rpm package
opensuse/govulncheck-vulndb&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed
Vulnerabilities (690)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-4057 | Med | 5.5 | < 0.0.20250529T205903-1.1 | 0.0.20250529T205903-1.1 | May 26, 2025 | A flaw was found in ActiveMQ Artemis. The password generated by activemq-artemis-operator does not regenerate between separated CR dependencies. | |
| CVE-2025-48371 | — | < 0.0.20250527T204717-1.1 | 0.0.20250527T204717-1.1 | May 22, 2025 | OpenFGA is an authorization/permission engine. OpenFGA versions 1.8.0 through 1.8.12 (corresponding to Helm chart openfga-0.2.16 through openfga-0.2.30 and docker 1.8.0 through 1.8.12) are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Us | ||
| CVE-2025-48374 | Med | — | < 0.0.20250527T204717-1.1 | 0.0.20250527T204717-1.1 | May 22, 2025 | zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. Prior to version 2.1.3 (corresponding to pseudoversion 1.4.4-0.20250522160828-8a99a3ed231f), when using Keycloak as an oidc provider, the clientsecret gets printed into t | |
| CVE-2025-48075 | — | < 0.0.20250527T204717-1.1 | 0.0.20250527T204717-1.1 | May 22, 2025 | Fiber is an Express-inspired web framework written in Go. Starting in version 2.52.6 and prior to version 2.52.7, `fiber.Ctx.BodyParser` can map flat data to nested slices using `key[idx]value` syntax, but when idx is negative, it causes a panic instead of returning an error stat | ||
| CVE-2025-4123 | Hig | 7.6 | < 0.0.20250527T204717-1.1 | 0.0.20250527T204717-1.1 | May 22, 2025 | A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not requir | |
| CVE-2025-48069 | Med | 6.6 | < 0.0.20250523T151856-1.1 | 0.0.20250523T151856-1.1 | May 21, 2025 | ejson2env allows users to decrypt EJSON secrets and export them as environment variables. Prior to version 2.0.8, the `ejson2env` tool has a vulnerability related to how it writes to `stdout`. Specifically, the tool is intended to write an export statement for environment variabl | |
| CVE-2025-47291 | — | < 0.0.20250523T151856-1.1 | 0.0.20250523T151856-1.1 | May 21, 2025 | containerd is an open-source container runtime. A bug was found in the containerd's CRI implementation where containerd, starting in version 2.0.1 and prior to version 2.0.5, doesn't put usernamespaced containers under the Kubernetes' cgroup hierarchy, therefore some Kubernetes l | ||
| CVE-2025-5031 | Low | 3.1 | < 0.0.20250523T151856-1.1 | 0.0.20250523T151856-1.1 | May 21, 2025 | A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the component wxapkg File Decompression Handler. The manipulation leads to resource consumption. The attack may be initiated remotely. The | |
| CVE-2025-5030 | — | < 0.0.20250730T213748-1.1 | 0.0.20250730T213748-1.1 | May 21, 2025 | A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been declared as critical. This vulnerability affects the function processFile of the file internal/unpack/unpack.go of the component wxapkg File Parser. The manipulation leads to os command injection. The attack | ||
| CVE-2025-48056 | Med | 5.3 | < 0.0.20250523T151856-1.1 | 0.0.20250523T151856-1.1 | May 20, 2025 | Hubble is a fully distributed networking and security observability platform for cloud native workloads. Prior to version 1.17.2, a network attacker could inject malicious control characters into Hubble CLI terminal output, potentially leading to loss of integrity and manipulatio | |
| CVE-2025-47290 | — | < 0.0.20250523T151856-1.1 | 0.0.20250523T151856-1.1 | May 20, 2025 | containerd is a container runtime. A time-of-check to time-of-use (TOCTOU) vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system. The only affected version of c | ||
| CVE-2025-47284 | — | < 0.0.20250523T151856-1.1 | 0.0.20250523T151856-1.1 | May 19, 2025 | Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in the `gardenlet` component of Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0. It could allow a user with administrative pri | ||
