VYPR

rpm package

opensuse/govulncheck-vulndb&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed

Vulnerabilities (690)

  • CVE-2025-32387Apr 9, 2025
    affected < 0.0.20250410T162706-1.1fixed 0.0.20250410T162706-1.1

    Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow. This issue has been resolved in Helm v3.1

  • CVE-2025-22871CriApr 8, 2025
    affected < 0.0.20250408T210408-1.1fixed 0.0.20250408T210408-1.1

    The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

  • CVE-2025-32025MedApr 8, 2025
    affected < 0.0.20250409T170536-1.1fixed 0.0.20250409T170536-1.1

    bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. The buffer created for parsing metadata for PNG and WebP images was only bounded by their input data type, which could lead to potentially large memory allocation, a

  • CVE-2025-32024MedApr 8, 2025
    affected < 0.0.20250409T170536-1.1fixed 0.0.20250409T170536-1.1

    bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. The EXIF data format allows for defining excessively large data structures in relatively small payloads. Before v0.10.0, If you didn't trust the input images, this c

  • CVE-2025-31489HigApr 3, 2025
    affected < 0.0.20250409T170536-1.1fixed 0.0.20250409T170536-1.1

    MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRI

  • CVE-2025-31483MedApr 3, 2025
    affected < 0.0.20250409T170536-1.1fixed 0.0.20250409T170536-1.1

    Miniflux is a feed reader. Due to a weak Content Security Policy on the /proxy/* route, an attacker can bypass the CSP of the media proxy and execute cross-site scripting when opening external images in a new tab/window. To mitigate the vulnerability, the CSP for the media proxy

  • CVE-2025-31135MedApr 1, 2025
    affected < 0.0.20250402T160203-1.1fixed 0.0.20250402T160203-1.1

    Go-Guerrilla SMTP Daemon is a lightweight SMTP server written in Go. Prior to 1.6.7, when ProxyOn is enabled, the PROXY command will be accepted multiple times, with later invocations overriding earlier ones. The proxy protocol only supports one initial PROXY header; anything aft

  • CVE-2025-29868Apr 1, 2025
    affected < 0.0.20250402T160203-1.1fixed 0.0.20250402T160203-1.1

    Private Data Structure Returned From A Public Method vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.2. If a user uses an externally referenced image, when a user accesses this image, the provider of the image may obtain private information about t

  • CVE-2025-30223Mar 31, 2025
    affected < 0.0.20250402T160203-1.1fixed 0.0.20250402T160203-1.1

    Beego is an open-source web framework for the Go programming language. Prior to 2.3.6, a Cross-Site Scripting (XSS) vulnerability exists in Beego's RenderForm() function due to improper HTML escaping of user-controlled data. This vulnerability allows attackers to inject malicious

  • CVE-2025-29072Mar 27, 2025
    affected < 0.0.20250402T160203-1.1fixed 0.0.20250402T160203-1.1

    An integer overflow in Nethermind Juno before v.12.05 within the Sierra bytecode decompression logic within the "cairo-lang-starknet-classes" library could allow remote attackers to trigger an infinite loop (and high CPU usage) by submitting a malicious Declare v2/v3 transaction.

  • CVE-2025-24514HigMar 25, 2025
    affected < 0.0.20250327T184518-1.1fixed 0.0.20250327T184518-1.1

    A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and dis

  • CVE-2025-24513MedMar 25, 2025
    affected < 0.0.20250327T184518-1.1fixed 0.0.20250327T184518-1.1

    A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in de

  • CVE-2025-1974CriMar 25, 2025
    affected < 0.0.20250327T184518-1.1fixed 0.0.20250327T184518-1.1

    A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the c

  • CVE-2025-1098HigMar 25, 2025
    affected < 0.0.20250327T184518-1.1fixed 0.0.20250327T184518-1.1

    A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the

  • CVE-2025-1097HigMar 25, 2025
    affected < 0.0.20250327T184518-1.1fixed 0.0.20250327T184518-1.1

    A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller

  • CVE-2025-30163Mar 24, 2025
    affected < 0.0.20250327T184518-1.1fixed 0.0.20250327T184518-1.1

    Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Node based network policies (`fromNodes` and `toNodes`) will incorrectly permit traffic to/from non-node endpoints that share the labels specified in `fromNodes` and `toNodes` sections of n

  • CVE-2025-30162Mar 24, 2025
    affected < 0.0.20250327T184518-1.1fixed 0.0.20250327T184518-1.1

    Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services and use LB-IPAM or BGP for LB Service implementation and use network policies to block egress traffic from workloads in a

  • CVE-2025-29778Mar 24, 2025
    affected < 0.0.20250327T184518-1.1fixed 0.0.20250327T184518-1.1

    Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artif

  • CVE-2025-30204HigMar 21, 2025
    affected < 0.0.20250327T184518-1.1fixed 0.0.20250327T184518-1.1

    golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a maliciou

  • CVE-2025-27612MedMar 21, 2025
    affected < 0.0.20250327T184518-1.1fixed 0.0.20250327T184518-1.1

    libcontainer is a library for container control. Prior to libcontainer 0.5.3, while creating a tenant container, the tenant builder accepts a list of capabilities to be added in the spec of tenant container. The logic here adds the given capabilities to all capabilities of main c

Page 18 of 35