VYPR

apk package

wolfi/dogstatsd-7.77

pkg:apk/wolfi/dogstatsd-7.77

Vulnerabilities (13)

  • CVE-2026-53488higJun 19, 2026
    affected < 7.77.3-r17fixed 7.77.3-r17

    ### Impact A bug was found in containerd where the CRI plugin propagates labels from an image config (`LABEL` instruction in Dockerfile) to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels f

  • CVE-2026-47262Jun 19, 2026
    affected < 7.77.3-r17fixed 7.77.3-r17

    ### Impact A vulnerability in containerd allows a maliciously crafted image to cause a Denial of Service (DoS) condition. When creating a container from this image, memory exhaustion occurs, leading to an Out Of Memory (OOM) kill of the containerd process. This renders the contai

  • CVE-2026-42506MedMay 22, 2026
    affected < 7.77.3-r11fixed 7.77.3-r11

    Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.

  • CVE-2026-42502MedMay 22, 2026
    affected < 7.77.3-r11fixed 7.77.3-r11

    Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.

  • CVE-2026-39821CriMay 22, 2026
    affected < 7.77.3-r11fixed 7.77.3-r11

    The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode("xn--example-.com") incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in program

  • CVE-2026-27136MedMay 22, 2026
    affected < 7.77.3-r11fixed 7.77.3-r11

    Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.

  • CVE-2026-25681MedMay 22, 2026
    affected < 7.77.3-r11fixed 7.77.3-r11

    Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.

  • CVE-2026-25680MedMay 22, 2026
    affected < 7.77.3-r11fixed 7.77.3-r11

    Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service.

  • CVE-2026-46680higMay 21, 2026
    affected < 7.77.3-r13fixed 7.77.3-r13

    ### Impact A bug was found in containerd where containers launched with a numeric `User` directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username. If a crafted image provides an `/etc/passwd` file mapping this large numeric string to root, the con

  • CVE-2026-33814HigMay 7, 2026
    affected < 7.77.3-r10fixed 7.77.3-r10

    When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.

  • CVE-2026-29181HigApr 7, 2026
    affected < 7.77.3-r4fixed 7.77.3-r4

    OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations by sending many bagg

  • CVE-2026-27141HigFeb 26, 2026
    affected < 7.77.3-r1fixed 7.77.3-r1

    Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic

  • CVE-2025-67499Dec 9, 2025
    affected < 7.77.3-r14fixed 7.77.3-r14

    The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. Versions 1.6.0 through 1.8.0 inadvertently forward all traffic with the same destination port as the host port when the portmap plugin is configured with the nftabl