VYPR

rpm package

opensuse/govulncheck-vulndb&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed

Vulnerabilities (690)

  • CVE-2025-3228Jun 20, 2025
    affected < 0.0.20250730T213748-1.1fixed 0.0.20250730T213748-1.1

    Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly retrieve requestorInfo from playbooks handler for guest users which allows an attacker access to the playbook run.

  • CVE-2025-3227Jun 20, 2025
    affected < 0.0.20250730T213748-1.1fixed 0.0.20250730T213748-1.1

    Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly enforce channel member management permissions in playbook runs, allowing authenticated users without the 'Manage Channel Members' permission to add or re

  • CVE-2025-4981Jun 20, 2025
    affected < 0.0.20250730T213748-1.1fixed 0.0.20250730T213748-1.1

    Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to sanitize filenames in the archive extractor which allows authenticated users to write files to arbitrary locations on the filesystem via uploading archives with p

  • CVE-2025-6264Jun 20, 2025
    affected < 0.0.20250730T213748-1.1fixed 0.0.20250730T213748-1.1

    Velociraptor allows collection of VQL queries packaged into Artifacts from endpoints. These artifacts can be used to do anything and usually run with elevated permissions.  To limit access to some dangerous artifact, Velociraptor allows for those to require high permissions like

  • CVE-2025-1088LowJun 18, 2025
    affected < 0.0.20250730T213748-1.1fixed 0.0.20250730T213748-1.1

    In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana. This issue affects Grafana: before 11.6.2 and is fixed in 11.6.2 and higher.

  • CVE-2025-5981Jun 18, 2025
    affected < 0.0.20250730T213748-1.1fixed 0.0.20250730T213748-1.1

    Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack() function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images.

  • CVE-2025-49825CriJun 17, 2025
    affected < 0.0.20250730T213748-1.1fixed 0.0.20250730T213748-1.1

    Teleport provides connectivity, authentication, access controls and audit for infrastructure. Community Edition versions before and including 17.5.1 are vulnerable to remote authentication bypass. At time of posting, there is no available open-source patch.

  • CVE-2025-5689Jun 16, 2025
    affected < 0.0.20250730T213748-1.1fixed 0.0.20250730T213748-1.1

    A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session.

  • CVE-2024-44906Jun 12, 2025
    affected < 0.0.20250730T213748-1.1fixed 0.0.20250730T213748-1.1

    uptrace pgdriver v1.2.1 was discovered to contain a SQL injection vulnerability via the appendArg function in /pgdriver/format.go. The maintainer has stated that the issue is fixed in v1.2.15.

  • CVE-2024-44905Jun 12, 2025
    affected < 0.0.20250730T213748-1.1fixed 0.0.20250730T213748-1.1

    go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/append_value.go.

  • CVE-2025-0913Jun 11, 2025
    affected < 0.0.20250612T141001-1.1fixed 0.0.20250612T141001-1.1

    os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent loca

  • CVE-2025-4673MedJun 11, 2025
    affected < 0.0.20250612T141001-1.1fixed 0.0.20250612T141001-1.1

    Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.

  • CVE-2025-22874HigJun 11, 2025
    affected < 0.0.20250612T141001-1.1fixed 0.0.20250612T141001-1.1

    Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.

  • CVE-2025-4922Jun 11, 2025
    affected < 0.0.20250730T213748-1.1fixed 0.0.20250730T213748-1.1

    Nomad Community and Nomad Enterprise (“Nomad”) prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability, identified as CVE-2025-4922, is fixed in Nomad Community Edition 1.10.2 and Nomad Enterprise 1.10.2, 1.9.10, and 1.8.14.

  • CVE-2025-4128Jun 11, 2025
    affected < 0.0.20250612T141001-1.1fixed 0.0.20250612T141001-1.1

    Mattermost versions 10.5.x <= 10.5.4, 9.11.x <= 9.11.13 fail to properly restrict API access to team information, allowing guest users to bypass permissions and view information about public teams they are not members of via a direct API call to /api/v4/teams/{team_id}.

  • CVE-2025-4573Jun 11, 2025
    affected < 0.0.20250612T141001-1.1fixed 0.0.20250612T141001-1.1

    Mattermost versions 10.7.x <= 10.7.1, 10.6.x <= 10.6.3, 10.5.x <= 10.5.4, 9.11.x <= 9.11.13 fail to properly validate LDAP group ID attributes, allowing an authenticated administrator with PermissionSysconsoleWriteUserManagementGroups permission to execute LDAP search filter inje

  • CVE-2025-49140HigJun 9, 2025
    affected < 0.0.20250612T141001-1.1fixed 0.0.20250612T141001-1.1

    Pion Interceptor is a framework for building RTP/RTCP communication software. Versions v0.1.36 through v0.1.38 contain a bug in a RTP packet factory that can be exploited to trigger a panic with Pion based SFU via crafted RTP packets, This only affect users that use pion/intercep

  • CVE-2025-49136Jun 9, 2025
    affected < 0.0.20250612T141001-1.1fixed 0.0.20250612T141001-1.1

    listmonk is a standalone, self-hosted, newsletter and mailing list manager. Starting in version 4.0.0 and prior to version 5.0.2, the `env` and `expandenv` template functions which is enabled by default in Sprig enables capturing of env variables on host. While this may not be a

  • CVE-2025-25208MedJun 9, 2025
    affected < 0.0.20250612T141001-1.1fixed 0.0.20250612T141001-1.1

    A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster

  • CVE-2025-25207MedJun 9, 2025
    affected < 0.0.20250612T141001-1.1fixed 0.0.20250612T141001-1.1

    The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is completed. It was found that an a

Page 12 of 35