docker.io/rancher/rancher:v2.9.3 linux/amd64

docker.io/rancher/rancher:v2.9.3 - Trivy安全扫描结果 扫描时间: 2024-10-27 12:05
全部漏洞信息
低危漏洞:2 中危漏洞:87 高危漏洞:24 严重漏洞:11

系统OS: suse linux enterprise server 15.6 扫描引擎: Trivy 扫描时间: 2024-10-27 12:05

docker.io/rancher/rancher:v2.9.3 (suse linux enterprise server 15.6) (suse linux enterprise server)
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
Node.js (node-pkg)
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
opt/drivers/management-state/bin/docker-machine-driver-harvester (gobinary)
低危漏洞:2 中危漏洞:6 高危漏洞:3 严重漏洞:1
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
github.com/docker/docker CVE-2024-41110 严重 v20.10.27+incompatible 23.0.15, 26.1.5, 27.1.1, 25.0.6 moby: Authz zero length regression

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41110

镜像层: sha256:6865eda964dea52ac96baf9d06a61fd4c5c28e8e12c5b35c2c377388fe1597a8

发布日期: 2024-07-24 17:15 修改: 2024-07-30 20:15

k8s.io/kubernetes CVE-2023-3676 高危 v1.24.10 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 kubernetes: Insufficient input sanitization on Windows nodes leads to privilege escalation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3676

镜像层: sha256:6865eda964dea52ac96baf9d06a61fd4c5c28e8e12c5b35c2c377388fe1597a8

发布日期: 2023-10-31 21:15 修改: 2023-11-30 22:15

k8s.io/kubernetes CVE-2023-3955 高危 v1.24.10 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 kubernetes: Insufficient input sanitization on Windows nodes leads to privilege escalation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3955

镜像层: sha256:6865eda964dea52ac96baf9d06a61fd4c5c28e8e12c5b35c2c377388fe1597a8

发布日期: 2023-10-31 21:15 修改: 2023-12-21 22:15

k8s.io/kubernetes CVE-2023-5528 高危 v1.24.10 1.28.4, 1.27.8, 1.26.11, 1.25.16 kubernetes: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5528

镜像层: sha256:6865eda964dea52ac96baf9d06a61fd4c5c28e8e12c5b35c2c377388fe1597a8

发布日期: 2023-11-14 21:15 修改: 2024-09-06 15:15

github.com/docker/docker CVE-2024-29018 中危 v20.10.27+incompatible 26.0.0-rc3, 25.0.5, 23.0.11 moby: external DNS requests from 'internal' networks could lead to data exfiltration

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29018

镜像层: sha256:6865eda964dea52ac96baf9d06a61fd4c5c28e8e12c5b35c2c377388fe1597a8

发布日期: 2024-03-20 21:15 修改: 2024-03-21 12:58

github.com/docker/docker CVE-2024-24557 中危 v20.10.27+incompatible 24.0.9, 25.0.2 moby: classic builder cache poisoning

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24557

镜像层: sha256:6865eda964dea52ac96baf9d06a61fd4c5c28e8e12c5b35c2c377388fe1597a8

发布日期: 2024-02-01 17:15 修改: 2024-02-09 20:21

k8s.io/kubernetes CVE-2023-2431 中危 v1.24.10 1.24.14, 1.25.10, 1.26.5, 1.27.2 kubernetes: Bypass of seccomp profile enforcement

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2431

镜像层: sha256:6865eda964dea52ac96baf9d06a61fd4c5c28e8e12c5b35c2c377388fe1597a8

发布日期: 2023-06-16 08:15 修改: 2023-07-01 06:15

k8s.io/kubernetes CVE-2023-2727 中危 v1.24.10 1.27.3, 1.26.6, 1.25.11, 1.24.15 kube-apiserver: Bypassing policies imposed by the ImagePolicyWebhook admission plugin

