VYPR

rpm package

opensuse/govulncheck-vulndb&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed

Vulnerabilities (690)

  • CVE-2024-53859Nov 27, 2024
    affected < 0.0.20241213T205935-1.1fixed 0.0.20241213T205935-1.1

    go-gh is a Go module for interacting with the `gh` utility and the GitHub API from the command line. A security vulnerability has been identified in `go-gh` that could leak authentication tokens intended for GitHub hosts to non-GitHub hosts when within a codespace. `go-gh` source

  • CVE-2024-53264MedNov 27, 2024
    affected < 0.0.20241209T183251-1.1fixed 0.0.20241209T183251-1.1

    bunkerweb is an Open-source and next-generation Web Application Firewall (WAF). A open redirect vulnerability exists in the loading endpoint, allowing attackers to redirect authenticated users to arbitrary external URLs via the "next" parameter. The loading endpoint accepts and u

  • CVE-2024-43784MedNov 26, 2024
    affected < 0.0.20241209T183251-1.1fixed 0.0.20241209T183251-1.1

    lakeFS is an open-source tool that transforms object storage into a Git-like repository. Existing lakeFS users who have issued credentials to users who have been deleted are affected by this vulnerability. When creating a new user with the same username as a deleted user, that us

  • CVE-2024-8676HigNov 26, 2024
    affected < 0.0.20241209T183251-1.1fixed 0.0.20241209T183251-1.1

    A vulnerability was found in CRI-O, where it can be requested to take a checkpoint archive of a container and later be asked to restore it. When it does that restoration, it attempts to restore the mounts from the restore archive instead of the pod request. As a result, the valid

  • CVE-2024-52529Nov 25, 2024
    affected < 0.0.20241209T183251-1.1fixed 0.0.20241209T183251-1.1

    Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For users with the following configuration: 1. An allow policy that selects a Layer 3 destination and a port range `AND` 2. A Layer 7 allow policy that selects a specific port within the fi

  • CVE-2024-6538MedNov 25, 2024
    affected < 0.0.20241209T183251-1.1fixed 0.0.20241209T183251-1.1

    A flaw was found in OpenShift Console. A Server Side Request Forgery (SSRF) attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't read

  • CVE-2024-10220HigNov 22, 2024
    affected < 0.0.20241209T183251-1.1fixed 0.0.20241209T183251-1.1

    The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2.

  • CVE-2024-45719Nov 22, 2024
    affected < 0.0.20241209T183251-1.1fixed 0.0.20241209T183251-1.1

    Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users are recommended to upgrade

  • CVE-2024-52309MedNov 21, 2024
    affected < 0.0.20241121T195252-1.1fixed 0.0.20241121T195252-1.1

    SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. One powerful feature of SFTPGo is the ability to have the EventManager execute scripts or run applications in response to certain events. This feature i

  • CVE-2024-28892Nov 21, 2024
    affected < 0.0.20250108T191942-1.1fixed 0.0.20250108T191942-1.1

    An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

  • CVE-2024-9526Nov 18, 2024
    affected < 0.0.20241119T173509-1.1fixed 0.0.20241119T173509-1.1

    There exists a stored XSS Vulnerability in Kubeflow Pipeline View web UI. The Kubeflow Web UI allows to create new pipelines. When creating a new pipeline, it is possible to add a description. The description field allows html tags, which are not filtered properly. Leading to a s

  • CVE-2024-0793HigNov 17, 2024
    affected < 0.0.20241119T173509-1.1fixed 0.0.20241119T173509-1.1

    A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn.

  • CVE-2024-24426HigNov 15, 2024
    affected < 0.0.20241119T173509-1.1fixed 0.0.20241119T173509-1.1

    Reachable assertions in the NGAP_FIND_PROTOCOLIE_BY_ID function of OpenAirInterface Magma v1.8.0 and OAI EPC Federation v1.2.0 allow attackers to cause a Denial of Service (DoS) via a crafted NGAP packet.

  • CVE-2024-24425MedNov 15, 2024
    affected < 0.0.20241119T173509-1.1fixed 0.0.20241119T173509-1.1

    Magma v1.8.0 and OAI EPC Federation v1.20 were discovered to contain an out-of-bounds read in the amf_as_establish_req function at /tasks/amf/amf_as.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.

  • CVE-2024-52522MedNov 15, 2024
    affected < 0.0.20241119T173509-1.1fixed 0.0.20241119T173509-1.1

    Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of symlinks with --links and --metadata in rclone while copying to local disk allows unprivileged users to indirectly modify ownership and permissions o

  • CVE-2023-0109Nov 15, 2024
    affected < 0.0.20241119T173509-1.1fixed 0.0.20241119T173509-1.1

    A stored cross-site scripting (XSS) vulnerability was discovered in usememos/memos version 0.9.1. This vulnerability allows an attacker to upload a JavaScript file containing a malicious script and reference it in an HTML file. When the HTML file is accessed, the malicious script

  • CVE-2024-44625Nov 15, 2024
    affected < 0.0.20241119T173509-1.1fixed 0.0.20241119T173509-1.1

    Gogs <=0.13.0 is vulnerable to Directory Traversal via the editFilePost function of internal/route/repo/editor.go.

  • CVE-2024-52308Nov 14, 2024
    affected < 0.0.20241119T173509-1.1fixed 0.0.20241119T173509-1.1

    The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands. This has been patched in the cli v2.62.0. Developers connect to remote codespaces through an S

  • CVE-2022-31668Nov 14, 2024
    affected < 0.0.20241213T205935-1.1fixed 0.0.20241213T205935-1.1

    Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies

  • CVE-2022-45157CriNov 13, 2024
    affected < 0.0.20241030T212825-1.1fixed 0.0.20241030T212825-1.1

    A vulnerability has been identified in the way that Rancher stores vSphere's CPI (Cloud Provider Interface) and CSI (Container Storage Interface) credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI and CSI passwords being st

Page 27 of 35