VYPR

rpm package

opensuse/govulncheck-vulndb&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed

Vulnerabilities (690)

  • CVE-2025-27093MedOct 28, 2025
    affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1

    Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit traffic between Wireguard clients. This allows clients to communicate with each other unrestrictedly,

  • CVE-2025-11375Oct 28, 2025
    affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1

    Consul and Consul Enterprise’s (“Consul”) event endpoint is vulnerable to denial of service (DoS) due to lack of maximum value on the Content Length header. This vulnerability, CVE-2025-11375, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.

  • CVE-2025-62725HigOct 27, 2025
    affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1

    Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile w

  • CVE-2025-58356HigOct 27, 2025
    affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1

    Constellation is the first Confidential Kubernetes. The Constellation CVM image uses LUKS2-encrypted volumes for persistent storage. When opening an encrypted storage device, the CVM uses the libcryptsetup function crypt_activate_by_passhrase. If the VM is successful in opening t

  • CVE-2025-62714HigOct 24, 2025
    affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1

    Karmada Dashboard is a general-purpose, web-based control panel for Karmada which is a multi-cluster management project. Prior to version 0.2.0, there is an authentication bypass vulnerability in the Karmada Dashboard API. The backend API endpoints (e.g., /api/v1/secret, /api/v1/

  • CVE-2025-12044Oct 23, 2025
    affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1

    Vault and Vault Enterprise (“Vault”) are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for [+HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex

  • CVE-2025-11621Oct 23, 2025
    affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1

    Vault and Vault Enterprise’s (“Vault”) AWS Auth method may be susceptible to authentication bypass if the role of the configured bound_principal_iam is the same across AWS accounts, or uses a wildcard. This vulnerability, CVE-2025-11621, is fixed in Vault Community Edition 1.21.0

  • CVE-2025-59048Oct 23, 2025
    affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1

    OpenBao's AWS Plugin generates AWS access credentials based on IAM policies. Prior to version 0.1.1, the AWS Plugin is vulnerable to cross-account IAM role Impersonation in the AWS auth method. The vulnerability allows an IAM role from an untrusted AWS account to authenticate by

  • CVE-2025-62820MedOct 23, 2025
    affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1

    Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network.

  • CVE-2025-62705Oct 22, 2025
    affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1

    OpenBao is an open source identity-based secrets management system. Prior to version 2.4.2, OpenBao's audit log did not appropriately redact fields when relevant subsystems sent []byte response parameters rather than strings. This includes, but is not limited to sys/raw with use

  • CVE-2025-62513Oct 22, 2025
    affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1

    OpenBao is an open source identity-based secrets management system. In versions 2.2.0 to 2.4.1, OpenBao's audit log experienced a regression wherein raw HTTP bodies used by few endpoints were not correctly redacted (HMAC'd). This impacts those using the ACME functionality of PKI,

  • CVE-2025-10678CriOct 20, 2025
    affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1

    NetBird VPN when installed using vendor's provided script failed to remove or change default password of an admin account created by ZITADEL. This issue affects instances installed using vendor's provided script. This issue may affect instances created with Docker if the default

  • CVE-2025-26625HigOct 17, 2025
    affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1

    Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbol

  • CVE-2025-59043Oct 17, 2025
    affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1

    OpenBao is an open source identity-based secrets management system. In OpenBao versions prior to 2.4.1, JSON objects after decoding may use significantly more memory than their serialized version. It is possible to craft a JSON payload to maximize the factor between serialized me

  • CVE-2025-62506HigOct 16, 2025
    affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1

    MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z, a privilege escalation vulnerability allows service accounts and STS (Security Token Service) accounts with restricted session policies to bypass their inline policy restrict

  • CVE-2025-58073Oct 16, 2025
    affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1

    Mattermost versions 10.11.x <= 10.11.1, 10.10.x <= 10.10.2, 10.5.x <= 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulati

  • CVE-2025-61581Oct 16, 2025
    affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1

    ** UNSUPPORTED WHEN ASSIGNED ** Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue affects Apache Traffic Control: all versions. People with access to the management interface of the Traffic Router component could specify malicious pat

  • CVE-2025-41410Oct 16, 2025
    affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1

    Mattermost versions 10.10.x <= 10.10.2, 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data to bypass email-based te

  • CVE-2025-10545Oct 16, 2025
    affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1

    Mattermost versions 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to properly validate guest user permissions when adding channel members which allows guest users to add any team members to their private channels via the `/api/v4/channels/{channel_id}/members` endpoint

  • CVE-2025-58075Oct 16, 2025
    affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1

    Mattermost versions 10.11.x <= 10.11.1, 10.10.x <= 10.10.2, 10.5.x <= 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulati

Page 2 of 35