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2727

镜像层: sha256:6865eda964dea52ac96baf9d06a61fd4c5c28e8e12c5b35c2c377388fe1597a8

发布日期: 2023-07-03 21:15 修改: 2023-08-03 15:15

k8s.io/kubernetes CVE-2023-2728 中危 v1.24.10 1.27.3, 1.26.6, 1.25.11, 1.24.15 kube-apiserver: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2728

镜像层: sha256:6865eda964dea52ac96baf9d06a61fd4c5c28e8e12c5b35c2c377388fe1597a8

发布日期: 2023-07-03 21:15 修改: 2023-08-03 15:15

k8s.io/kubernetes CVE-2024-5321 中危 v1.24.10 1.27.16, 1.28.12, 1.29.7, 1.30.3 kubelet: Incorrect permissions on Windows containers logs

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5321

镜像层: sha256:6865eda964dea52ac96baf9d06a61fd4c5c28e8e12c5b35c2c377388fe1597a8

发布日期: 2024-07-18 19:15 修改: 2024-07-19 13:01

k8s.io/kubernetes CVE-2021-25743 低危 v1.24.10 1.26.0-alpha.3 kubernetes: kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-25743

镜像层: sha256:6865eda964dea52ac96baf9d06a61fd4c5c28e8e12c5b35c2c377388fe1597a8

发布日期: 2022-01-07 00:15 修改: 2022-02-28 15:22

k8s.io/kubernetes CVE-2024-3177 低危 v1.24.10 1.27.13, 1.29.4, 1.28.9 kubernetes: kube-apiserver: bypassing mountable secrets policy imposed by the ServiceAccount admission plugin

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-3177

镜像层: sha256:6865eda964dea52ac96baf9d06a61fd4c5c28e8e12c5b35c2c377388fe1597a8

发布日期: 2024-04-22 23:15 修改: 2024-09-10 21:15

opt/drivers/management-state/bin/docker-machine-driver-linode (gobinary)
低危漏洞:0 中危漏洞:6 高危漏洞:2 严重漏洞:2
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
github.com/docker/docker CVE-2024-41110 严重 v20.10.27+incompatible 23.0.15, 26.1.5, 27.1.1, 25.0.6 moby: Authz zero length regression

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41110

镜像层: sha256:4d30f1e8c7ae06ce2067b50c3876f7ce189973e891cb66952ccce64e594dca63

发布日期: 2024-07-24 17:15 修改: 2024-07-30 20:15

stdlib CVE-2024-24790 严重 1.22.2 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:4d30f1e8c7ae06ce2067b50c3876f7ce189973e891cb66952ccce64e594dca63

发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35

stdlib CVE-2024-24788 高危 1.22.2 1.22.3 golang: net: malformed DNS message can cause infinite loop

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24788

镜像层: sha256:4d30f1e8c7ae06ce2067b50c3876f7ce189973e891cb66952ccce64e594dca63

发布日期: 2024-05-08 16:15 修改: 2024-06-14 13:15

stdlib CVE-2024-34156 高危 1.22.2 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:4d30f1e8c7ae06ce2067b50c3876f7ce189973e891cb66952ccce64e594dca63

发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35

github.com/docker/docker CVE-2024-29018 中危 v20.10.27+incompatible 26.0.0-rc3, 25.0.5, 23.0.11 moby: external DNS requests from 'internal' networks could lead to data exfiltration

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29018

镜像层: sha256:4d30f1e8c7ae06ce2067b50c3876f7ce189973e891cb66952ccce64e594dca63

发布日期: 2024-03-20 21:15 修改: 2024-03-21 12:58

github.com/docker/docker CVE-2024-24557 中危 v20.10.27+incompatible 24.0.9, 25.0.2 moby: classic builder cache poisoning

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24557

镜像层: sha256:4d30f1e8c7ae06ce2067b50c3876f7ce189973e891cb66952ccce64e594dca63

发布日期: 2024-02-01 17:15 修改: 2024-02-09 20:21

stdlib CVE-2024-24789 中危 1.22.2 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:4d30f1e8c7ae06ce2067b50c3876f7ce189973e891cb66952ccce64e594dca63

