VYPR

rpm package

opensuse/govulncheck-vulndb&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed

Vulnerabilities (690)

  • CVE-2024-0132Sep 26, 2024
    affected < 0.0.20241104T154416-1.1fixed 0.0.20241104T154416-1.1

    NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A su

  • CVE-2024-8996Sep 25, 2024
    affected < 0.0.20241030T212825-1.1fixed 0.0.20241030T212825-1.1

    Unquoted Search Path or Element vulnerability in Grafana Agent (Flow mode) on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Agent Flow: before 0.43.2

  • CVE-2024-8975Sep 25, 2024
    affected < 0.0.20241030T212825-1.1fixed 0.0.20241030T212825-1.1

    Unquoted Search Path or Element vulnerability in Grafana Alloy on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Alloy: before 1.3.3, from 1.4.0-rc.0 through 1.4.0-rc.1.

  • CVE-2024-8986CriSep 19, 2024
    affected < 0.0.20241120T172248-1.1fixed 0.0.20241120T172248-1.1

    The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running `git remote get-url origin`. If credentials are included in the repository URI (for instance, to allow for

  • CVE-2024-45039Sep 6, 2024
    affected < 0.0.20241213T205935-1.1fixed 0.0.20241213T205935-1.1

    gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Versions prior to 0.11.0 have a soundness issue - in case of multiple commitments used inside the circuit the prover is able to choose all but the last commitment. As gnark uses the commitments for

  • CVE-2024-43803MedSep 3, 2024
    affected < 0.0.20241220T214820-1.1fixed 0.0.20241220T214820-1.1

    The Bare Metal Operator (BMO) implements a Kubernetes API for managing bare metal hosts in Metal3. The `BareMetalHost` (BMH) CRD allows the `userData`, `metaData`, and `networkData` for the provisioned host to be specified as links to Kubernetes Secrets. There are fields for both

  • CVE-2024-45310Sep 3, 2024
    affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1

    runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between

  • CVE-2024-45436Aug 29, 2024
    affected < 0.0.20241213T205935-1.1fixed 0.0.20241213T205935-1.1

    extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory.

  • CVE-2024-5321MedJul 18, 2024
    affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1

    A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Users may be able to read container logs and NT AUTHORITY\Authenticated Users may be able to modify container logs.

  • CVE-2024-39223CriJul 3, 2024
    affected < 0.0.20241030T212825-1.1fixed 0.0.20241030T212825-1.1

    An authentication bypass in the SSH service of gost v2.11.5 allows attackers to intercept communications via setting the HostKeyCallback function to ssh.InsecureIgnoreHostKey

  • CVE-2024-37820MedJun 25, 2024
    affected < 0.0.20241209T183251-1.1fixed 0.0.20241209T183251-1.1

    A nil pointer dereference in PingCAP TiDB v8.2.0-alpha-216-gfe5858b allows attackers to crash the application via expression.inferCollation.

  • CVE-2024-37032May 31, 2024
    affected < 0.0.20241213T205935-1.1fixed 0.0.20241213T205935-1.1

    Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../ substring.

  • CVE-2024-3727HigMay 14, 2024
    affected < 0.0.20250130T185858-1.1fixed 0.0.20250130T185858-1.1

    A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.

  • CVE-2024-28053Mar 15, 2024
    affected < 0.0.20241218T202206-1.1fixed 0.0.20241218T202206-1.1

    Resource Exhaustion in Mattermost Server versions 8.1.x before 8.1.10 fails to limit the size of the payload that can be read and parsed allowing an attacker to send a very large email payload and crash the server.

  • CVE-2024-1725Mar 7, 2024
    affected < 0.0.20250313T170021-1.1fixed 0.0.20250313T170021-1.1

    A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker n

  • CVE-2023-26154Dec 6, 2023
    affected < 0.0.20250818T190335-1.1fixed 0.0.20250818T190335-1.1

    Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of the package github.com/pubnub/go/v7 before 7.2.0; versions of the package pubnub

  • CVE-2023-5528Nov 14, 2023
    affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1

    A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.

  • CVE-2023-3955Oct 31, 2023
    affected < 0.0.20241213T205935-1.1fixed 0.0.20241213T205935-1.1

    A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.

  • CVE-2023-3676Oct 31, 2023
    affected < 0.0.20241213T205935-1.1fixed 0.0.20241213T205935-1.1

    A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.

  • CVE-2021-25736Oct 30, 2023
    affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1

    Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port (“spec.ports[*].port”) as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress[].ip” field. Clusters where the LoadBalance

Page 31 of 35