ghcr.io/headlamp-k8s/headlamp:v0.43.0 linux/amd64

ghcr.io/headlamp-k8s/headlamp:v0.43.0 - Trivy安全扫描结果 扫描时间: 2026-07-03 01:48
全部漏洞信息
低危漏洞:21 中危漏洞:12 高危漏洞:7 严重漏洞:0

系统OS: alpine 3.23.4 扫描引擎: Trivy 扫描时间: 2026-07-03 01:48

ghcr.io/headlamp-k8s/headlamp:v0.43.0 (alpine 3.23.4) (alpine)
低危漏洞:20 中危漏洞:8 高危漏洞:2 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
libcrypto3 CVE-2026-45447 高危 3.5.6-r0 3.5.7-r0 openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45447

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-07-01 13:17

libssl3 CVE-2026-45447 高危 3.5.6-r0 3.5.7-r0 openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45447

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-07-01 13:17

libcrypto3 CVE-2026-34183 中危 3.5.6-r0 3.5.7-r0 openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34183

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

libcrypto3 CVE-2026-42764 中危 3.5.6-r0 3.5.7-r0 openssl: NULL pointer dereference in QUIC server initial packet handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42764

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libcrypto3 CVE-2026-45445 中危 3.5.6-r0 3.5.7-r0 openssl: AES-OCB IV Ignored on EVP_Cipher() Path

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45445

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52

libcrypto3 CVE-2026-34182 中危 3.5.6-r0 3.5.7-r0 openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34182

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

libssl3 CVE-2026-34182 中危 3.5.6-r0 3.5.7-r0 openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34182

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

libssl3 CVE-2026-34183 中危 3.5.6-r0 3.5.7-r0 openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34183

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

libssl3 CVE-2026-42764 中危 3.5.6-r0 3.5.7-r0 openssl: NULL pointer dereference in QUIC server initial packet handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42764

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libssl3 CVE-2026-45445 中危 3.5.6-r0 3.5.7-r0 openssl: AES-OCB IV Ignored on EVP_Cipher() Path

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45445

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52

libcrypto3 CVE-2026-42769 低危 3.5.6-r0 3.5.7-r0 openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42769

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libcrypto3 CVE-2026-42770 低危 3.5.6-r0 3.5.7-r0 openssl: FFC-DH Peer Validation Uses Attacker-Supplied q

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42770

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libcrypto3 CVE-2026-45446 低危 3.5.6-r0 3.5.7-r0 openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45446

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52

libcrypto3 CVE-2026-7383 低危 3.5.6-r0 3.5.7-r0 openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7383

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 11:02

libcrypto3 CVE-2026-9076 低危 3.5.6-r0 3.5.7-r0 openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9076

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 11:04

libcrypto3 CVE-2026-34180 低危 3.5.6-r0 3.5.7-r0 openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34180

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

libcrypto3 CVE-2026-34181 低危 3.5.6-r0 3.5.7-r0 openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34181

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

libcrypto3 CVE-2026-42766 低危 3.5.6-r0 3.5.7-r0 openssl: Possible NULL Dereference in Password-Based CMS Decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42766

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libcrypto3 CVE-2026-42767 低危 3.5.6-r0 3.5.7-r0 openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42767

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libcrypto3 CVE-2026-42768 低危 3.5.6-r0 3.5.7-r0 openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42768

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libssl3 CVE-2026-34180 低危 3.5.6-r0 3.5.7-r0 openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34180

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

libssl3 CVE-2026-34181 低危 3.5.6-r0 3.5.7-r0 openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34181

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

libssl3 CVE-2026-42766 低危 3.5.6-r0 3.5.7-r0 openssl: Possible NULL Dereference in Password-Based CMS Decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42766

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libssl3 CVE-2026-42767 低危 3.5.6-r0 3.5.7-r0 openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42767

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libssl3 CVE-2026-42768 低危 3.5.6-r0 3.5.7-r0 openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42768

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libssl3 CVE-2026-42769 低危 3.5.6-r0 3.5.7-r0 openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42769