发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48

stdlib CVE-2024-24791 中危 1.22.2 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:4d30f1e8c7ae06ce2067b50c3876f7ce189973e891cb66952ccce64e594dca63

发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17

stdlib CVE-2024-34155 中危 1.22.2 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:4d30f1e8c7ae06ce2067b50c3876f7ce189973e891cb66952ccce64e594dca63

发布日期: 2024-09-06 21:15 修改: 2024-09-09 13:03

stdlib CVE-2024-34158 中危 1.22.2 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:4d30f1e8c7ae06ce2067b50c3876f7ce189973e891cb66952ccce64e594dca63

发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35

usr/bin/bandwidth (gobinary)
低危漏洞:0 中危漏洞:3 高危漏洞:1 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
stdlib CVE-2024-34156 高危 1.22.4 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35

stdlib CVE-2024-24791 中危 1.22.4 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17

stdlib CVE-2024-34155 中危 1.22.4 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2024-09-06 21:15 修改: 2024-09-09 13:03

stdlib CVE-2024-34158 中危 1.22.4 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35

usr/bin/cni (gobinary)
低危漏洞:0 中危漏洞:3 高危漏洞:1 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
stdlib CVE-2024-34156 高危 1.22.4 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35

stdlib CVE-2024-24791 中危 1.22.4 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17

stdlib CVE-2024-34155 中危 1.22.4 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2024-09-06 21:15 修改: 2024-09-09 13:03

stdlib CVE-2024-34158 中危 1.22.4 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35

usr/bin/containerd (gobinary)
低危漏洞:0 中危漏洞:7 高危漏洞:2 严重漏洞:1
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
github.com/docker/docker CVE-2024-41110 严重 v25.0.4+incompatible 23.0.15, 26.1.5, 27.1.1, 25.0.6 moby: Authz zero length regression

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41110

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2024-07-24 17:15 修改: 2024-07-30 20:15

go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc CVE-2023-47108 高危 v0.45.0 0.46.0 opentelemetry-go-contrib: DoS vulnerability in otelgrpc due to unbound cardinality metrics

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-47108

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2023-11-10 19:15 修改: 2023-11-20 19:34

stdlib CVE-2024-34156 高危 1.22.4 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35

github.com/docker/docker CVE-2024-29018 中危 v25.0.4+incompatible 26.0.0-rc3, 25.0.5, 23.0.11 moby: external DNS requests from 'internal' networks could lead to data exfiltration

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29018

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2024-03-20 21:15 修改: 2024-03-21 12:58

golang.org/x/net CVE-2023-45288 中危 v0.17.0 0.23.0 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35

gopkg.in/square/go-jose.v2 CVE-2024-28180 中危 v2.6.0 jose-go: improper handling of highly compressed data

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28180

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2024-03-09 01:15 修改: 2024-06-12 02:15

github.com/hashicorp/go-retryablehttp CVE-2024-6104 中危 v0.7.4 0.7.7 go-retryablehttp: url might write sensitive information to log file

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6104

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2024-06-24 17:15 修改: 2024-06-26 17:19

stdlib CVE-2024-24791 中危 1.22.4 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17

stdlib CVE-2024-34155 中危 1.22.4 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2024-09-06 21:15 修改: 2024-09-09 13:03

stdlib CVE-2024-34158 中危 1.22.4 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35

usr/bin/containerd-shim-runc-v2 (gobinary)
低危漏洞:0 中危漏洞:3 高危漏洞:1 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
stdlib CVE-2024-34156 高危 1.22.4 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35

stdlib CVE-2024-24791 中危 1.22.4 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17

stdlib CVE-2024-34155 中危 1.22.4 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2024-09-06 21:15 修改: 2024-09-09 13:03

stdlib CVE-2024-34158 中危 1.22.4 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35

usr/bin/etcdctl (gobinary)
低危漏洞:0 中危漏洞:5 高危漏洞:1 严重漏洞:1
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
stdlib CVE-2024-24790 严重 1.21.10 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:00f359e38ebfd80932efddf5893fe11e0a35c9ee84b48da7b8abe59fcb30f84e

