apk package
chainguard/datadog-agent-s6-overlay-fips
pkg:apk/chainguard/datadog-agent-s6-overlay-fips
Vulnerabilities (53)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-24795 | — | < 7.63.1-r0 | 7.63.1-r0 | Jan 29, 2025 | The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. On Linux systems, when tempora | ||
| CVE-2025-24794 | — | < 7.63.1-r0 | 7.63.1-r0 | Jan 29, 2025 | The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. The OCSP response cache uses p | ||
| CVE-2025-24793 | — | < 7.63.1-r0 | 7.63.1-r0 | Jan 29, 2025 | The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. A function from the snowflake. | ||
| CVE-2025-21614 | — | < 7.60.1-r1 | 7.60.1-r1 | Jan 6, 2025 | go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted respons | ||
| CVE-2025-21613 | — | < 7.60.1-r1 | 7.60.1-r1 | Jan 6, 2025 | go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flag | ||
| CVE-2024-45338 | Med | 5.3 | < 7.59.1-r2 | 7.59.1-r2 | Dec 18, 2024 | An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service. | |
| CVE-2024-45337 | Cri | 9.1 | < 7.59.1-r1 | 7.59.1-r1 | Dec 12, 2024 | Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that | |
| CVE-2024-49750 | — | < 7.63.1-r0 | 7.63.1-r0 | Oct 24, 2024 | The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Prior to version 3.12.3, when the logging level was set by the user to DEBUG, the Connector could have logged Duo passcod | ||
| CVE-2024-34158 | Hig | 7.5 | < 7.64.1-r0 | 7.64.1-r0 | Sep 6, 2024 | Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. | |
| CVE-2024-34156 | Hig | 7.5 | < 7.64.1-r0 | 7.64.1-r0 | Sep 6, 2024 | Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. | |
| CVE-2024-34155 | Med | 4.3 | < 7.64.1-r0 | 7.64.1-r0 | Sep 6, 2024 | Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. | |
| CVE-2024-8260 | — | < 7.64.1-r0 | 7.64.1-r0 | Aug 30, 2024 | A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA | ||
| CVE-2024-41110 | Cri | 9.9 | < 7.64.1-r0 | 7.64.1-r0 | Jul 24, 2024 | Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood | |
| CVE-2024-6257 | — | < 7.54.1-r1 | 7.54.1-r1 | Jun 25, 2024 | HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution. | ||
| CVE-2024-36129 | — | < 7.54.0-r4 | 7.54.0-r4 | Jun 5, 2024 | The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version 0.102.1 | ||
| CVE-2024-24788 | Med | 5.9 | < 7.53.0-r1 | 7.53.0-r1 | May 8, 2024 | A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop. | |
| CVE-2024-24787 | Med | 6.4 | < 7.53.0-r1 | 7.53.0-r1 | May 8, 2024 | On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive. | |
| CVE-2024-0406 | — | < 7.54.0-r0 | 7.54.0-r0 | Apr 6, 2024 | A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or applic | ||
| CVE-2023-45288 | Hig | 7.5 | < 7.52.1-r3 | 7.52.1-r3 | Apr 4, 2024 | An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed Ma | |
| CVE-2024-29018 | — | < 7.52.0-r0 | 7.52.0-r0 | Mar 20, 2024 | Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows for many networks, each with their own IP address range and gateway, to be define |
- CVE-2025-24795Jan 29, 2025affected < 7.63.1-r0fixed 7.63.1-r0
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. On Linux systems, when tempora
- CVE-2025-24794Jan 29, 2025affected < 7.63.1-r0fixed 7.63.1-r0
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. The OCSP response cache uses p
- CVE-2025-24793Jan 29, 2025affected < 7.63.1-r0fixed 7.63.1-r0
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. A function from the snowflake.
- CVE-2025-21614Jan 6, 2025affected < 7.60.1-r1fixed 7.60.1-r1
go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted respons
- CVE-2025-21613Jan 6, 2025affected < 7.60.1-r1fixed 7.60.1-r1
go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flag
- affected < 7.59.1-r2fixed 7.59.1-r2
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.
- affected < 7.59.1-r1fixed 7.59.1-r1
Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that
- CVE-2024-49750Oct 24, 2024affected < 7.63.1-r0fixed 7.63.1-r0
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Prior to version 3.12.3, when the logging level was set by the user to DEBUG, the Connector could have logged Duo passcod
- affected < 7.64.1-r0fixed 7.64.1-r0
Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
- affected < 7.64.1-r0fixed 7.64.1-r0
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
- affected < 7.64.1-r0fixed 7.64.1-r0
Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.
- CVE-2024-8260Aug 30, 2024affected < 7.64.1-r0fixed 7.64.1-r0
A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA
- affected < 7.64.1-r0fixed 7.64.1-r0
Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood
- CVE-2024-6257Jun 25, 2024affected < 7.54.1-r1fixed 7.54.1-r1
HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution.
- CVE-2024-36129Jun 5, 2024affected < 7.54.0-r4fixed 7.54.0-r4
The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version 0.102.1
- affected < 7.53.0-r1fixed 7.53.0-r1
A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.
- affected < 7.53.0-r1fixed 7.53.0-r1
On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.
- CVE-2024-0406Apr 6, 2024affected < 7.54.0-r0fixed 7.54.0-r0
A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or applic
- affected < 7.52.1-r3fixed 7.52.1-r3
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed Ma
- CVE-2024-29018Mar 20, 2024affected < 7.52.0-r0fixed 7.52.0-r0
Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows for many networks, each with their own IP address range and gateway, to be define
Page 2 of 3