| CVE-2025-47283 | — | < 0.0.20250523T151856-1.1 | 0.0.20250523T151856-1.1 | May 19, 2025 | Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 that could allow a user with administrative privileges for a Gardener proje | ||
| CVE-2025-47282 | Cri | 9.9 | < 0.0.20250523T151856-1.1 | 0.0.20250523T151856-1.1 | May 19, 2025 | Gardener External DNS Management is an environment to manage external DNS entries for a kubernetes cluster. A security vulnerability was discovered in Gardener's External DNS Management prior to version 0.23.6 that could allow a user with administrative privileges for a Gardener | |
| CVE-2025-1975 | — | < 0.0.20250523T151856-1.1 | 0.0.20250523T151856-1.1 | May 16, 2025 | A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull en | ||
| CVE-2024-40120 | — | < 0.0.20250523T151856-1.1 | 0.0.20250523T151856-1.1 | May 16, 2025 | seaweedfs v3.68 was discovered to contain a SQL injection vulnerability via the component /abstract_sql/abstract_sql_store.go. | ||
| CVE-2025-2570 | — | < 0.0.20250523T151856-1.1 | 0.0.20250523T151856-1.1 | May 15, 2025 | Mattermost versions 10.5.x <= 10.5.3, 9.11.x <= 9.11.11 fail to check `RestrictSystemAdmin` setting if user doesn't have access to `ExperimentalSettings` which allows a System Manager to access `ExperimentSettings` when `RestrictSystemAdmin` is true via System Console. | ||
| CVE-2025-2527 | — | < 0.0.20250523T151856-1.1 | 0.0.20250523T151856-1.1 | May 15, 2025 | Mattermost versions 10.5.x <= 10.5.2, 9.11.x <= 9.11.11 failed to properly verify a user's permissions when accessing groups, which allows an attacker to view group information via an API request. | ||
| CVE-2025-3446 | — | < 0.0.20250523T151856-1.1 | 0.0.20250523T151856-1.1 | May 15, 2025 | Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4.4, 9.11.x <= 9.11.11 fail to check the correct permissions which allows authenticated users who only have permission to invite non-guest users to a team to add guest users to that team via the API to add a sin | ||
| CVE-2025-31947 | — | < 0.0.20250523T151856-1.1 | 0.0.20250523T151856-1.1 | May 15, 2025 | Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4.4, 9.11.x <= 9.11.11 fail to lockout LDAP users following repeated login failures, which allows attackers to lock external LDAP accounts through repeated login failures through Mattermost. |
- affected < 0.0.20250529T205903-1.1fixed 0.0.20250529T205903-1.1
A flaw was found in ActiveMQ Artemis. The password generated by activemq-artemis-operator does not regenerate between separated CR dependencies.
- CVE-2025-48371May 22, 2025affected < 0.0.20250527T204717-1.1fixed 0.0.20250527T204717-1.1
OpenFGA is an authorization/permission engine. OpenFGA versions 1.8.0 through 1.8.12 (corresponding to Helm chart openfga-0.2.16 through openfga-0.2.30 and docker 1.8.0 through 1.8.12) are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Us
- affected < 0.0.20250527T204717-1.1fixed 0.0.20250527T204717-1.1
zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. Prior to version 2.1.3 (corresponding to pseudoversion 1.4.4-0.20250522160828-8a99a3ed231f), when using Keycloak as an oidc provider, the clientsecret gets printed into t
- CVE-2025-48075May 22, 2025affected < 0.0.20250527T204717-1.1fixed 0.0.20250527T204717-1.1
Fiber is an Express-inspired web framework written in Go. Starting in version 2.52.6 and prior to version 2.52.7, `fiber.Ctx.BodyParser` can map flat data to nested slices using `key[idx]value` syntax, but when idx is negative, it causes a panic instead of returning an error stat
- affected < 0.0.20250527T204717-1.1fixed 0.0.20250527T204717-1.1
A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not requir
- affected < 0.0.20250523T151856-1.1fixed 0.0.20250523T151856-1.1
ejson2env allows users to decrypt EJSON secrets and export them as environment variables. Prior to version 2.0.8, the `ejson2env` tool has a vulnerability related to how it writes to `stdout`. Specifically, the tool is intended to write an export statement for environment variabl
- CVE-2025-47291May 21, 2025affected < 0.0.20250523T151856-1.1fixed 0.0.20250523T151856-1.1
containerd is an open-source container runtime. A bug was found in the containerd's CRI implementation where containerd, starting in version 2.0.1 and prior to version 2.0.5, doesn't put usernamespaced containers under the Kubernetes' cgroup hierarchy, therefore some Kubernetes l
- affected < 0.0.20250523T151856-1.1fixed 0.0.20250523T151856-1.1
A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the component wxapkg File Decompression Handler. The manipulation leads to resource consumption. The attack may be initiated remotely. The
- CVE-2025-5030May 21, 2025affected < 0.0.20250730T213748-1.1fixed 0.0.20250730T213748-1.1
A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been declared as critical. This vulnerability affects the function processFile of the file internal/unpack/unpack.go of the component wxapkg File Parser. The manipulation leads to os command injection. The attack
- affected < 0.0.20250523T151856-1.1fixed 0.0.20250523T151856-1.1
Hubble is a fully distributed networking and security observability platform for cloud native workloads. Prior to version 1.17.2, a network attacker could inject malicious control characters into Hubble CLI terminal output, potentially leading to loss of integrity and manipulatio
- CVE-2025-47290May 20, 2025affected < 0.0.20250523T151856-1.1fixed 0.0.20250523T151856-1.1
containerd is a container runtime. A time-of-check to time-of-use (TOCTOU) vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system. The only affected version of c
- CVE-2025-47284May 19, 2025affected < 0.0.20250523T151856-1.1fixed 0.0.20250523T151856-1.1
Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in the `gardenlet` component of Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0. It could allow a user with administrative pri
- CVE-2025-47283May 19, 2025affected < 0.0.20250523T151856-1.1fixed 0.0.20250523T151856-1.1
Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 that could allow a user with administrative privileges for a Gardener proje
- affected < 0.0.20250523T151856-1.1fixed 0.0.20250523T151856-1.1
Gardener External DNS Management is an environment to manage external DNS entries for a kubernetes cluster. A security vulnerability was discovered in Gardener's External DNS Management prior to version 0.23.6 that could allow a user with administrative privileges for a Gardener
- CVE-2025-1975May 16, 2025affected < 0.0.20250523T151856-1.1fixed 0.0.20250523T151856-1.1
A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull en
- CVE-2024-40120May 16, 2025affected < 0.0.20250523T151856-1.1fixed 0.0.20250523T151856-1.1
seaweedfs v3.68 was discovered to contain a SQL injection vulnerability via the component /abstract_sql/abstract_sql_store.go.
- CVE-2025-2570May 15, 2025affected < 0.0.20250523T151856-1.1fixed 0.0.20250523T151856-1.1
Mattermost versions 10.5.x <= 10.5.3, 9.11.x <= 9.11.11 fail to check `RestrictSystemAdmin` setting if user doesn't have access to `ExperimentalSettings` which allows a System Manager to access `ExperimentSettings` when `RestrictSystemAdmin` is true via System Console.
- CVE-2025-2527May 15, 2025affected < 0.0.20250523T151856-1.1fixed 0.0.20250523T151856-1.1
Mattermost versions 10.5.x <= 10.5.2, 9.11.x <= 9.11.11 failed to properly verify a user's permissions when accessing groups, which allows an attacker to view group information via an API request.
- CVE-2025-3446May 15, 2025affected < 0.0.20250523T151856-1.1fixed 0.0.20250523T151856-1.1
Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4.4, 9.11.x <= 9.11.11 fail to check the correct permissions which allows authenticated users who only have permission to invite non-guest users to a team to add guest users to that team via the API to add a sin
- CVE-2025-31947May 15, 2025affected < 0.0.20250523T151856-1.1fixed 0.0.20250523T151856-1.1
Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4.4, 9.11.x <= 9.11.11 fail to lockout LDAP users following repeated login failures, which allows attackers to lock external LDAP accounts through repeated login failures through Mattermost.
Page 14 of 35