发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35

stdlib CVE-2024-34156 高危 1.21.10 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:00f359e38ebfd80932efddf5893fe11e0a35c9ee84b48da7b8abe59fcb30f84e

发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35

golang.org/x/net CVE-2023-45288 中危 v0.17.0 0.23.0 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:00f359e38ebfd80932efddf5893fe11e0a35c9ee84b48da7b8abe59fcb30f84e

发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35

stdlib CVE-2024-24789 中危 1.21.10 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:00f359e38ebfd80932efddf5893fe11e0a35c9ee84b48da7b8abe59fcb30f84e

发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48

stdlib CVE-2024-24791 中危 1.21.10 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:00f359e38ebfd80932efddf5893fe11e0a35c9ee84b48da7b8abe59fcb30f84e

发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17

stdlib CVE-2024-34155 中危 1.21.10 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:00f359e38ebfd80932efddf5893fe11e0a35c9ee84b48da7b8abe59fcb30f84e

发布日期: 2024-09-06 21:15 修改: 2024-09-09 13:03

stdlib CVE-2024-34158 中危 1.21.10 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:00f359e38ebfd80932efddf5893fe11e0a35c9ee84b48da7b8abe59fcb30f84e

发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35

usr/bin/firewall (gobinary)
低危漏洞:0 中危漏洞:3 高危漏洞:1 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
stdlib CVE-2024-34156 高危 1.22.4 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35

stdlib CVE-2024-24791 中危 1.22.4 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17

stdlib CVE-2024-34155 中危 1.22.4 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2024-09-06 21:15 修改: 2024-09-09 13:03

stdlib CVE-2024-34158 中危 1.22.4 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35

usr/bin/helm_v3 (gobinary)
低危漏洞:0 中危漏洞:3 高危漏洞:1 严重漏洞:1
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
github.com/docker/docker CVE-2024-41110 严重 v25.0.5+incompatible 23.0.15, 26.1.5, 27.1.1, 25.0.6 moby: Authz zero length regression

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41110

镜像层: sha256:1105ff22bc3cdb1ec4cfc93a01024937ce610e581e7a75fe532a51560e9e13b6

发布日期: 2024-07-24 17:15 修改: 2024-07-30 20:15

stdlib CVE-2024-34156 高危 1.22.4 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:1105ff22bc3cdb1ec4cfc93a01024937ce610e581e7a75fe532a51560e9e13b6

发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35

stdlib CVE-2024-24791 中危 1.22.4 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:1105ff22bc3cdb1ec4cfc93a01024937ce610e581e7a75fe532a51560e9e13b6

发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17

stdlib CVE-2024-34155 中危 1.22.4 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:1105ff22bc3cdb1ec4cfc93a01024937ce610e581e7a75fe532a51560e9e13b6

发布日期: 2024-09-06 21:15 修改: 2024-09-09 13:03

stdlib CVE-2024-34158 中危 1.22.4 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:1105ff22bc3cdb1ec4cfc93a01024937ce610e581e7a75fe532a51560e9e13b6

发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35

usr/bin/k3s (gobinary)
低危漏洞:0 中危漏洞:7 高危漏洞:2 严重漏洞:1
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
github.com/docker/docker CVE-2024-41110 严重 v25.0.4+incompatible 23.0.15, 26.1.5, 27.1.1, 25.0.6 moby: Authz zero length regression

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41110

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2024-07-24 17:15 修改: 2024-07-30 20:15

go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc CVE-2023-47108 高危 v0.45.0 0.46.0 opentelemetry-go-contrib: DoS vulnerability in otelgrpc due to unbound cardinality metrics

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-47108

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2023-11-10 19:15 修改: 2023-11-20 19:34

stdlib CVE-2024-34156 高危 1.22.4 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35

github.com/docker/docker CVE-2024-29018 中危 v25.0.4+incompatible 26.0.0-rc3, 25.0.5, 23.0.11 moby: external DNS requests from 'internal' networks could lead to data exfiltration

