VYPR

rpm package

opensuse/govulncheck-vulndb&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed

Vulnerabilities (690)

  • CVE-2025-25068Mar 21, 2025
    affected < 0.0.20250327T184518-1.1fixed 0.0.20250327T184518-1.1

    Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8, 10.5.x <= 10.5.0 fail to enforce MFA on plugin endpoints, which allows authenticated attackers to bypass MFA protections via API requests to plugin-specific routes.

  • CVE-2025-24920Mar 21, 2025
    affected < 0.0.20250327T184518-1.1fixed 0.0.20250327T184518-1.1

    Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8, 10.5.x <= 10.5.0 fail to restrict bookmark creation and updates in archived channels, which allows authenticated users created or update bookmarked in archived channels

  • CVE-2025-30179Mar 21, 2025
    affected < 0.0.20250327T184518-1.1fixed 0.0.20250327T184518-1.1

    Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to enforce MFA on certain search APIs, which allows authenticated attackers to bypass MFA protections via user search, channel search, or team search queries.

  • CVE-2025-25274Mar 21, 2025
    affected < 0.0.20250327T184518-1.1fixed 0.0.20250327T184518-1.1

    Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to restrict command execution in archived channels, which allows authenticated users to run commands in archived channels.

  • CVE-2025-27933Mar 21, 2025
    affected < 0.0.20250327T184518-1.1fixed 0.0.20250327T184518-1.1

    Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to fail to enforce channel conversion restrictions, which allows members with permission to convert public channels to private ones to also convert private ones to public

  • CVE-2025-27715Mar 21, 2025
    affected < 0.0.20250327T184518-1.1fixed 0.0.20250327T184518-1.1

    Mattermost versions 9.11.x <= 9.11.8 fail to prompt for explicit approval before adding a team admin to a private channel, which team admins to joining private channels via crafted permalink links without explicit consent from them.

  • CVE-2024-53351Mar 21, 2025
    affected < 0.0.20250327T184518-1.1fixed 0.0.20250327T184518-1.1

    Insecure permissions in pipecd v0.49 allow attackers to gain access to the service account's token, leading to escalation of privileges.

  • CVE-2024-53348Mar 21, 2025
    affected < 0.0.20250327T184518-1.1fixed 0.0.20250327T184518-1.1

    LoxiLB v.0.9.7 and before is vulnerable to Incorrect Access Control which allows attackers to obtain sensitive information and escalate privileges.

  • CVE-2025-29923LowMar 20, 2025
    affected < 0.0.20250327T184518-1.1fixed 0.0.20250327T184518-1.1

    go-redis is the official Redis client library for the Go programming language. Prior to 9.5.5, 9.6.3, and 9.7.3, go-redis potentially responds out of order when `CLIENT SETINFO` times out during connection establishment. This can happen when the client is configured to transmit i

  • CVE-2025-29922CriMar 20, 2025
    affected < 0.0.20250327T184518-1.1fixed 0.0.20250327T184518-1.1

    kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.26.3, the identified vulnerability allows creating or deleting an object via the APIExport VirtualWorkspace in any arbitrary target workspace for pre-existi

  • CVE-2025-29914MedMar 20, 2025
    affected < 0.0.20250327T184518-1.1fixed 0.0.20250327T184518-1.1

    OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Prior to 3.3.3, if a request is made on an URI starting with //, coraza will set a wrong value in REQUEST_FILENAME. For example, if the URI //bar/uploads/foo.php?a=b is passed to coraza: , REQUE

  • CVE-2024-7598LowMar 20, 2025
    affected < 0.0.20250327T184518-1.1fixed 0.0.20250327T184518-1.1

    A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined, and it is possible for

  • CVE-2024-12886HigMar 20, 2025
    affected < 0.0.20250331T171002-1.1fixed 0.0.20250331T171002-1.1

    An Out-Of-Memory (OOM) vulnerability exists in the `ollama` server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the `ollama` server crashing. The vulnerability is present in the `makeRequestWit

  • CVE-2024-8063Mar 20, 2025
    affected < 0.0.20250515T200012-1.1fixed 0.0.20250515T200012-1.1

    A divide by zero vulnerability exists in ollama/ollama version v0.3.3. The vulnerability occurs when importing GGUF models with a crafted type for `block_count` in the Modelfile. This can lead to a denial of service (DoS) condition when the server processes the model, causing it

  • CVE-2025-0312Mar 20, 2025
    affected < 0.0.20250402T160203-1.1fixed 0.0.20250402T160203-1.1

    A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to create a customized GGUF model file that, when uploaded and created on the Ollama server, can cause a crash due to an unchecked null pointer dereference. This can lead to a Denial of Service (DoS) attac

  • CVE-2025-0317Mar 20, 2025
    affected < 0.0.20250331T171002-1.1fixed 0.0.20250331T171002-1.1

    A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to upload and create a customized GGUF model file on the Ollama server. This can lead to a division by zero error in the ggufPadding function, causing the server to crash and resulting in a Denial of Servi

  • CVE-2025-0315Mar 20, 2025
    affected < 0.0.20250331T171002-1.1fixed 0.0.20250331T171002-1.1

    A vulnerability in ollama/ollama <=0.3.14 allows a malicious user to create a customized GGUF model file, upload it to the Ollama server, and create it. This can cause the server to allocate unlimited memory, leading to a Denial of Service (DoS) attack.

  • CVE-2024-9900Mar 20, 2025
    affected < 0.0.20250327T184518-1.1fixed 0.0.20250327T184518-1.1

    mudler/localai version v2.21.1 contains a Cross-Site Scripting (XSS) vulnerability in its search functionality. The vulnerability arises due to improper sanitization of user input, allowing the injection and execution of arbitrary JavaScript code. This can lead to the execution o

  • CVE-2024-12055Mar 20, 2025
    affected < 0.0.20250331T171002-1.1fixed 0.0.20250331T171002-1.1

    A vulnerability in Ollama versions <=0.3.14 allows a malicious user to create a customized gguf model file that can be uploaded to the public Ollama server. When the server processes this malicious model, it crashes, leading to a Denial of Service (DoS) attack. The root cause of

  • CVE-2024-7631MedMar 19, 2025
    affected < 0.0.20250327T184518-1.1fixed 0.0.20250327T184518-1.1

    A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.go#L112 Because of this unsafe filepath co

Page 19 of 35