5 matches found
CVE-2026-42502 affecting package packer for versions less than 1.9.5-14
CVE-2026-42502 affecting package packer for versions less than 1.9.5-14. A patched version of the package is available...
CVE-2026-39829 affecting package packer for versions less than 1.9.5-14
CVE-2026-39829 affecting package packer for versions less than 1.9.5-14. A patched version of the package is available...
CVE-2025-58058 affecting package packer for versions less than 1.9.5-15
CVE-2025-58058 affecting package packer for versions less than 1.9.5-15. A patched version of the package is available...
AZL-42943 CVE-2024-6104 affecting package packer for versions less than 1.9.5-2
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...
AZL-32225 CVE-2023-48795 affecting package packer for versions less than 1.9.5-3
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...