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29018

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2024-03-20 21:15 修改: 2024-03-21 12:58

golang.org/x/net CVE-2023-45288 中危 v0.17.0 0.23.0 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35

gopkg.in/square/go-jose.v2 CVE-2024-28180 中危 v2.6.0 jose-go: improper handling of highly compressed data

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28180

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2024-03-09 01:15 修改: 2024-06-12 02:15

github.com/hashicorp/go-retryablehttp CVE-2024-6104 中危 v0.7.4 0.7.7 go-retryablehttp: url might write sensitive information to log file

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6104

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2024-06-24 17:15 修改: 2024-06-26 17:19

stdlib CVE-2024-24791 中危 1.22.4 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17

stdlib CVE-2024-34155 中危 1.22.4 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2024-09-06 21:15 修改: 2024-09-09 13:03

stdlib CVE-2024-34158 中危 1.22.4 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35

usr/bin/kustomize (gobinary)
低危漏洞:0 中危漏洞:4 高危漏洞:1 严重漏洞:1
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
stdlib CVE-2024-24790 严重 1.21.10 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:610684b82a884a9357860c1e061675073c2ce6773dab12dbffc33e92ddbcea03

发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35

stdlib CVE-2024-34156 高危 1.21.10 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:610684b82a884a9357860c1e061675073c2ce6773dab12dbffc33e92ddbcea03

发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35

stdlib CVE-2024-24789 中危 1.21.10 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:610684b82a884a9357860c1e061675073c2ce6773dab12dbffc33e92ddbcea03

发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48

stdlib CVE-2024-24791 中危 1.21.10 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:610684b82a884a9357860c1e061675073c2ce6773dab12dbffc33e92ddbcea03

发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17

stdlib CVE-2024-34155 中危 1.21.10 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:610684b82a884a9357860c1e061675073c2ce6773dab12dbffc33e92ddbcea03

发布日期: 2024-09-06 21:15 修改: 2024-09-09 13:03

stdlib CVE-2024-34158 中危 1.21.10 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:610684b82a884a9357860c1e061675073c2ce6773dab12dbffc33e92ddbcea03

发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35

usr/bin/loglevel (gobinary)
低危漏洞:0 中危漏洞:4 高危漏洞:1 严重漏洞:1
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
stdlib CVE-2024-24790 严重 1.22.3 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:4d30f1e8c7ae06ce2067b50c3876f7ce189973e891cb66952ccce64e594dca63

发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35

stdlib CVE-2024-34156 高危 1.22.3 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:4d30f1e8c7ae06ce2067b50c3876f7ce189973e891cb66952ccce64e594dca63

发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35

stdlib CVE-2024-24789 中危 1.22.3 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:4d30f1e8c7ae06ce2067b50c3876f7ce189973e891cb66952ccce64e594dca63

发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48

stdlib CVE-2024-24791 中危 1.22.3 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:4d30f1e8c7ae06ce2067b50c3876f7ce189973e891cb66952ccce64e594dca63

发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17

stdlib CVE-2024-34155 中危 1.22.3 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:4d30f1e8c7ae06ce2067b50c3876f7ce189973e891cb66952ccce64e594dca63

发布日期: 2024-09-06 21:15 修改: 2024-09-09 13:03

stdlib CVE-2024-34158 中危 1.22.3 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:4d30f1e8c7ae06ce2067b50c3876f7ce189973e891cb66952ccce64e594dca63

发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35

usr/bin/rancher (gobinary)
低危漏洞:0 中危漏洞:4 高危漏洞:0 严重漏洞:1
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
github.com/docker/docker CVE-2024-41110 严重 v20.10.27+incompatible 23.0.15, 26.1.5, 27.1.1, 25.0.6 moby: Authz zero length regression

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41110

镜像层: sha256:f5601c4cec82624a64d25fe04c2b393b6d61cee348e57adfd6ab2ccccbda8506

发布日期: 2024-07-24 17:15 修改: 2024-07-30 20:15

github.com/docker/docker CVE-2024-24557 中危 v20.10.27+incompatible 24.0.9, 25.0.2 moby: classic builder cache poisoning

