期: 2024-11-04 22:15 修改: 2024-11-05 16:04 |
| google.golang.org/grpc | GHSA-xr7q-jx4m-x55m | 低危 | v1.64.0 | 1.64.1 |
Private tokens could appear in logs if context containing gRPC metadata is logged in github.com/grpc/grpc-go
漏洞详情: https://github.com/advisories/GHSA-xr7q-jx4m-x55m 镜像层: sha256:291da71d5e8a5ce0340d7e905465f677a46f5665c2deaf39bccf781a986f3e54 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00 |
usr/bin/kustomize (gobinary)
低危漏洞:0
中危漏洞:4
高危漏洞:1
严重漏洞:1
| 软件包 | 漏洞 | 安全状态 | 安装版本 | 修复版本 | 漏洞信息 |
|---|---|---|---|---|---|
| stdlib | CVE-2024-24790 | 严重 | 1.21.10 | 1.21.11, 1.22.4 |
golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:3a3035d8443e242af78278d3ca305da17364a419450b539d0f31a9d414b1bd0a 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35 |
| stdlib | CVE-2024-34156 | 高危 | 1.21.10 | 1.22.7, 1.23.1 |
encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:3a3035d8443e242af78278d3ca305da17364a419450b539d0f31a9d414b1bd0a 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35 |
| stdlib | CVE-2024-24789 | 中危 | 1.21.10 | 1.21.11, 1.22.4 |
golang: archive/zip: Incorrect handling of certain ZIP files
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:3a3035d8443e242af78278d3ca305da17364a419450b539d0f31a9d414b1bd0a 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48 |
| stdlib | CVE-2024-24791 | 中危 | 1.21.10 | 1.21.12, 1.22.5 |
net/http: Denial of service due to improper 100-continue handling in net/http
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:3a3035d8443e242af78278d3ca305da17364a419450b539d0f31a9d414b1bd0a 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17 |
| stdlib | CVE-2024-34155 | 中危 | 1.21.10 | 1.22.7, 1.23.1 |
go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:3a3035d8443e242af78278d3ca305da17364a419450b539d0f31a9d414b1bd0a 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35 |
| stdlib | CVE-2024-34158 | 中危 | 1.21.10 | 1.22.7, 1.23.1 |
go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:3a3035d8443e242af78278d3ca305da17364a419450b539d0f31a9d414b1bd0a 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35 |
usr/bin/rancher (gobinary)
低危漏洞:0
中危漏洞:3
高危漏洞:0
严重漏洞:1
| 软件包 | 漏洞 | 安全状态 | 安装版本 | 修复版本 | 漏洞信息 |
|---|---|---|---|---|---|
| github.com/docker/docker | CVE-2024-41110 | 严重 | v20.10.27+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 |
moby: Authz zero length regression
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41110 镜像层: sha256:5ba4d54c862c508c869d83e9320e53e838752a388a4ea6647b70de504a1efe7d 发布日期: 2024-07-24 17:15 修改: 2024-07-30 20:15 |
| github.com/docker/docker | CVE-2024-24557 | 中危 | v20.10.27+incompatible | 24.0.9, 25.0.2 |
moby: classic builder cache poisoning
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24557 镜像层: sha256:5ba4d54c862c508c869d83e9320e53e838752a388a4ea6647b70de504a1efe7d 发布日期: 2024-02-01 17:15 修改: 2024-02-09 20:21 |
| github.com/docker/docker | CVE-2024-29018 | 中危 | v20.10.27+incompatible | 26.0.0-rc3, 25.0.5, 23.0.11 |
moby: external DNS requests from 'internal' networks could lead to data exfiltration
