rpm package
opensuse/google-guest-agent&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/google-guest-agent&distro=openSUSE%20Tumbleweed
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-34986 | Hig | 7.5 | < 20260402.00-2.1 | 20260402.00-2.1 | Apr 6, 2026 | Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JW | |
| CVE-2025-22868 | — | < 20250116.00-3.1 | 20250116.00-3.1 | Feb 26, 2025 | An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. | ||
| CVE-2024-45337 | Cri | 9.1 | < 20250327.01-1.1 | 20250327.01-1.1 | Dec 12, 2024 | Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that | |
| CVE-2021-38297 | — | < 20230221.00-2.1 | 20230221.00-2.1 | Oct 18, 2021 | Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used. |
- affected < 20260402.00-2.1fixed 20260402.00-2.1
Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JW
- CVE-2025-22868Feb 26, 2025affected < 20250116.00-3.1fixed 20250116.00-3.1
An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.
- affected < 20250327.01-1.1fixed 20250327.01-1.1
Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that
- CVE-2021-38297Oct 18, 2021affected < 20230221.00-2.1fixed 20230221.00-2.1
Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.