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24557

镜像层: sha256:f5601c4cec82624a64d25fe04c2b393b6d61cee348e57adfd6ab2ccccbda8506

发布日期: 2024-02-01 17:15 修改: 2024-02-09 20:21

github.com/docker/docker CVE-2024-29018 中危 v20.10.27+incompatible 26.0.0-rc3, 25.0.5, 23.0.11 moby: external DNS requests from 'internal' networks could lead to data exfiltration

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29018

镜像层: sha256:f5601c4cec82624a64d25fe04c2b393b6d61cee348e57adfd6ab2ccccbda8506

发布日期: 2024-03-20 21:15 修改: 2024-03-21 12:58

github.com/go-jose/go-jose/v3 CVE-2024-28180 中危 v3.0.1 3.0.3 jose-go: improper handling of highly compressed data

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28180

镜像层: sha256:f5601c4cec82624a64d25fe04c2b393b6d61cee348e57adfd6ab2ccccbda8506

发布日期: 2024-03-09 01:15 修改: 2024-06-12 02:15

k8s.io/kubernetes CVE-2024-5321 中危 v1.30.1 1.27.16, 1.28.12, 1.29.7, 1.30.3 kubelet: Incorrect permissions on Windows containers logs

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5321

镜像层: sha256:f5601c4cec82624a64d25fe04c2b393b6d61cee348e57adfd6ab2ccccbda8506

发布日期: 2024-07-18 19:15 修改: 2024-07-19 13:01

usr/bin/rancher-machine (gobinary)
低危漏洞:0 中危漏洞:9 高危漏洞:1 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
stdlib CVE-2024-34156 高危 1.22.6 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:4d30f1e8c7ae06ce2067b50c3876f7ce189973e891cb66952ccce64e594dca63

发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35

github.com/moby/moby CVE-2021-21284 中危 v1.4.2-0.20170731201646-1009e6a40b29 19.3.15, 20.10.3 docker: access to remapped root allows privilege escalation to real root

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21284

镜像层: sha256:4d30f1e8c7ae06ce2067b50c3876f7ce189973e891cb66952ccce64e594dca63

发布日期: 2021-02-02 18:15 修改: 2022-04-29 19:22

github.com/moby/moby CVE-2021-21285 中危 v1.4.2-0.20170731201646-1009e6a40b29 19.3.15, 20.10.3 docker: daemon crash during image pull of malicious image

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21285

镜像层: sha256:4d30f1e8c7ae06ce2067b50c3876f7ce189973e891cb66952ccce64e594dca63

发布日期: 2021-02-02 18:15 修改: 2022-10-25 12:55

github.com/moby/moby CVE-2021-41091 中危 v1.4.2-0.20170731201646-1009e6a40b29 20.10.9 moby: data directory contains subdirectories with insufficiently restricted permissions, which could lead to directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-41091

镜像层: sha256:4d30f1e8c7ae06ce2067b50c3876f7ce189973e891cb66952ccce64e594dca63

发布日期: 2021-10-04 21:15 修改: 2023-11-07 03:38

github.com/moby/moby CVE-2022-24769 中危 v1.4.2-0.20170731201646-1009e6a40b29 20.10.14 moby: Default inheritable capabilities for linux container should be empty

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24769

镜像层: sha256:4d30f1e8c7ae06ce2067b50c3876f7ce189973e891cb66952ccce64e594dca63

发布日期: 2022-03-24 20:15 修改: 2024-01-31 13:15

github.com/moby/moby CVE-2024-24557 中危 v1.4.2-0.20170731201646-1009e6a40b29 24.0.9, 25.0.2 moby: classic builder cache poisoning

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24557

镜像层: sha256:4d30f1e8c7ae06ce2067b50c3876f7ce189973e891cb66952ccce64e594dca63

发布日期: 2024-02-01 17:15 修改: 2024-02-09 20:21

github.com/moby/moby GHSA-xmmx-7jpf-fx42 中危 v1.4.2-0.20170731201646-1009e6a40b29 20.10.11 Moby (Docker Engine) is vulnerable to Ambiguous OCI manifest parsing