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29018 镜像层: sha256:5ba4d54c862c508c869d83e9320e53e838752a388a4ea6647b70de504a1efe7d 发布日期: 2024-03-20 21:15 修改: 2024-03-21 12:58 |
| github.com/go-jose/go-jose/v3 | CVE-2024-28180 | 中危 | v3.0.1 | 3.0.3 |
jose-go: improper handling of highly compressed data
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28180 镜像层: sha256:5ba4d54c862c508c869d83e9320e53e838752a388a4ea6647b70de504a1efe7d 发布日期: 2024-03-09 01:15 修改: 2024-06-12 02:15 |
usr/bin/rancher-machine (gobinary)
低危漏洞:1
中危漏洞:7
高危漏洞:3
严重漏洞:1
| 软件包 | 漏洞 | 安全状态 | 安装版本 | 修复版本 | 漏洞信息 |
|---|---|---|---|---|---|
| golang.org/x/crypto | CVE-2024-45337 | 严重 | v0.26.0 | 0.31.0 |
golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:68932be0784b66a93b6e1f67d8553b3e47f21ccf675dc989366b29f683f0e2c5 发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15 |
| github.com/moby/moby | CVE-2024-36623 | 高危 | v1.4.2-0.20170731201646-1009e6a40b29 | 26.0.0 |
moby: Race Condition in Moby's streamformatter Package
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-36623 镜像层: sha256:68932be0784b66a93b6e1f67d8553b3e47f21ccf675dc989366b29f683f0e2c5 发布日期: 2024-11-29 18:15 修改: 2024-12-04 17:15 |
| github.com/moby/moby | CVE-2024-36621 | 高危 | v1.4.2-0.20170731201646-1009e6a40b29 | 26.0.0 |
moby: Race Condition in Moby's Snapshot Layer Handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-36621 镜像层: sha256:68932be0784b66a93b6e1f67d8553b3e47f21ccf675dc989366b29f683f0e2c5 发布日期: 2024-11-29 18:15 修改: 2024-12-04 17:15 |
| golang.org/x/net | CVE-2024-45338 | 高危 | v0.28.0 | 0.33.0 |
golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:68932be0784b66a93b6e1f67d8553b3e47f21ccf675dc989366b29f683f0e2c5 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16 |
| github.com/moby/moby | CVE-2021-21285 | 中危 | v1.4.2-0.20170731201646-1009e6a40b29 | 19.3.15, 20.10.3 |
docker: daemon crash during image pull of malicious image
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21285 镜像层: sha256:68932be0784b66a93b6e1f67d8553b3e47f21ccf675dc989366b29f683f0e2c5 发布日期: 2021-02-02 18:15 修改: 2022-10-25 12:55 |
| github.com/moby/moby | CVE-2021-41091 | 中危 | v1.4.2-0.20170731201646-1009e6a40b29 | 20.10.9 |
moby: data directory contains subdirectories with insufficiently restricted permissions, which could lead to directory traversal
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-41091 镜像层: sha256:68932be0784b66a93b6e1f67d8553b3e47f21ccf675dc989366b29f683f0e2c5 发布日期: 2021-10-04 21:15 修改: 2023-11-07 03:38 |
| github.com/moby/moby | CVE-2022-24769 | 中危 | v1.4.2-0.20170731201646-1009e6a40b29 | 20.10.14 |
moby: Default inheritable capabilities for linux container should be empty
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24769 镜像层: sha256:68932be0784b66a93b6e1f67d8553b3e47f21ccf675dc989366b29f683f0e2c5 发布日期: 2022-03-24 20:15 修改: 2024-01-31 13:15 |
| github.com/moby/moby | CVE-2024-24557 | 中危 | v1.4.2-0.20170731201646-1009e6a40b29 | 24.0.9, 25.0.2 |
moby: classic builder cache poisoning