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libssl3 CVE-2026-42770 低危 3.5.6-r0 3.5.7-r0 openssl: FFC-DH Peer Validation Uses Attacker-Supplied q

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42770

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libssl3 CVE-2026-45446 低危 3.5.6-r0 3.5.7-r0 openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45446

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52

libssl3 CVE-2026-7383 低危 3.5.6-r0 3.5.7-r0 openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7383

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 11:02

libssl3 CVE-2026-9076 低危 3.5.6-r0 3.5.7-r0 openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9076

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 11:04

Node.js (node-pkg)
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
headlamp/headlamp-server (gobinary)
低危漏洞:1 中危漏洞:4 高危漏洞:5 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
github.com/containerd/containerd CVE-2026-53488 高危 v1.7.32 1.7.33 containerd is an open-source container runtime. In versions prior to 1 ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53488

镜像层: sha256:b5c0044f564a712eb933162d879d39e124be278dacdb782c5535be90cd57eaf5

发布日期: 2026-07-01 02:17 修改: 2026-07-01 15:17

oras.land/oras-go/v2 CVE-2026-50151 高危 v2.6.0 2.6.1 oras-go blob upload vulnerable to credential forwarding via unvalidated Location header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50151

镜像层: sha256:b5c0044f564a712eb933162d879d39e124be278dacdb782c5535be90cd57eaf5

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

oras.land/oras-go/v2 CVE-2026-50163 高危 v2.6.0 `oras-go` tar extraction: Hardlink entry with relative Linkname escapes extract dir via process CWD resolution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50163

镜像层: sha256:b5c0044f564a712eb933162d879d39e124be278dacdb782c5535be90cd57eaf5

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

stdlib CVE-2026-27145 高危 v1.26.3 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:b5c0044f564a712eb933162d879d39e124be278dacdb782c5535be90cd57eaf5

发布日期: 2026-06-02 23:16 修改: 2026-07-01 13:16

stdlib CVE-2026-42504 高危 v1.26.3 1.25.11, 1.26.4 Decoding a maliciously-crafted MIME header containing many invalid enc ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:b5c0044f564a712eb933162d879d39e124be278dacdb782c5535be90cd57eaf5

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

oras.land/oras-go/v2 GHSA-vh4v-2xq2-g5cg 中危 v2.6.0 2.6.1 ORAS Go forwards registry credentials across registry redirects

漏洞详情: https://github.com/advisories/GHSA-vh4v-2xq2-g5cg

镜像层: sha256:b5c0044f564a712eb933162d879d39e124be278dacdb782c5535be90cd57eaf5

发布日期: 2026-07-01 21:54 修改: 2026-07-01 21:54

github.com/containerd/containerd CVE-2026-47262 中危 v1.7.32 1.7.33 containerd is an open-source container runtime. Versions prior to 1.7. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47262

镜像层: sha256:b5c0044f564a712eb933162d879d39e124be278dacdb782c5535be90cd57eaf5

发布日期: 2026-07-01 19:16 修改: 2026-07-01 19:16

oras.land/oras-go/v2 CVE-2026-50162 中危 v2.6.0 2.6.1 oras-go has file store write outside workingDir via symlink traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50162

镜像层: sha256:b5c0044f564a712eb933162d879d39e124be278dacdb782c5535be90cd57eaf5

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

stdlib CVE-2026-42507 中危 v1.26.3 1.25.11, 1.26.4 net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:b5c0044f564a712eb933162d879d39e124be278dacdb782c5535be90cd57eaf5

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

oras.land/oras-go/v2 CVE-2026-48978 低危 v2.6.0 2.6.1 oras-go: Malicious registry can hijack Bearer token realm to exfiltrate credentials and refresh tokens

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48978

镜像层: sha256:b5c0044f564a712eb933162d879d39e124be278dacdb782c5535be90cd57eaf5

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

检测到您正在使用广告拦截插件,本站为公益站点,依赖广告维持运转 🙏 查看如何关闭 ×