漏洞详情: https://github.com/advisories/GHSA-xmmx-7jpf-fx42

镜像层: sha256:4d30f1e8c7ae06ce2067b50c3876f7ce189973e891cb66952ccce64e594dca63

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

github.com/moby/moby CVE-2020-27534 中危 v1.4.2-0.20170731201646-1009e6a40b29 19.03.9 moby/buildkit: calls os.OpenFile with a potentially unsafe qemu-check temporary pathname

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-27534

镜像层: sha256:4d30f1e8c7ae06ce2067b50c3876f7ce189973e891cb66952ccce64e594dca63

发布日期: 2020-12-30 23:15 修改: 2021-01-05 20:19

stdlib CVE-2024-34155 中危 1.22.6 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:4d30f1e8c7ae06ce2067b50c3876f7ce189973e891cb66952ccce64e594dca63

发布日期: 2024-09-06 21:15 修改: 2024-09-09 13:03

stdlib CVE-2024-34158 中危 1.22.6 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:4d30f1e8c7ae06ce2067b50c3876f7ce189973e891cb66952ccce64e594dca63

发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35

usr/bin/runc (gobinary)
低危漏洞:0 中危漏洞:7 高危漏洞:2 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
golang.org/x/net CVE-2023-39325 高危 v0.8.0 0.17.0 golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15

stdlib CVE-2024-34156 高危 1.22.4 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35

golang.org/x/net CVE-2023-44487 中危 v0.8.0 0.17.0 HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2023-10-10 14:15 修改: 2024-08-14 19:57

golang.org/x/net CVE-2023-45288 中危 v0.8.0 0.23.0 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35

google.golang.org/protobuf CVE-2024-24786 中危 v1.27.1 1.33.0 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2024-03-05 23:15 修改: 2024-06-10 18:15

golang.org/x/net CVE-2023-3978 中危 v0.8.0 0.13.0 golang.org/x/net/html: Cross site scripting

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:20

stdlib CVE-2024-24791 中危 1.22.4 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17

stdlib CVE-2024-34155 中危 1.22.4 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2024-09-06 21:15 修改: 2024-09-09 13:03

stdlib CVE-2024-34158 中危 1.22.4 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:20b0e04230e74df618bb525e246e555296e71293b39a1330d1c58cc6c14682b2

发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35

usr/bin/telemetry (gobinary)
低危漏洞:0 中危漏洞:13 高危漏洞:4 严重漏洞:1
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
stdlib CVE-2024-24790 严重 1.21.3 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:00f359e38ebfd80932efddf5893fe11e0a35c9ee84b48da7b8abe59fcb30f84e

发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35

github.com/rancher/norman CVE-2023-32193 高危 v0.0.0-20210709145327-afd06f533ca3 0.0.0-20240207153100-3bb70b772b52 Norman API Cross-site Scripting Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-32193

镜像层: sha256:00f359e38ebfd80932efddf5893fe11e0a35c9ee84b48da7b8abe59fcb30f84e

发布日期: 2024-10-16 13:15 修改: 2024-10-16 16:38

stdlib CVE-2023-45283 高危 1.21.3 1.20.11, 1.21.4, 1.20.12, 1.21.5 The filepath package does not recognize paths with a \??\ prefix as sp ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283

镜像层: sha256:00f359e38ebfd80932efddf5893fe11e0a35c9ee84b48da7b8abe59fcb30f84e

发布日期: 2023-11-09 17:15 修改: 2023-12-14 10:15

stdlib CVE-2023-45288 高危 1.21.3 1.21.9, 1.22.2 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:00f359e38ebfd80932efddf5893fe11e0a35c9ee84b48da7b8abe59fcb30f84e

发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35

stdlib CVE-2024-34156 高危 1.21.3 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:00f359e38ebfd80932efddf5893fe11e0a35c9ee84b48da7b8abe59fcb30f84e

