apk package

wolfi/datadog-agent-oci-compat

pkg:apk/wolfi/datadog-agent-oci-compat

Vulnerabilities (58)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2025-24793		—	< 7.63.1-r0	7.63.1-r0	Jan 29, 2025	The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. A function from the snowflake.
CVE-2025-21614		—	< 7.60.1-r1	7.60.1-r1	Jan 6, 2025	go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted respons
CVE-2025-21613		—	< 7.60.1-r1	7.60.1-r1	Jan 6, 2025	go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flag
CVE-2024-45338	Med	5.3	< 7.59.1-r2	7.59.1-r2	Dec 18, 2024	An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.
CVE-2024-45337	Cri	9.1	< 7.59.1-r1	7.59.1-r1	Dec 12, 2024	Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that
CVE-2024-49750		—	< 7.63.1-r0	7.63.1-r0	Oct 24, 2024	The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Prior to version 3.12.3, when the logging level was set by the user to DEBUG, the Connector could have logged Duo passcod
CVE-2024-34158	Hig	7.5	< 7.56.2-r1	7.56.2-r1	Sep 6, 2024	Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
CVE-2024-34156	Hig	7.5	< 7.56.2-r1	7.56.2-r1	Sep 6, 2024	Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
CVE-2024-34155	Med	4.3	< 7.56.2-r1	7.56.2-r1	Sep 6, 2024	Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.
CVE-2024-8260		—	< 7.56.2-r2	7.56.2-r2	Aug 30, 2024	A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA
CVE-2024-41110	Cri	9.9	< 7.55.2-r1	7.55.2-r1	Jul 24, 2024	Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood
CVE-2024-3651		—	< 7.54.0-r0	7.54.0-r0	Jul 7, 2024	A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service co
CVE-2024-39689		—	< 7.55.2-r0	7.55.2-r0	Jul 5, 2024	Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.7.04 removes ro
CVE-2024-24791	Hig	7.5	< 7.54.1-r2	7.54.1-r2	Jul 2, 2024	The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the co
CVE-2024-6257		—	< 7.54.1-r1	7.54.1-r1	Jun 25, 2024	HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution.
CVE-2024-37891		—	< 7.55.2-r0	7.55.2-r0	Jun 17, 2024	urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it'
CVE-2024-35255		—	< 7.56.0-r0	7.56.0-r0	Jun 11, 2024	Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
CVE-2024-36129		—	< 7.54.0-r3	7.54.0-r3	Jun 5, 2024	The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version 0.102.1
CVE-2024-24789		—	< 7.54.0-r2	7.54.0-r2	Jun 5, 2024	The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip pac
CVE-2024-24790		—	< 7.54.0-r2	7.54.0-r2	Jun 5, 2024	The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.

CVE-2025-24793Jan 29, 2025
affected < 7.63.1-r0fixed 7.63.1-r0
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. A function from the snowflake.
CVE-2025-21614Jan 6, 2025
affected < 7.60.1-r1fixed 7.60.1-r1
go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted respons
CVE-2025-21613Jan 6, 2025
affected < 7.60.1-r1fixed 7.60.1-r1
go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flag
CVE-2024-45338MedDec 18, 2024
affected < 7.59.1-r2fixed 7.59.1-r2
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.
CVE-2024-45337CriDec 12, 2024
affected < 7.59.1-r1fixed 7.59.1-r1
Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that
CVE-2024-49750Oct 24, 2024
affected < 7.63.1-r0fixed 7.63.1-r0
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Prior to version 3.12.3, when the logging level was set by the user to DEBUG, the Connector could have logged Duo passcod
CVE-2024-34158HigSep 6, 2024
affected < 7.56.2-r1fixed 7.56.2-r1
Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
CVE-2024-34156HigSep 6, 2024
affected < 7.56.2-r1fixed 7.56.2-r1
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
CVE-2024-34155MedSep 6, 2024
affected < 7.56.2-r1fixed 7.56.2-r1
Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.
CVE-2024-8260Aug 30, 2024
affected < 7.56.2-r2fixed 7.56.2-r2
A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument to OPA CLI or to one of the OPA
CVE-2024-41110CriJul 24, 2024
affected < 7.55.2-r1fixed 7.55.2-r1
Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood
CVE-2024-3651Jul 7, 2024
affected < 7.54.0-r0fixed 7.54.0-r0
A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service co
CVE-2024-39689Jul 5, 2024
affected < 7.55.2-r0fixed 7.55.2-r0
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.7.04 removes ro
CVE-2024-24791HigJul 2, 2024
affected < 7.54.1-r2fixed 7.54.1-r2
The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the co
CVE-2024-6257Jun 25, 2024
affected < 7.54.1-r1fixed 7.54.1-r1
HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution.
CVE-2024-37891Jun 17, 2024
affected < 7.55.2-r0fixed 7.55.2-r0
urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it'
CVE-2024-35255Jun 11, 2024
affected < 7.56.0-r0fixed 7.56.0-r0
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
CVE-2024-36129Jun 5, 2024
affected < 7.54.0-r3fixed 7.54.0-r3
The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version 0.102.1
CVE-2024-24789Jun 5, 2024
affected < 7.54.0-r2fixed 7.54.0-r2
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip pac
CVE-2024-24790Jun 5, 2024
affected < 7.54.0-r2fixed 7.54.0-r2
The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.

Page 2 of 3