VYPR

rpm package

opensuse/govulncheck-vulndb&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed

Vulnerabilities (690)

  • CVE-2025-52996Jun 30, 2025
    affected < 0.0.20250730T213748-1.1fixed 0.0.20250730T213748-1.1

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In versions 2.32.0 and prior, the implementation of password protected links is error-prone, resulting in potential unprotected shari

  • CVE-2025-52995Jun 30, 2025
    affected < 0.0.20250730T213748-1.1fixed 0.0.20250730T213748-1.1

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.10, the implementation of the allowlist is erroneous, allowing a user to execute more shell commands than they

  • CVE-2025-52901Jun 30, 2025
    affected < 0.0.20250730T213748-1.1fixed 0.0.20250730T213748-1.1

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.9, access tokens are used as GET parameters. The JSON Web Token (JWT) which is used as a session identifier wil

  • CVE-2025-47871Jun 30, 2025
    affected < 0.0.20250730T213748-1.1fixed 0.0.20250730T213748-1.1

    Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly validate channel membership when retrieving playbook run metadata, allowing authenticated users who are playbook members but not channel members to acces

  • CVE-2025-46702Jun 30, 2025
    affected < 0.0.20250730T213748-1.1fixed 0.0.20250730T213748-1.1

    Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly enforce channel member management permissions when adding participants to playbook runs. This allows authenticated users with member-level permissions to

  • CVE-2025-52904HigJun 26, 2025
    affected < 0.0.20250730T213748-1.1fixed 0.0.20250730T213748-1.1

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In versions of the web application on the 2.x branch, all users have a scope assigned, and they only have access to the files within

  • CVE-2025-52903HigJun 26, 2025
    affected < 0.0.20250730T213748-1.1fixed 0.0.20250730T213748-1.1

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In versions on the 2.x branch prior to 2.33.10, the Command Execution feature of File Browser only allows the execution of shell comm

  • CVE-2025-52477HigJun 26, 2025
    affected < 0.0.20250730T213748-1.1fixed 0.0.20250730T213748-1.1

    Octo-STS is a GitHub App that acts like a Security Token Service (STS) for the GitHub API. Octo-STS versions before v0.5.3 are vulnerable to unauthenticated SSRF by abusing fields in OpenID Connect tokens. Malicious tokens were shown to trigger internal network requests which cou

  • CVE-2025-52902Jun 26, 2025
    affected < 0.0.20250730T213748-1.1fixed 0.0.20250730T213748-1.1

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The Markdown preview function of File Browser prior to v2.33.7 is vulnerable to Stored Cross-Site-Scripting (XSS). Any JavaScript cod

  • CVE-2025-52900Jun 26, 2025
    affected < 0.0.20250730T213748-1.1fixed 0.0.20250730T213748-1.1

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The file access permissions for files uploaded to or created from File Browser are never explicitly set by the application. The same

  • CVE-2025-6624HigJun 26, 2025
    affected < 0.0.20250730T213748-1.1fixed 0.0.20250730T213748-1.1

    Versions of the package snyk before 1.1297.3 are vulnerable to Insertion of Sensitive Information into Log File through local Snyk CLI debug logs. Container Registry credentials provided via environment variables or command line arguments can be exposed when executing Snyk CLI in

  • CVE-2025-52890HigJun 25, 2025
    affected < 0.0.20250730T213748-1.1fixed 0.0.20250730T213748-1.1

    Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus versions 6.12 and 6.13generates nftables rules that partially bypass security options `security.mac_filtering`, `security.ipv4_filtering` and `security.ipv6_filteri

  • CVE-2025-52889LowJun 25, 2025
    affected < 0.0.20250730T213748-1.1fixed 0.0.20250730T213748-1.1

    Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus version 6.12 and 6.13 generates nftables rules for local services (DHCP, DNS...) that partially bypass security options `security.mac_filtering`, `security.ipv4_fil

  • CVE-2025-52894Jun 25, 2025
    affected < 0.0.20250730T213748-1.1fixed 0.0.20250730T213748-1.1

    OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 allowed an attacker to perform unauthenticated, unaudited cancellation of root rekey and recovery rekey operations, effec

  • CVE-2025-52893Jun 25, 2025
    affected < 0.0.20250730T213748-1.1fixed 0.0.20250730T213748-1.1

    OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 may leak sensitive information in logs when processing malformed data. This is separate from the earlier HCSEC-2025-09 /

  • CVE-2025-4656Jun 25, 2025
    affected < 0.0.20250730T213748-1.1fixed 0.0.20250730T213748-1.1

    Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled cancellation by a Vault operator. This vulnerability (CVE-2025-4656) has been remediated in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.

  • CVE-2025-6032HigJun 24, 2025
    affected < 0.0.20250730T213748-1.1fixed 0.0.20250730T213748-1.1

    A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.

  • CVE-2025-47943MedJun 24, 2025
    affected < 0.0.20250730T213748-1.1fixed 0.0.20250730T213748-1.1

    Gogs is an open source self-hosted Git service. In application version 0.14.0+dev and prior, there is a stored cross-site scripting (XSS) vulnerability present in Gogs, which allows client-side Javascript code execution. The vulnerability is caused by the usage of a vulnerable an

  • CVE-2024-56731Jun 24, 2025
    affected < 0.0.20250730T213748-1.1fixed 0.0.20250730T213748-1.1

    Gogs is an open source self-hosted Git service. Prior to version 0.13.3, it's still possible to delete files under the .git directory and achieve remote command execution due to an insufficient patch for CVE-2024-39931. Unprivileged user accounts can execute arbitrary commands on

  • CVE-2025-4563LowJun 23, 2025
    affected < 0.0.20250730T213748-1.1fixed 0.0.20250730T213748-1.1

    A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When the DynamicResourceAllocation feature gate is enabled, the controller properly validates resource claim statuses during pod status upda

Page 11 of 35