VYPR

rpm package

opensuse/etcd&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/etcd&distro=openSUSE%20Tumbleweed

Vulnerabilities (10)

  • CVE-2025-30204HigMar 21, 2025
    affected < 3.5.21-1.1fixed 3.5.21-1.1

    golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a maliciou

  • CVE-2023-48795MedDec 18, 2023
    affected < 3.5.12-1.1fixed 3.5.12-1.1

    The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end

  • CVE-2023-47108Nov 10, 2023
    affected < 3.5.11-1.1fixed 3.5.11-1.1

    OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality.

  • CVE-2021-28235Apr 4, 2023
    affected < 3.5.8-1.1fixed 3.5.8-1.1

    Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function.

  • CVE-2020-15106Aug 5, 2020
    affected < 3.4.16-3.1fixed 3.4.16-3.1

    In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that

  • CVE-2019-11254Apr 1, 2020
    affected < 3.5.2-1.1fixed 3.5.2-1.1

    The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.

  • CVE-2018-16886Jan 14, 2019
    affected < 3.4.16-3.1fixed 3.4.16-3.1

    etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name (CN) which matches a valid R

  • CVE-2018-16875Dec 14, 2018
    affected < 3.4.16-3.1fixed 3.4.16-3.1

    The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates

  • CVE-2018-16874Dec 14, 2018
    affected < 3.4.16-3.1fixed 3.4.16-3.1

    In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but

  • CVE-2018-16873Dec 14, 2018
    affected < 3.4.16-3.1fixed 3.4.16-3.1

    In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPA