rpm package
opensuse/govulncheck-vulndb&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed
Vulnerabilities (690)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-61141 | Hig | 7.5 | < 0.0.20251105T184115-1.1 | 0.0.20251105T184115-1.1 | Oct 30, 2025 | sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands. | |
| CVE-2025-54471 | Med | 6.5 | < 0.0.20251105T184115-1.1 | 0.0.20251105T184115-1.1 | Oct 30, 2025 | NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations when NeuVector stores the data. | |
| CVE-2025-54470 | Hig | 8.6 | < 0.0.20251105T184115-1.1 | 0.0.20251105T184115-1.1 | Oct 30, 2025 | This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server. In affected versions, NeuVector does not enforce TLS certificate verif | |
| CVE-2025-54469 | Cri | 9.9 | < 0.0.20251105T184115-1.1 | 0.0.20251105T184115-1.1 | Oct 30, 2025 | A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTER_RPC_PORT and CLUSTER_LAN_PORT to generate a command to be executed via popen, without first sanitising their values. The entry process of the enforcer container is the monitor pr | |
| CVE-2025-61725 | Hig | 7.5 | < 0.0.20251029T215107-1.1 | 0.0.20251029T215107-1.1 | Oct 29, 2025 | The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption. | |
| CVE-2025-61724 | Med | 5.3 | < 0.0.20251029T215107-1.1 | 0.0.20251029T215107-1.1 | Oct 29, 2025 | The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption. | |
| CVE-2025-61723 | Hig | 7.5 | < 0.0.20251029T215107-1.1 | 0.0.20251029T215107-1.1 | Oct 29, 2025 | The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs. | |
| CVE-2025-58189 | Med | 5.3 | < 0.0.20251029T215107-1.1 | 0.0.20251029T215107-1.1 | Oct 29, 2025 | When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped. | |
| CVE-2025-58188 | Hig | 7.5 | < 0.0.20251029T215107-1.1 | 0.0.20251029T215107-1.1 | Oct 29, 2025 | Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains. | |
| CVE-2025-58187 | Hig | 7.5 | < 0.0.20251029T215107-1.1 | 0.0.20251029T215107-1.1 | Oct 29, 2025 | Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains. | |
| CVE-2025-58186 | Med | 5.3 | < 0.0.20251029T215107-1.1 | 0.0.20251029T215107-1.1 | Oct 29, 2025 | Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption. | |
| CVE-2025-58185 | Med | 5.3 | < 0.0.20251029T215107-1.1 | 0.0.20251029T215107-1.1 | Oct 29, 2025 | Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion. | |
| CVE-2025-58183 | Med | 4.3 | < 0.0.20251029T215107-1.1 | 0.0.20251029T215107-1.1 | Oct 29, 2025 | tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When r | |
| CVE-2025-47912 | Med | 5.3 | < 0.0.20251029T215107-1.1 | 0.0.20251029T215107-1.1 | Oct 29, 2025 | The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresse | |
| CVE-2025-64103 | Cri | 9.8 | < 0.0.20251105T184115-1.1 | 0.0.20251105T184115-1.1 | Oct 29, 2025 | Starting from 2.53.6, 2.54.3, and 2.55.0, Zitadel only required multi factor authentication in case the login policy has either enabled requireMFA or requireMFAForLocalUsers. If a user has set up MFA without this requirement, Zitadel would consider single factor auhtenticated ses | |
| CVE-2025-64102 | Cri | 9.8 | < 0.0.20251105T184115-1.1 | 0.0.20251105T184115-1.1 | Oct 29, 2025 | Zitadel is open-source identity infrastructure software. Prior to 4.6.0, 3.4.3, and 2.71.18, an attacker can perform an online brute-force attack on OTP, TOTP, and passwords. While Zitadel allows preventing online brute force attacks in scenarios like TOTP, Email OTP, or password | |
| CVE-2025-64101 | Hig | 8.1 | < 0.0.20251105T184115-1.1 | 0.0.20251105T184115-1.1 | Oct 29, 2025 | Zitadel is open-source identity infrastructure software. Prior to 4.6.0, 3.4.3, and 2.71.18, a potential vulnerability exists in ZITADEL's password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the passw | |
| CVE-2024-58269 | Med | 4.3 | < 0.0.20251105T184115-1.1 | 0.0.20251105T184115-1.1 | Oct 29, 2025 | A vulnerability has been identified in Rancher Manager, where sensitive information, including secret data, cluster import URLs, and registration tokens, is exposed to any entity with access to Rancher audit logs. | |
| CVE-2023-32199 | Med | 4.3 | < 0.0.20251105T184115-1.1 | 0.0.20251105T184115-1.1 | Oct 29, 2025 | A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a * on * in * rule for | |
| CVE-2025-11375 | Med | 6.5 | < 0.0.20251105T184115-1.1 | 0.0.20251105T184115-1.1 | Oct 28, 2025 | Consul and Consul Enterprise’s (“Consul”) event endpoint is vulnerable to denial of service (DoS) due to lack of maximum value on the Content Length header. This vulnerability, CVE-2025-11375, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20. |
- affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1
sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands.
- affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1
NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations when NeuVector stores the data.
- affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1
This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server. In affected versions, NeuVector does not enforce TLS certificate verif
- affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1
A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTER_RPC_PORT and CLUSTER_LAN_PORT to generate a command to be executed via popen, without first sanitising their values. The entry process of the enforcer container is the monitor pr
- affected < 0.0.20251029T215107-1.1fixed 0.0.20251029T215107-1.1
The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.
- affected < 0.0.20251029T215107-1.1fixed 0.0.20251029T215107-1.1
The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.
- affected < 0.0.20251029T215107-1.1fixed 0.0.20251029T215107-1.1
The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.
- affected < 0.0.20251029T215107-1.1fixed 0.0.20251029T215107-1.1
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.
- affected < 0.0.20251029T215107-1.1fixed 0.0.20251029T215107-1.1
Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.
- affected < 0.0.20251029T215107-1.1fixed 0.0.20251029T215107-1.1
Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.
- affected < 0.0.20251029T215107-1.1fixed 0.0.20251029T215107-1.1
Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.
- affected < 0.0.20251029T215107-1.1fixed 0.0.20251029T215107-1.1
Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.
- affected < 0.0.20251029T215107-1.1fixed 0.0.20251029T215107-1.1
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When r
- affected < 0.0.20251029T215107-1.1fixed 0.0.20251029T215107-1.1
The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresse
- affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1
Starting from 2.53.6, 2.54.3, and 2.55.0, Zitadel only required multi factor authentication in case the login policy has either enabled requireMFA or requireMFAForLocalUsers. If a user has set up MFA without this requirement, Zitadel would consider single factor auhtenticated ses
- affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1
Zitadel is open-source identity infrastructure software. Prior to 4.6.0, 3.4.3, and 2.71.18, an attacker can perform an online brute-force attack on OTP, TOTP, and passwords. While Zitadel allows preventing online brute force attacks in scenarios like TOTP, Email OTP, or password
- affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1
Zitadel is open-source identity infrastructure software. Prior to 4.6.0, 3.4.3, and 2.71.18, a potential vulnerability exists in ZITADEL's password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the passw
- affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1
A vulnerability has been identified in Rancher Manager, where sensitive information, including secret data, cluster import URLs, and registration tokens, is exposed to any entity with access to Rancher audit logs.
- affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1
A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a * on * in * rule for
- affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1
Consul and Consul Enterprise’s (“Consul”) event endpoint is vulnerable to denial of service (DoS) due to lack of maximum value on the Content Length header. This vulnerability, CVE-2025-11375, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.
Page 1 of 35