VYPR

apk package

wolfi/datadog-agent-7.72-core-integrations

pkg:apk/wolfi/datadog-agent-7.72-core-integrations

Vulnerabilities (11)

  • CVE-2026-44405LowMay 6, 2026
    affected < 7.72.4-r21fixed 7.72.4-r21

    In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm.

  • CVE-2026-6357MedApr 27, 2026
    affected < 7.72.4-r22fixed 7.72.4-r22

    pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update funct

  • CVE-2026-3219MedApr 20, 2026
    affected < 7.72.4-r22fixed 7.72.4-r22

    pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior

  • CVE-2026-39892CriApr 8, 2026
    affected < 7.72.4-r27fixed 7.72.4-r27

    cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulner

  • CVE-2026-34073MedMar 31, 2026
    affected < 7.72.4-r27fixed 7.72.4-r27

    cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently

  • CVE-2026-26007Feb 10, 2026
    affected < 7.72.4-r27fixed 7.72.4-r27

    cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the public_key_from_numbers (or EllipticCurvePublicNumbers.public_key()), EllipticCurvePublicNumbers.public_key(), load_der_public_key() and load_pem_public_ke

  • CVE-2026-1703LowFeb 2, 2026
    affected < 7.72.4-r8fixed 7.72.4-r8

    When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situat

  • CVE-2025-66471Dec 5, 2025
    affected < 7.72.4-r22fixed 7.72.4-r22

    urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chu

  • CVE-2025-66418Dec 5, 2025
    affected < 7.72.4-r22fixed 7.72.4-r22

    urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage a

  • CVE-2025-50181Jun 19, 2025
    affected < 7.72.4-r22fixed 7.72.4-r22

    urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An appl

  • CVE-2025-47273May 17, 2025
    affected < 0fixed 0

    setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on