VYPR

rpm package

opensuse/govulncheck-vulndb&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed

Vulnerabilities (690)

  • CVE-2025-25199HigFeb 12, 2025
    affected < 0.0.20250312T181707-1.1fixed 0.0.20250312T181707-1.1

    go-crypto-winnative Go crypto backend for Windows using Cryptography API: Next Generation (CNG). Prior to commit f49c8e1379ea4b147d5bff1b3be5b0ff45792e41, calls to `cng.TLS1PRF` don't release the key handle, producing a small memory leak every time. Commit f49c8e1379ea4b147d5bff1

  • CVE-2025-1243LowFeb 12, 2025
    affected < 0.0.20250312T181707-1.1fixed 0.0.20250312T181707-1.1

    The Temporal api-go library prior to version 1.44.1 did not send `update response` information to Data Converter when the proxy package within the api-go module was used in a gRPC proxy prior to transmission. This resulted in information contained within the `update response` fie

  • CVE-2024-57604Feb 12, 2025
    affected < 0.0.20250312T181707-1.1fixed 0.0.20250312T181707-1.1

    An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the token component.

  • CVE-2024-57603Feb 12, 2025
    affected < 0.0.20250312T181707-1.1fixed 0.0.20250312T181707-1.1

    An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the lack of rate limiting.

  • CVE-2025-24976MedFeb 11, 2025
    affected < 0.0.20250312T181707-1.1fixed 0.0.20250312T181707-1.1

    Distribution is a toolkit to pack, ship, store, and deliver container content. Systems running registry versions 3.0.0-beta.1 through 3.0.0-rc.2 with token authentication enabled may be vulnerable to an issue in which token authentication allows an attacker to inject an untrusted

  • CVE-2025-24016KEVFeb 10, 2025
    affected < 0.0.20250312T181707-1.1fixed 0.0.20250312T181707-1.1

    Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. DistributedAPI parameters are a serialize

  • CVE-2025-24366HigFeb 7, 2025
    affected < 0.0.20250207T224745-1.1fixed 0.0.20250207T224745-1.1

    SFTPGo is an open source, event-driven file transfer solution. SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being `rsync`. It is disabled in the default configuration and it

  • CVE-2025-24786Feb 6, 2025
    affected < 0.0.20250207T224745-1.1fixed 0.0.20250207T224745-1.1

    WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory `/db`, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine

  • CVE-2025-24787Feb 6, 2025
    affected < 0.0.20250207T224745-1.1fixed 0.0.20250207T224745-1.1

    WhoDB is an open source database management tool. In affected versions the application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files on the machine the application is running on. The application uses string conca

  • CVE-2025-22867HigFeb 6, 2025
    affected < 0.0.20250207T224745-1.1fixed 0.0.20250207T224745-1.1

    On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the @executable_path, @loader_path, or @rpath special values in a "#cgo LDFLAGS" directive. This issue only affected go1.24rc2.

  • CVE-2025-22866MedFeb 6, 2025
    affected < 0.0.20250207T224745-1.1fixed 0.0.20250207T224745-1.1

    Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recover

  • CVE-2025-24371HigFeb 3, 2025
    affected < 0.0.20250204T220613-1.1fixed 0.0.20250204T220613-1.1

    CometBFT is a distributed, Byzantine fault-tolerant, deterministic state machine replication engine. In the `blocksync` protocol peers send their `base` and `latest` heights when they connect to a new node (`A`), which is syncing to the tip of a network. `base` acts as a lower gr

  • CVE-2024-35177Feb 3, 2025
    affected < 0.0.20250204T220613-1.1fixed 0.0.20250204T220613-1.1

    Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. The wazuh-agent for Windows is vulnerable to a Local Privilege Escalat

  • CVE-2024-47770Feb 3, 2025
    affected < 0.0.20250204T220613-1.1fixed 0.0.20250204T220613-1.1

    Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. This vulnerability occurs when the system has weak privilege access, t

  • CVE-2024-11741MedJan 31, 2025
    affected < 0.0.20250204T220613-1.1fixed 0.0.20250204T220613-1.1

    Grafana is an open-source platform for monitoring and observability. The Grafana Alerting VictorOps integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 11.5.0, 11.4.1, 11.3.3,  11.2.6, 11.1.11, 11.0.11 and 10.4.15

  • CVE-2025-24883HigJan 30, 2025
    affected < 0.0.20250204T220613-1.1fixed 0.0.20250204T220613-1.1

    go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.14.13.

  • CVE-2025-24784MedJan 30, 2025
    affected < 0.0.20250204T220613-1.1fixed 0.0.20250204T220613-1.1

    kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. The policy group feature, added to by the 1.17.0 release. By being namespaced, the AdmissionPolicyGroup has a well constrained impact on cluster resources. Henc

  • CVE-2025-24376MedJan 30, 2025
    affected < 0.0.20250204T220613-1.1fixed 0.0.20250204T220613-1.1

    kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. By design, AdmissionPolicy and AdmissionPolicyGroup can evaluate only namespaced resources. The resources to be evaluated are determined by the rules provided b

  • CVE-2025-23216Jan 30, 2025
    affected < 0.0.20250204T220613-1.1fixed 0.0.20250204T220613-1.1

    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was discovered in Argo CD that exposed secret values in error messages and the diff view when an invalid Kubernetes Secret resource was synced from a repository. The vulnerability assumes th

  • CVE-2025-24884MedJan 29, 2025
    affected < 0.0.20250204T220613-1.1fixed 0.0.20250204T220613-1.1

    kube-audit-rest is a simple logger of mutation/creation requests to the k8s api. If the "full-elastic-stack" example vector configuration was used for a real cluster, the previous values of kubernetes secrets would have been disclosed in the audit messages. This vulnerability is

Page 22 of 35