rpm package
opensuse/govulncheck-vulndb&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed
Vulnerabilities (690)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-32387 | — | < 0.0.20250410T162706-1.1 | 0.0.20250410T162706-1.1 | Apr 9, 2025 | Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow. This issue has been resolved in Helm v3.1 | ||
| CVE-2025-22871 | Cri | 9.1 | < 0.0.20250408T210408-1.1 | 0.0.20250408T210408-1.1 | Apr 8, 2025 | The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext. | |
| CVE-2025-32025 | Med | — | < 0.0.20250409T170536-1.1 | 0.0.20250409T170536-1.1 | Apr 8, 2025 | bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. The buffer created for parsing metadata for PNG and WebP images was only bounded by their input data type, which could lead to potentially large memory allocation, a | |
| CVE-2025-32024 | Med | — | < 0.0.20250409T170536-1.1 | 0.0.20250409T170536-1.1 | Apr 8, 2025 | bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. The EXIF data format allows for defining excessively large data structures in relatively small payloads. Before v0.10.0, If you didn't trust the input images, this c | |
| CVE-2025-31489 | Hig | — | < 0.0.20250409T170536-1.1 | 0.0.20250409T170536-1.1 | Apr 3, 2025 | MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRI | |
| CVE-2025-31483 | Med | — | < 0.0.20250409T170536-1.1 | 0.0.20250409T170536-1.1 | Apr 3, 2025 | Miniflux is a feed reader. Due to a weak Content Security Policy on the /proxy/* route, an attacker can bypass the CSP of the media proxy and execute cross-site scripting when opening external images in a new tab/window. To mitigate the vulnerability, the CSP for the media proxy | |
| CVE-2025-31135 | Med | 5.3 | < 0.0.20250402T160203-1.1 | 0.0.20250402T160203-1.1 | Apr 1, 2025 | Go-Guerrilla SMTP Daemon is a lightweight SMTP server written in Go. Prior to 1.6.7, when ProxyOn is enabled, the PROXY command will be accepted multiple times, with later invocations overriding earlier ones. The proxy protocol only supports one initial PROXY header; anything aft | |
| CVE-2025-29868 | — | < 0.0.20250402T160203-1.1 | 0.0.20250402T160203-1.1 | Apr 1, 2025 | Private Data Structure Returned From A Public Method vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.2. If a user uses an externally referenced image, when a user accesses this image, the provider of the image may obtain private information about t | ||
| CVE-2025-30223 | — | < 0.0.20250402T160203-1.1 | 0.0.20250402T160203-1.1 | Mar 31, 2025 | Beego is an open-source web framework for the Go programming language. Prior to 2.3.6, a Cross-Site Scripting (XSS) vulnerability exists in Beego's RenderForm() function due to improper HTML escaping of user-controlled data. This vulnerability allows attackers to inject malicious | ||
| CVE-2025-29072 | — | < 0.0.20250402T160203-1.1 | 0.0.20250402T160203-1.1 | Mar 27, 2025 | An integer overflow in Nethermind Juno before v.12.05 within the Sierra bytecode decompression logic within the "cairo-lang-starknet-classes" library could allow remote attackers to trigger an infinite loop (and high CPU usage) by submitting a malicious Declare v2/v3 transaction. | ||
| CVE-2025-24514 | Hig | 8.8 | < 0.0.20250327T184518-1.1 | 0.0.20250327T184518-1.1 | Mar 25, 2025 | A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and dis | |
| CVE-2025-24513 | Med | 4.8 | < 0.0.20250327T184518-1.1 | 0.0.20250327T184518-1.1 | Mar 25, 2025 | A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in de | |
| CVE-2025-1974 | Cri | 9.8 | < 0.0.20250327T184518-1.1 | 0.0.20250327T184518-1.1 | Mar 25, 2025 | A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the c | |
| CVE-2025-1098 | Hig | 8.8 | < 0.0.20250327T184518-1.1 | 0.0.20250327T184518-1.1 | Mar 25, 2025 | A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the | |
| CVE-2025-1097 | Hig | 8.8 | < 0.0.20250327T184518-1.1 | 0.0.20250327T184518-1.1 | Mar 25, 2025 | A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller | |
| CVE-2025-30163 | — | < 0.0.20250327T184518-1.1 | 0.0.20250327T184518-1.1 | Mar 24, 2025 | Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Node based network policies (`fromNodes` and `toNodes`) will incorrectly permit traffic to/from non-node endpoints that share the labels specified in `fromNodes` and `toNodes` sections of n | ||
| CVE-2025-30162 | — | < 0.0.20250327T184518-1.1 | 0.0.20250327T184518-1.1 | Mar 24, 2025 | Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services and use LB-IPAM or BGP for LB Service implementation and use network policies to block egress traffic from workloads in a | ||
| CVE-2025-29778 | — | < 0.0.20250327T184518-1.1 | 0.0.20250327T184518-1.1 | Mar 24, 2025 | Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artif | ||
| CVE-2025-30204 | Hig | 7.5 | < 0.0.20250327T184518-1.1 | 0.0.20250327T184518-1.1 | Mar 21, 2025 | golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a maliciou | |
| CVE-2025-27612 | Med | 5.9 | < 0.0.20250327T184518-1.1 | 0.0.20250327T184518-1.1 | Mar 21, 2025 | libcontainer is a library for container control. Prior to libcontainer 0.5.3, while creating a tenant container, the tenant builder accepts a list of capabilities to be added in the spec of tenant container. The logic here adds the given capabilities to all capabilities of main c |
- CVE-2025-32387Apr 9, 2025affected < 0.0.20250410T162706-1.1fixed 0.0.20250410T162706-1.1
Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow. This issue has been resolved in Helm v3.1
- affected < 0.0.20250408T210408-1.1fixed 0.0.20250408T210408-1.1
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.
