CVE-2026-39821 affecting package skopeo for versions less than 1.14.4-11

CVE-2026-39821 affecting package skopeo for versions less than 1.14.4-11. A patched version of the package is available...

RHEL 9 : skopeo (RHSA-2026:20609)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20609 advisory. The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and...

RHEL 9 : skopeo (RHSA-2026:15941)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:15941 advisory. The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify...

RHEL 9 : skopeo (RHSA-2026:5234)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:5234 advisory. The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify file...

MiracleLinux 7 : skopeo-0.1.40-7.0.1.el7.AXS7 (AXSA:2020-072:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-072:01 advisory. proglottis/gpgme: Use-after-free in GPGME bindings during container image pull CVE-2020-8945 Tenable has extracted the preceding description block directly fr...

RHEL 10 : skopeo (RHSA-2025:23348)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:23348 advisory. The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify...

AZL-69296 CVE-2025-58183 affecting package skopeo for versions less than 1.14.2-13

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a...

AZL-66762 CVE-2025-58058 affecting package skopeo for versions less than 1.14.4-6

xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...

Oracle Linux 10 : skopeo (ELSA-2025-9149)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-9149 advisory. - Rebuild on new golang to fix CVE-2025-22871 - fixes 'CVE-2025-27144 skopeo: Go JOSE's Parsing Vulnerable to Denial of Service rhel-10.1' Tenable has extracte...

RHEL 9 : skopeo (RHSA-2025:9145)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:9145 advisory. The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify file...

RHEL 10 : skopeo (RHSA-2025:9149)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:9149 advisory. The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify...

RHEL 9 : skopeo (RHSA-2025:9065)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:9065 advisory. The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify file...

RHEL 10 : skopeo (RHSA-2025:7467)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:7467 advisory. The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify...

AZL-57096 CVE-2025-27144 affecting package skopeo for versions less than 1.14.4-4

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

AZL-35860 CVE-2024-28180 affecting package skopeo for versions less than 1.14.2-9

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

AZL-35672 CVE-2024-24786 affecting package skopeo for versions less than 1.14.4-1

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

AZL-35597 CVE-2024-24786 affecting package skopeo for versions less than 1.14.2-9

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...