VYPR

rpm package

opensuse/govulncheck-vulndb&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed

Vulnerabilities (690)

  • CVE-2024-55660Dec 11, 2024
    affected < 0.0.20241213T205935-1.1fixed 0.0.20241213T205935-1.1

    SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's `/api/template/renderSprig` endpoint is vulnerable to Server-Side Template Injection (SSTI) through the Sprig template engine. Although the engine has limitations, it allows attackers to access en

  • CVE-2024-55659Dec 11, 2024
    affected < 0.0.20241213T205935-1.1fixed 0.0.20241213T205935-1.1

    SiYuan is a personal knowledge management system. Prior to version 3.1.16, the `/api/asset/upload` endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored cross-site scripting (via the file write). Version 3.1.16 contains a patch for the issue.

  • CVE-2024-55658Dec 11, 2024
    affected < 0.0.20241213T205935-1.1fixed 0.0.20241213T205935-1.1

    SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's /api/export/exportResources endpoint is vulnerable to arbitary file read via path traversal. It is possible to manipulate the paths parameter to access and download arbitrary files from the host s

  • CVE-2024-55657Dec 11, 2024
    affected < 0.0.20241213T205935-1.1fixed 0.0.20241213T205935-1.1

    SiYuan is a personal knowledge management system. Prior to version 3.1.16, an arbitrary file read vulnerability exists in Siyuan's `/api/template/render` endpoint. The absence of proper validation on the path parameter allows attackers to access sensitive files on the host system

  • CVE-2024-55601MedDec 9, 2024
    affected < 0.0.20241213T205935-1.1fixed 0.0.20241213T205935-1.1

    Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks. Those whoa re impacted are Hugo users who do not trust their Markdown content f

  • CVE-2024-46455CriDec 9, 2024
    affected < 0.0.20241213T205935-1.1fixed 0.0.20241213T205935-1.1

    unstructured v.0.14.2 and before is vulnerable to XML External Entity (XXE) via the XMLParser.

  • CVE-2024-6219Dec 5, 2024
    affected < 0.0.20241209T183251-1.1fixed 0.0.20241209T183251-1.1

    Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured.

  • CVE-2024-6156Dec 5, 2024
    affected < 0.0.20241209T183251-1.1fixed 0.0.20241209T183251-1.1

    Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.

  • CVE-2024-54132MedDec 4, 2024
    affected < 0.0.20241209T183251-1.1fixed 0.0.20241209T183251-1.1

    The GitHub CLI is GitHub’s official command line tool. A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run download. This vulnerab

  • CVE-2024-54131HigDec 3, 2024
    affected < 0.0.20241209T183251-1.1fixed 0.0.20241209T183251-1.1

    The Kolide Agent (aka: Launcher) is the lightweight agent designed to work with Kolide's service. An implementation bug in the Kolide Agent (known as `launcher`) allows for local privilege escalation to the SYSTEM user on Windows 10 and 11. The bug was introduced in version 1.5.3

  • CVE-2024-50948HigDec 3, 2024
    affected < 0.0.20241209T183251-1.1fixed 0.0.20241209T183251-1.1

    mochiMQTT v2.6.3 is vulnerable to Denial of Service (DoS) due to improper resource management. An attacker can exhaust system memory and crash the broker by establishing and maintaining a large number of malicious, long-term publish/subscribe sessions.

  • CVE-2024-53257MedDec 3, 2024
    affected < 0.0.20241213T205935-1.1fixed 0.0.20241213T205935-1.1

    Vitess is a database clustering system for horizontal scaling of MySQL. The /debug/querylogz and /debug/env pages for vtgate and vttablet do not properly escape user input. The result is that queries executed by Vitess can write HTML into the monitoring page at will. These pages

  • CVE-2024-53259MedDec 2, 2024
    affected < 0.0.20241209T183251-1.1fixed 0.0.20241209T183251-1.1

    quic-go is an implementation of the QUIC protocol in Go. An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used IP_PMTUDISC_DO, the kernel would then return a "message too large" error on sendmsg, i.e. when quic-go attempts to send a

  • CVE-2024-53862Dec 2, 2024
    affected < 0.0.20241209T183251-1.1fixed 0.0.20241209T183251-1.1

    Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. When using `--auth-mode=client`, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint: `/api/v1/workflows/{namespace}/{name}`

  • CVE-2024-52801MedNov 29, 2024
    affected < 0.0.20241209T183251-1.1fixed 0.0.20241209T183251-1.1

    sftpgo is a full-featured and highly configurable event-driven file transfer solution. Server protocols: SFTP, HTTP/S, FTP/S, WebDAV. The OpenID Connect implementation allows authenticated users to brute force session cookies and thereby gain access to other users' data, since th

  • CVE-2024-52003Nov 29, 2024
    affected < 0.0.20241209T183251-1.1fixed 0.0.20241209T183251-1.1

    Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. There is a vulnerability in Traefik that allows the client to provide the X-Forwarded-Prefix header from an untrusted source. This issue has been addressed in versions 2.11.14 and 3.2.1. Users are advised to

  • CVE-2024-36623Nov 29, 2024
    affected < 0.0.20241209T183251-1.1fixed 0.0.20241209T183251-1.1

    moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes.

  • CVE-2024-36621Nov 29, 2024
    affected < 0.0.20241209T183251-1.1fixed 0.0.20241209T183251-1.1

    moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion.

  • CVE-2024-36620Nov 29, 2024
    affected < 0.0.20241209T183251-1.1fixed 0.0.20241209T183251-1.1

    moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go.

  • CVE-2024-53858MedNov 27, 2024
    affected < 0.0.20241209T183251-1.1fixed 0.0.20241209T183251-1.1

    The gh cli is GitHub’s official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing `git` submodules hosted outside of GitHub.com and ghe.com. This vulnerability stems from se

Page 26 of 35