apk package
wolfi/dapr-daprd-1.15-oci-compat
pkg:apk/wolfi/dapr-daprd-1.15-oci-compat
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-10543 | — | < 1.15.13-r3 | 1.15.13-r3 | Dec 2, 2025 | In Eclipse Paho Go MQTT v3.1 library (paho.mqtt.golang) versions <=1.5.0 UTF-8 encoded strings, passed into the library, may be incorrectly encoded if their length exceeds 65535 bytes. This may lead to unexpected content in packets sent to the server (for example, part of an MQTT | ||
| CVE-2025-47914 | — | < 1.15.13-r2 | 1.15.13-r2 | Nov 19, 2025 | SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. | ||
| CVE-2025-58181 | — | < 1.15.13-r2 | 1.15.13-r2 | Nov 19, 2025 | SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption. | ||
| CVE-2025-63811 | — | < 1.15.13-r1 | 1.15.13-r1 | Nov 12, 2025 | An issue was discovered in dvsekhvalnov jose2go 1.5.0 thru 1.7.0 allowing an attacker to cause a Denial-of-Service (DoS) via crafted JSON Web Encryption (JWE) token with an exceptionally high compression ratio. | ||
| CVE-2025-4673 | Med | 6.8 | < 1.15.5-r2 | 1.15.5-r2 | Jun 11, 2025 | Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. | |
| CVE-2025-22874 | Hig | 7.5 | < 1.15.5-r2 | 1.15.5-r2 | Jun 11, 2025 | Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon. |
- CVE-2025-10543Dec 2, 2025affected < 1.15.13-r3fixed 1.15.13-r3
In Eclipse Paho Go MQTT v3.1 library (paho.mqtt.golang) versions <=1.5.0 UTF-8 encoded strings, passed into the library, may be incorrectly encoded if their length exceeds 65535 bytes. This may lead to unexpected content in packets sent to the server (for example, part of an MQTT
- CVE-2025-47914Nov 19, 2025affected < 1.15.13-r2fixed 1.15.13-r2
SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.
- CVE-2025-58181Nov 19, 2025affected < 1.15.13-r2fixed 1.15.13-r2
SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.
- CVE-2025-63811Nov 12, 2025affected < 1.15.13-r1fixed 1.15.13-r1
An issue was discovered in dvsekhvalnov jose2go 1.5.0 thru 1.7.0 allowing an attacker to cause a Denial-of-Service (DoS) via crafted JSON Web Encryption (JWE) token with an exceptionally high compression ratio.
- affected < 1.15.5-r2fixed 1.15.5-r2
Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.
- affected < 1.15.5-r2fixed 1.15.5-r2
Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.