VYPR

rpm package

opensuse/cmctl&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/cmctl&distro=openSUSE%20Tumbleweed

Vulnerabilities (10)

  • CVE-2026-32952MedApr 24, 2026
    affected < 2.5.0-1.1fixed 2.5.0-1.1

    go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using `ntlmssp.Negotiator` as an HTTP transport. Version 0.1.1 patc

  • CVE-2025-68121CriFeb 5, 2026
    affected < 2.4.1-1.1fixed 2.4.1-1.1

    During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and

  • CVE-2025-53547Jul 8, 2025
    affected < 2.3.0-1.1fixed 2.3.0-1.1

    Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lo

  • CVE-2024-40635Mar 17, 2025
    affected < 2.2.0-1.1fixed 2.2.0-1.1

    containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a `UID:GID` larger than the maximum 32-bit signed integer can cause an overflow condition where the container ult

  • CVE-2023-45288HigApr 4, 2024
    affected < 1.14.5-1.1fixed 1.14.5-1.1

    An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed Ma

  • CVE-2024-28180Mar 9, 2024
    affected < 1.14.5-1.1fixed 1.14.5-1.1

    Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now ret

  • CVE-2024-26147Feb 21, 2024
    affected < 1.14.4-1.1fixed 1.14.4-1.1

    Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an `index.yaml` file or a plugins `plugin.yaml` file were missing all m

  • CVE-2023-39325Oct 11, 2023
    affected < 1.13.2-1.1fixed 1.13.2-1.1

    A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attack

  • CVE-2023-44487HigKEVOct 10, 2023
    affected < 1.13.2-1.1fixed 1.13.2-1.1

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2022-23525Dec 15, 2022
    affected < 1.10.2-1.1fixed 1.10.2-1.1

    Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in the _repo_package. The _repo_ package contains a handler that processes the index file of a repository. For example, the Helm client adds r