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24557 镜像层: sha256:68932be0784b66a93b6e1f67d8553b3e47f21ccf675dc989366b29f683f0e2c5 发布日期: 2024-02-01 17:15 修改: 2024-02-09 20:21 |
| github.com/moby/moby | GHSA-xmmx-7jpf-fx42 | 中危 | v1.4.2-0.20170731201646-1009e6a40b29 | 20.10.11 |
Moby (Docker Engine) is vulnerable to Ambiguous OCI manifest parsing
漏洞详情: https://github.com/advisories/GHSA-xmmx-7jpf-fx42 镜像层: sha256:68932be0784b66a93b6e1f67d8553b3e47f21ccf675dc989366b29f683f0e2c5 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00 |
| github.com/moby/moby | CVE-2020-27534 | 中危 | v1.4.2-0.20170731201646-1009e6a40b29 | 19.03.9 |
moby/buildkit: calls os.OpenFile with a potentially unsafe qemu-check temporary pathname
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-27534 镜像层: sha256:68932be0784b66a93b6e1f67d8553b3e47f21ccf675dc989366b29f683f0e2c5 发布日期: 2020-12-30 23:15 修改: 2021-01-05 20:19 |
| github.com/moby/moby | CVE-2021-21284 | 中危 | v1.4.2-0.20170731201646-1009e6a40b29 | 19.3.15, 20.10.3 |
docker: access to remapped root allows privilege escalation to real root
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21284 镜像层: sha256:68932be0784b66a93b6e1f67d8553b3e47f21ccf675dc989366b29f683f0e2c5 发布日期: 2021-02-02 18:15 修改: 2022-04-29 19:22 |
| github.com/golang-jwt/jwt/v4 | CVE-2024-51744 | 低危 | v4.5.0 | 4.5.1 |
golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-51744 镜像层: sha256:68932be0784b66a93b6e1f67d8553b3e47f21ccf675dc989366b29f683f0e2c5 发布日期: 2024-11-04 22:15 修改: 2024-11-05 16:04 |
usr/bin/runc (gobinary)
低危漏洞:0
中危漏洞:2
高危漏洞:2
严重漏洞:0
| 软件包 | 漏洞 | 安全状态 | 安装版本 | 修复版本 | 漏洞信息 |
|---|---|---|---|---|---|
| golang.org/x/net | CVE-2024-45338 | 高危 | v0.24.0 | 0.33.0 |
golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:291da71d5e8a5ce0340d7e905465f677a46f5665c2deaf39bccf781a986f3e54 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16 |
| stdlib | CVE-2024-34156 | 高危 | 1.22.6 | 1.22.7, 1.23.1 |
encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:291da71d5e8a5ce0340d7e905465f677a46f5665c2deaf39bccf781a986f3e54 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35 |
| stdlib | CVE-2024-34155 | 中危 | 1.22.6 | 1.22.7, 1.23.1 |
go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:291da71d5e8a5ce0340d7e905465f677a46f5665c2deaf39bccf781a986f3e54 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35 |
| stdlib | CVE-2024-34158 | 中危 | 1.22.6 | 1.22.7, 1.23.1 |
go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:291da71d5e8a5ce0340d7e905465f677a46f5665c2deaf39bccf781a986f3e54 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35 |
usr/bin/telemetry (gobinary)
低危漏洞:0
中危漏洞:13
高危漏洞:5
严重漏洞:2
| 软件包 | 漏洞 | 安全状态 | 安装版本 | 修复版本 | 漏洞信息 |
|---|---|---|---|---|---|
| golang.org/x/crypto | CVE-2024-45337 | 严重 | v0.14.0 | 0.31.0 |
golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:397f6fc4a7426e8743726a1f1acbd6e0eebfece32f6e8a5b7d56168b67ac9727 发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15 |
| stdlib | CVE-2024-24790 | 严重 | 1.21.3 | 1.21.11, 1.22.4 |
golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:397f6fc4a7426e8743726a1f1acbd6e0eebfece32f6e8a5b7d56168b67ac9727 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35 |
| golang.org/x/net | CVE-2024-45338 | 高危 | v0.17.0 | 0.33.0 |
golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:397f6fc4a7426e8743726a1f1acbd6e0eebfece32f6e8a5b7d56168b67ac9727 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16 |
| github.com/rancher/norman | CVE-2023-32193 | 高危 | v0.0.0-20210709145327-afd06f533ca3 | 0.0.0-20240207153100-3bb70b772b52 |
Norman API Cross-site Scripting Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-32193 镜像层: sha256:397f6fc4a7426e8743726a1f1acbd6e0eebfece32f6e8a5b7d56168b67ac9727 发布日期: 2024-10-16 13:15 修改: 2024-10-16 16:38 |
| stdlib | CVE-2023-45283 | 高危 | 1.21.3 | 1.20.11, 1.21.4, 1.20.12, 1.21.5 |
The filepath package does not recognize paths with a \??\ prefix as sp ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:397f6fc4a7426e8743726a1f1acbd6e0eebfece32f6e8a5b7d56168b67ac9727 发布日期: 2023-11-09 17:15 修改: 2023-12-14 10:15 |
| stdlib | CVE-2023-45288 | 高危 | 1.21.3 | 1.21.9, 1.22.2 |
golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:397f6fc4a7426e8743726a1f1acbd6e0eebfece32f6e8a5b7d56168b67ac9727 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35 |
| stdlib | CVE-2024-34156 | 高危 | 1.21.3 | 1.22.7, 1.23.1 |
encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:397f6fc4a7426e8743726a1f1acbd6e0eebfece32f6e8a5b7d56168b67ac9727 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35 |
| golang.org/x/crypto | CVE-2023-48795 | 中危 | v0.14.0 | 0.17.0 |
ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795 镜像层: sha256:397f6fc4a7426e8743726a1f1acbd6e0eebfece32f6e8a5b7d56168b67ac9727 发布日期: 2023-12-18 16:15 修改: 2024-12-02 14:54 |
| golang.org/x/net | CVE-2023-45288 | 中危 | v0.17.0 | 0.23.0 |
golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:397f6fc4a7426e8743726a1f1acbd6e0eebfece32f6e8a5b7d56168b67ac9727 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35 |
| stdlib | CVE-2023-39326 | 中危 | 1.21.3 | 1.20.12, 1.21.5 |
golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:397f6fc4a7426e8743726a1f1acbd6e0eebfece32f6e8a5b7d56168b67ac9727 发布日期: 2023-12-06 17:15 修改: 2024-01-20 04:15 |
| stdlib | CVE-2023-45284 | 中危 | 1.21.3 | 1.20.11, 1.21.4 |
On Windows, The IsLocal function does not correctly detect reserved de ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:397f6fc4a7426e8743726a1f1acbd6e0eebfece32f6e8a5b7d56168b67ac9727 发布日期: 2023-11-09 17:15 修改: 2024-09-03 19:35 |
| stdlib | CVE-2023-45289 | 中危 | 1.21.3 | 1.21.8, 1.22.1 |
golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:397f6fc4a7426e8743726a1f1acbd6e0eebfece32f6e8a5b7d56168b67ac9727 发布日期: 2024-03-05 23:15 修改: 2024-11-04 19:35 |
| stdlib | CVE-2023-45290 | 中危 | 1.21.3 | 1.21.8, 1.22.1 |
golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:397f6fc4a7426e8743726a1f1acbd6e0eebfece32f6e8a5b7d56168b67ac9727 发布日期: 2024-03-05 23:15 修改: 2024-11-07 11:35 |
| stdlib | CVE-2024-24783 | 中危 | 1.21.3 | 1.21.8, 1.22.1 |
golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:397f6fc4a7426e8743726a1f1acbd6e0eebfece32f6e8a5b7d56168b67ac9727 发布日期: 2024-03-05 23:15 修改: 2024-11-05 17:35 |
| stdlib | CVE-2024-24784 | 中危 | 1.21.3 | 1.21.8, 1.22.1 |
golang: net/mail: comments in display names are incorrectly handled
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:397f6fc4a7426e8743726a1f1acbd6e0eebfece32f6e8a5b7d56168b67ac9727 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35 |
| stdlib | CVE-2024-24785 | 中危 | 1.21.3 | 1.21.8, 1.22.1 |
golang: html/template: errors returned from MarshalJSON methods may break template escaping
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:397f6fc4a7426e8743726a1f1acbd6e0eebfece32f6e8a5b7d56168b67ac9727 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15 |
| stdlib | CVE-2024-24789 | 中危 | 1.21.3 | 1.21.11, 1.22.4 |
golang: archive/zip: Incorrect handling of certain ZIP files
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:397f6fc4a7426e8743726a1f1acbd6e0eebfece32f6e8a5b7d56168b67ac9727 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48 |
| stdlib | CVE-2024-24791 | 中危 | 1.21.3 | 1.21.12, 1.22.5 |
net/http: Denial of service due to improper 100-continue handling in net/http
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:397f6fc4a7426e8743726a1f1acbd6e0eebfece32f6e8a5b7d56168b67ac9727 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17 |
| stdlib | CVE-2024-34155 | 中危 | 1.21.3 | 1.22.7, 1.23.1 |
go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:397f6fc4a7426e8743726a1f1acbd6e0eebfece32f6e8a5b7d56168b67ac9727 发布日期: 2024-09-06 21:15 修改: 2024-11-04 17:35 |
| stdlib | CVE-2024-34158 | 中危 | 1.21.3 | 1.22.7, 1.23.1 |
go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:397f6fc4a7426e8743726a1f1acbd6e0eebfece32f6e8a5b7d56168b67ac9727 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35 |
usr/share/rancher/ui/assets/wins.exe (gobinary)
低危漏洞:0
中危漏洞:0
高危漏洞:1
严重漏洞:1
| 软件包 | 漏洞 | 安全状态 | 安装版本 | 修复版本 | 漏洞信息 |
|---|---|---|---|---|---|
| golang.org/x/crypto | CVE-2024-45337 | 严重 | v0.30.0 | 0.31.0 |
golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:a25851eb296bce3af67d6234697fbd8f06521b1749ed1ab8919cdf8c695d8911 发布日期: 2024-12-12 02:02 修改: 2024-12-12 21:15 |
| golang.org/x/net | CVE-2024-45338 | 高危 | v0.32.0 | 0.33.0 |
golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338 镜像层: sha256:a25851eb296bce3af67d6234697fbd8f06521b1749ed1ab8919cdf8c695d8911 发布日期: 2024-12-18 21:15 修改: 2024-12-31 20:16 |
/var/lib/rancher-data/local-catalogs/library/charts/harbor/v1.2.0/cert/tls.key ()
低危漏洞:0
中危漏洞:0
高危漏洞:0
严重漏洞:0
| 软件包 | 漏洞 | 安全状态 | 安装版本 | 修复版本 | 漏洞信息 |
|---|
/var/lib/rancher-data/local-catalogs/library/charts/harbor/v1.3.2/cert/tls.key ()
低危漏洞:0
中危漏洞:0
高危漏洞:0
严重漏洞:0
| 软件包 | 漏洞 | 安全状态 | 安装版本 | 修复版本 | 漏洞信息 |
|---|
/var/lib/rancher-data/local-catalogs/library/charts/artifactory-ha/v2.5.3/values.yaml ()
低危漏洞:0
中危漏洞:0
高危漏洞:0
严重漏洞:0
| 软件包 | 漏洞 | 安全状态 | 安装版本 | 修复版本 | 漏洞信息 |
|---|
/var/lib/rancher-data/local-catalogs/library/charts/cost-analyzer/v1.57.2/values.yaml ()
低危漏洞:0
中危漏洞:0
高危漏洞:0
严重漏洞:0
| 软件包 | 漏洞 | 安全状态 | 安装版本 | 修复版本 | 漏洞信息 |
|---|