rpm package
opensuse/google-osconfig-agent&distro=openSUSE Leap 15.6
pkg:rpm/opensuse/google-osconfig-agent&distro=openSUSE%20Leap%2015.6
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-22868 | — | < 20250115.01-150000.1.47.1 | 20250115.01-150000.1.47.1 | Feb 26, 2025 | An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. | ||
| CVE-2024-45339 | Hig | 7.1 | < 20250416.02-150000.1.50.1 | 20250416.02-150000.1.50.1 | Jan 28, 2025 | When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and | |
| CVE-2024-24790 | — | < 20250115.01-150000.1.41.1 | 20250115.01-150000.1.41.1 | Jun 5, 2024 | The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. |
- CVE-2025-22868Feb 26, 2025affected < 20250115.01-150000.1.47.1fixed 20250115.01-150000.1.47.1
An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.
- affected < 20250416.02-150000.1.50.1fixed 20250416.02-150000.1.50.1
When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and
- CVE-2024-24790Jun 5, 2024affected < 20250115.01-150000.1.41.1fixed 20250115.01-150000.1.41.1
The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.