- affected < 0.0.20250409T170536-1.1fixed 0.0.20250409T170536-1.1
bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. The buffer created for parsing metadata for PNG and WebP images was only bounded by their input data type, which could lead to potentially large memory allocation, a
- affected < 0.0.20250409T170536-1.1fixed 0.0.20250409T170536-1.1
bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. The EXIF data format allows for defining excessively large data structures in relatively small payloads. Before v0.10.0, If you didn't trust the input images, this c
- affected < 0.0.20250409T170536-1.1fixed 0.0.20250409T170536-1.1
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRI
- affected < 0.0.20250409T170536-1.1fixed 0.0.20250409T170536-1.1
Miniflux is a feed reader. Due to a weak Content Security Policy on the /proxy/* route, an attacker can bypass the CSP of the media proxy and execute cross-site scripting when opening external images in a new tab/window. To mitigate the vulnerability, the CSP for the media proxy
- affected < 0.0.20250402T160203-1.1fixed 0.0.20250402T160203-1.1
Go-Guerrilla SMTP Daemon is a lightweight SMTP server written in Go. Prior to 1.6.7, when ProxyOn is enabled, the PROXY command will be accepted multiple times, with later invocations overriding earlier ones. The proxy protocol only supports one initial PROXY header; anything aft
- CVE-2025-29868Apr 1, 2025affected < 0.0.20250402T160203-1.1fixed 0.0.20250402T160203-1.1
Private Data Structure Returned From A Public Method vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.2. If a user uses an externally referenced image, when a user accesses this image, the provider of the image may obtain private information about t
- CVE-2025-30223Mar 31, 2025affected < 0.0.20250402T160203-1.1fixed 0.0.20250402T160203-1.1
Beego is an open-source web framework for the Go programming language. Prior to 2.3.6, a Cross-Site Scripting (XSS) vulnerability exists in Beego's RenderForm() function due to improper HTML escaping of user-controlled data. This vulnerability allows attackers to inject malicious
- CVE-2025-29072Mar 27, 2025affected < 0.0.20250402T160203-1.1fixed 0.0.20250402T160203-1.1
An integer overflow in Nethermind Juno before v.12.05 within the Sierra bytecode decompression logic within the "cairo-lang-starknet-classes" library could allow remote attackers to trigger an infinite loop (and high CPU usage) by submitting a malicious Declare v2/v3 transaction.
- affected < 0.0.20250327T184518-1.1fixed 0.0.20250327T184518-1.1
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and dis
- affected < 0.0.20250327T184518-1.1fixed 0.0.20250327T184518-1.1
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in de
- affected < 0.0.20250327T184518-1.1fixed 0.0.20250327T184518-1.1
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the c
- affected < 0.0.20250327T184518-1.1fixed 0.0.20250327T184518-1.1
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the
- affected < 0.0.20250327T184518-1.1fixed 0.0.20250327T184518-1.1
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller
- CVE-2025-30163Mar 24, 2025affected < 0.0.20250327T184518-1.1fixed 0.0.20250327T184518-1.1
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Node based network policies (`fromNodes` and `toNodes`) will incorrectly permit traffic to/from non-node endpoints that share the labels specified in `fromNodes` and `toNodes` sections of n
- CVE-2025-30162Mar 24, 2025affected < 0.0.20250327T184518-1.1fixed 0.0.20250327T184518-1.1
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services and use LB-IPAM or BGP for LB Service implementation and use network policies to block egress traffic from workloads in a
- CVE-2025-29778Mar 24, 2025affected < 0.0.20250327T184518-1.1fixed 0.0.20250327T184518-1.1
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artif
- affected < 0.0.20250327T184518-1.1fixed 0.0.20250327T184518-1.1
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a maliciou
- affected < 0.0.20250327T184518-1.1fixed 0.0.20250327T184518-1.1
libcontainer is a library for container control. Prior to libcontainer 0.5.3, while creating a tenant container, the tenant builder accepts a list of capabilities to be added in the spec of tenant container. The logic here adds the given capabilities to all capabilities of main c
Page 18 of 35