VYPR

rpm package

opensuse/govulncheck-vulndb&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed

Vulnerabilities (690)

  • CVE-2025-4057MedMay 26, 2025
    affected < 0.0.20250529T205903-1.1fixed 0.0.20250529T205903-1.1

    A flaw was found in ActiveMQ Artemis. The password generated by activemq-artemis-operator does not regenerate between separated CR dependencies.

  • CVE-2025-48371May 22, 2025
    affected < 0.0.20250527T204717-1.1fixed 0.0.20250527T204717-1.1

    OpenFGA is an authorization/permission engine. OpenFGA versions 1.8.0 through 1.8.12 (corresponding to Helm chart openfga-0.2.16 through openfga-0.2.30 and docker 1.8.0 through 1.8.12) are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Us

  • CVE-2025-48374MedMay 22, 2025
    affected < 0.0.20250527T204717-1.1fixed 0.0.20250527T204717-1.1

    zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. Prior to version 2.1.3 (corresponding to pseudoversion 1.4.4-0.20250522160828-8a99a3ed231f), when using Keycloak as an oidc provider, the clientsecret gets printed into t

  • CVE-2025-48075May 22, 2025
    affected < 0.0.20250527T204717-1.1fixed 0.0.20250527T204717-1.1

    Fiber is an Express-inspired web framework written in Go. Starting in version 2.52.6 and prior to version 2.52.7, `fiber.Ctx.BodyParser` can map flat data to nested slices using `key[idx]value` syntax, but when idx is negative, it causes a panic instead of returning an error stat

  • CVE-2025-4123HigMay 22, 2025
    affected < 0.0.20250527T204717-1.1fixed 0.0.20250527T204717-1.1

    A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not requir

  • CVE-2025-48069MedMay 21, 2025
    affected < 0.0.20250523T151856-1.1fixed 0.0.20250523T151856-1.1

    ejson2env allows users to decrypt EJSON secrets and export them as environment variables. Prior to version 2.0.8, the `ejson2env` tool has a vulnerability related to how it writes to `stdout`. Specifically, the tool is intended to write an export statement for environment variabl

  • CVE-2025-47291May 21, 2025
    affected < 0.0.20250523T151856-1.1fixed 0.0.20250523T151856-1.1

    containerd is an open-source container runtime. A bug was found in the containerd's CRI implementation where containerd, starting in version 2.0.1 and prior to version 2.0.5, doesn't put usernamespaced containers under the Kubernetes' cgroup hierarchy, therefore some Kubernetes l

  • CVE-2025-5031LowMay 21, 2025
    affected < 0.0.20250523T151856-1.1fixed 0.0.20250523T151856-1.1

    A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the component wxapkg File Decompression Handler. The manipulation leads to resource consumption. The attack may be initiated remotely. The

  • CVE-2025-5030May 21, 2025
    affected < 0.0.20250730T213748-1.1fixed 0.0.20250730T213748-1.1

    A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been declared as critical. This vulnerability affects the function processFile of the file internal/unpack/unpack.go of the component wxapkg File Parser. The manipulation leads to os command injection. The attack

  • CVE-2025-48056MedMay 20, 2025
    affected < 0.0.20250523T151856-1.1fixed 0.0.20250523T151856-1.1

    Hubble is a fully distributed networking and security observability platform for cloud native workloads. Prior to version 1.17.2, a network attacker could inject malicious control characters into Hubble CLI terminal output, potentially leading to loss of integrity and manipulatio

  • CVE-2025-47290May 20, 2025
    affected < 0.0.20250523T151856-1.1fixed 0.0.20250523T151856-1.1

    containerd is a container runtime. A time-of-check to time-of-use (TOCTOU) vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system. The only affected version of c

  • CVE-2025-47284May 19, 2025
    affected < 0.0.20250523T151856-1.1fixed 0.0.20250523T151856-1.1

    Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in the `gardenlet` component of Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0. It could allow a user with administrative pri

  • CVE-2025-47283May 19, 2025
    affected < 0.0.20250523T151856-1.1fixed 0.0.20250523T151856-1.1

    Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 that could allow a user with administrative privileges for a Gardener proje

  • CVE-2025-47282CriMay 19, 2025
    affected < 0.0.20250523T151856-1.1fixed 0.0.20250523T151856-1.1

    Gardener External DNS Management is an environment to manage external DNS entries for a kubernetes cluster. A security vulnerability was discovered in Gardener's External DNS Management prior to version 0.23.6 that could allow a user with administrative privileges for a Gardener

  • CVE-2025-1975May 16, 2025
    affected < 0.0.20250523T151856-1.1fixed 0.0.20250523T151856-1.1

    A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull en

  • CVE-2024-40120May 16, 2025
    affected < 0.0.20250523T151856-1.1fixed 0.0.20250523T151856-1.1

    seaweedfs v3.68 was discovered to contain a SQL injection vulnerability via the component /abstract_sql/abstract_sql_store.go.

  • CVE-2025-2570May 15, 2025
    affected < 0.0.20250523T151856-1.1fixed 0.0.20250523T151856-1.1

    Mattermost versions 10.5.x <= 10.5.3, 9.11.x <= 9.11.11 fail to check `RestrictSystemAdmin` setting if user doesn't have access to `ExperimentalSettings` which allows a System Manager to access `ExperimentSettings` when `RestrictSystemAdmin` is true via System Console.

  • CVE-2025-2527May 15, 2025
    affected < 0.0.20250523T151856-1.1fixed 0.0.20250523T151856-1.1

    Mattermost versions 10.5.x <= 10.5.2, 9.11.x <= 9.11.11 failed to properly verify a user's permissions when accessing groups, which allows an attacker to view group information via an API request.

  • CVE-2025-3446May 15, 2025
    affected < 0.0.20250523T151856-1.1fixed 0.0.20250523T151856-1.1

    Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4.4, 9.11.x <= 9.11.11 fail to check the correct permissions which allows authenticated users who only have permission to invite non-guest users to a team to add guest users to that team via the API to add a sin

  • CVE-2025-31947May 15, 2025
    affected < 0.0.20250523T151856-1.1fixed 0.0.20250523T151856-1.1

    Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4.4, 9.11.x <= 9.11.11 fail to lockout LDAP users following repeated login failures, which allows attackers to lock external LDAP accounts through repeated login failures through Mattermost.

Page 14 of 35