发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35

golang.org/x/crypto CVE-2023-48795 中危 v0.14.0 0.17.0 ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795

镜像层: sha256:00f359e38ebfd80932efddf5893fe11e0a35c9ee84b48da7b8abe59fcb30f84e

发布日期: 2023-12-18 16:15 修改: 2024-05-01 18:15

golang.org/x/net CVE-2023-45288 中危 v0.17.0 0.23.0 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:00f359e38ebfd80932efddf5893fe11e0a35c9ee84b48da7b8abe59fcb30f84e

发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35

stdlib CVE-2023-39326 中危 1.21.3 1.20.12, 1.21.5 golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326

镜像层: sha256:00f359e38ebfd80932efddf5893fe11e0a35c9ee84b48da7b8abe59fcb30f84e

发布日期: 2023-12-06 17:15 修改: 2024-01-20 04:15

stdlib CVE-2023-45284 中危 1.21.3 1.20.11, 1.21.4 On Windows, The IsLocal function does not correctly detect reserved de ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284

镜像层: sha256:00f359e38ebfd80932efddf5893fe11e0a35c9ee84b48da7b8abe59fcb30f84e

发布日期: 2023-11-09 17:15 修改: 2024-09-03 19:35

stdlib CVE-2023-45289 中危 1.21.3 1.21.8, 1.22.1 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289

镜像层: sha256:00f359e38ebfd80932efddf5893fe11e0a35c9ee84b48da7b8abe59fcb30f84e

发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15

stdlib CVE-2023-45290 中危 1.21.3 1.21.8, 1.22.1 golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290

镜像层: sha256:00f359e38ebfd80932efddf5893fe11e0a35c9ee84b48da7b8abe59fcb30f84e

发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15

stdlib CVE-2024-24783 中危 1.21.3 1.21.8, 1.22.1 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783

镜像层: sha256:00f359e38ebfd80932efddf5893fe11e0a35c9ee84b48da7b8abe59fcb30f84e

发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15

stdlib CVE-2024-24784 中危 1.21.3 1.21.8, 1.22.1 golang: net/mail: comments in display names are incorrectly handled

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784

镜像层: sha256:00f359e38ebfd80932efddf5893fe11e0a35c9ee84b48da7b8abe59fcb30f84e

发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35

stdlib CVE-2024-24785 中危 1.21.3 1.21.8, 1.22.1 golang: html/template: errors returned from MarshalJSON methods may break template escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785

镜像层: sha256:00f359e38ebfd80932efddf5893fe11e0a35c9ee84b48da7b8abe59fcb30f84e

发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15

stdlib CVE-2024-24789 中危 1.21.3 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:00f359e38ebfd80932efddf5893fe11e0a35c9ee84b48da7b8abe59fcb30f84e

发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48

stdlib CVE-2024-24791 中危 1.21.3 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:00f359e38ebfd80932efddf5893fe11e0a35c9ee84b48da7b8abe59fcb30f84e

发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17

stdlib CVE-2024-34155 中危 1.21.3 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:00f359e38ebfd80932efddf5893fe11e0a35c9ee84b48da7b8abe59fcb30f84e

发布日期: 2024-09-06 21:15 修改: 2024-09-09 13:03

stdlib CVE-2024-34158 中危 1.21.3 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:00f359e38ebfd80932efddf5893fe11e0a35c9ee84b48da7b8abe59fcb30f84e

发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35

usr/share/rancher/ui/assets/wins.exe (gobinary)
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
/var/lib/rancher-data/local-catalogs/library/charts/artifactory-ha/v2.5.3/values.yaml ()
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
/var/lib/rancher-data/local-catalogs/library/charts/cost-analyzer/v1.57.2/values.yaml ()
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
/var/lib/rancher-data/local-catalogs/library/charts/harbor/v1.2.0/cert/tls.key ()
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
/var/lib/rancher-data/local-catalogs/library/charts/harbor/v1.3.2/cert/tls.key ()
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息