VYPR

rpm package

opensuse/govulncheck-vulndb&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed

Vulnerabilities (690)

  • CVE-2024-10241Oct 29, 2024
    affected < 0.0.20241030T212825-1.1fixed 0.0.20241030T212825-1.1

    Mattermost versions 9.5.x <= 9.5.9 fail to properly filter the channel data when ElasticSearch is enabled which allows a user to get private channel names by using cmd+K/ctrl+K.

  • CVE-2024-47827Oct 28, 2024
    affected < 0.0.20241030T212825-1.1fixed 0.0.20241030T212825-1.1

    Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Due to a race condition in a global variable in 3.6.0-rc1, the argo workflows controller can be made to crash on-command by any user with access to execute a workflow.

  • CVE-2024-10214Oct 28, 2024
    affected < 0.0.20241030T212825-1.1fixed 0.0.20241030T212825-1.1

    Mattermost versions 9.11.X <= 9.11.1, 9.5.x <= 9.5.9 icorrectly issues two sessions when using desktop SSO - one in the browser and one in desktop with incorrect settings.

  • CVE-2023-26248MedOct 25, 2024
    affected < 0.0.20241213T205935-1.1fixed 0.0.20241213T205935-1.1

    The Kademlia DHT (go-libp2p-kad-dht 0.20.0 and earlier) used in IPFS (0.18.1 and earlier) assigns routing information for content (i.e., information about who holds the content) to be stored by peers whose peer IDs have a small DHT distance from the content ID. This allows an att

  • CVE-2024-49757Oct 25, 2024
    affected < 0.0.20241030T212825-1.1fixed 0.0.20241030T212825-1.1

    The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Due to a missing security check in versions prior to 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7, disabling the "User Registration allowed" option

  • CVE-2024-49753Oct 25, 2024
    affected < 0.0.20241030T212825-1.1fixed 0.0.20241030T212825-1.1

    Zitadel is open-source identity infrastructure software. Versions prior to 2.64.1, 2.63.6, 2.62.8, 2.61.4, 2.60.4, 2.59.5, and 2.58.7 have a flaw in the URL validation mechanism of Zitadel actions allows bypassing restrictions intended to block requests to localhost (127.0.0.1).

  • CVE-2024-49381Oct 25, 2024
    affected < 0.0.20241030T212825-1.1fixed 0.0.20241030T212825-1.1

    Plenti, a static site generator, has an arbitrary file deletion vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write deletion when a plenti user serves their website. This issue may lead to information loss. Version 0.7.2 fi

  • CVE-2024-49380Oct 25, 2024
    affected < 0.0.20241030T212825-1.1fixed 0.0.20241030T212825-1.1

    Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0

  • CVE-2024-50312Oct 22, 2024
    affected < 0.0.20241030T212825-1.1fixed 0.0.20241030T212825-1.1

    A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and mutations. Exposure to this flaw increases the attack surface, as it can facilita

  • CVE-2024-8901HigOct 22, 2024
    affected < 0.0.20241030T212825-1.1fixed 0.0.20241030T212825-1.1

    The AWS ALB Route Directive Adapter For Istio repo https://github.com/awslabs/aws-alb-route-directive-adapter-for-istio/tree/master provides an OIDC authentication mechanism that was integrated into the open source Kubeflow project. The adapter uses JWT for authentication, but

  • CVE-2024-47825Oct 21, 2024
    affected < 0.0.20241030T212825-1.1fixed 0.0.20241030T212825-1.1

    Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.16 and 1.15.10, a policy rule denying a prefix that is broader than `/32` may be ignored if there is a policy rule referencing a more n

  • CVE-2024-9264Oct 18, 2024
    affected < 0.0.20241030T212825-1.1fixed 0.0.20241030T212825-1.1

    The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vulnerability. Any user wit

  • CVE-2024-22030HigOct 16, 2024
    affected < 0.0.20241030T212825-1.1fixed 0.0.20241030T212825-1.1

    A vulnerability has been identified within Rancher that can be exploited in narrow circumstances through a man-in-the-middle (MITM) attack. An attacker would need to have control of an expired domain or execute a DNS spoofing/hijacking attack against the domain to exploit this

  • CVE-2024-9594Oct 15, 2024
    affected < 0.0.20241030T212825-1.1fixed 0.0.20241030T212825-1.1

    A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process when using the Nutanix, OVA, QEMU or raw providers. The credentials can be used to gain root access. The credentials are disabl

  • CVE-2024-9486Oct 15, 2024
    affected < 0.0.20241030T212825-1.1fixed 0.0.20241030T212825-1.1

    A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process. Virtual machine images built using the Proxmox provider do not disable these default credentials, and nodes using the resultin

  • CVE-2024-44337MedOct 15, 2024
    affected < 0.0.20241213T205935-1.1fixed 0.0.20241213T205935-1.1

    The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `v0.0.0-20240729232818-a2a9c4f`, which corresponds with commit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252`, there was a logical problem in the parag

  • CVE-2024-48909Oct 14, 2024
    affected < 0.0.20241030T212825-1.1fixed 0.0.20241030T212825-1.1

    SpiceDB is an open source database for scalably storing and querying fine-grained authorization data. Starting in version 1.35.0 and prior to version 1.37.1, clients that have enabled `LookupResources2` and have caveats in the evaluation path for their requests can return a permi

  • CVE-2024-46528MedOct 14, 2024
    affected < 0.0.20241213T205935-1.1fixed 0.0.20241213T205935-1.1

    An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere 4.x before 4.1.3 and 3.x through 3.4.1 and KubeSphere Enterprise 4.x before 4.1.3 and 3.x through 3.5.0 allows low-privileged authenticated attackers to access sensitive resources without proper authorization

  • CVE-2024-38365Oct 11, 2024
    affected < 0.0.20241030T212825-1.1fixed 0.0.20241030T212825-1.1

    btcd is an alternative full node bitcoin implementation written in Go (golang). The btcd Bitcoin client (versions 0.10 to 0.24) did not correctly re-implement Bitcoin Core's "FindAndDelete()" functionality. This logic is consensus-critical: the difference in behavior with the oth

  • CVE-2024-47877Oct 11, 2024
    affected < 0.0.20241030T212825-1.1fixed 0.0.20241030T212825-1.1

    Extract is aA Go library to extract archives in zip, tar.gz or tar.bz2 formats. A maliciously crafted archive may allow an attacker to create a symlink outside the extraction target directory. This vulnerability is fixed in 4.0.0. If you're using the Extractor.FS interface, then

Page 29 of 35