rpm package
opensuse/govulncheck-vulndb&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed
Vulnerabilities (690)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-42818 | — | < 0.0.20250612T141001-1.1 | 0.0.20250612T141001-1.1 | Sep 27, 2023 | JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force au | ||
| CVE-2023-22644 | — | < 0.0.20241030T212825-1.1 | 0.0.20241030T212825-1.1 | Sep 20, 2023 | A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE. | ||
| CVE-2023-2728 | — | < 0.0.20250807T150727-1.1 | 0.0.20250807T150727-1.1 | Jul 3, 2023 | Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s se | ||
| CVE-2023-2727 | — | < 0.0.20250807T150727-1.1 | 0.0.20250807T150727-1.1 | Jul 3, 2023 | Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers. | ||
| CVE-2023-2431 | — | < 0.0.20250807T150727-1.1 | 0.0.20250807T150727-1.1 | Jun 16, 2023 | A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in un | ||
| CVE-2022-47930 | — | < 0.0.20250207T224745-1.1 | 0.0.20250207T224745-1.1 | Apr 21, 2023 | An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not | ||
| CVE-2023-25809 | — | < 0.0.20250807T150727-1.1 | 0.0.20250807T150727-1.1 | Mar 29, 2023 | runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes `/sys/fs/cgroup` writable in following conditons: 1. when runc is executed inside the user namespace, and the `config.json` does n | ||
| CVE-2023-28642 | — | < 0.0.20250807T150727-1.1 | 0.0.20250807T150727-1.1 | Mar 29, 2023 | runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibitin | ||
| CVE-2023-27561 | — | < 0.0.20250807T150727-1.1 | 0.0.20250807T150727-1.1 | Mar 3, 2023 | runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this is | ||
| CVE-2022-3294 | — | < 0.0.20250807T150727-1.1 | 0.0.20250807T150727-1.1 | Mar 1, 2023 | Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoint | ||
| CVE-2022-3162 | — | < 0.0.20250807T150727-1.1 | 0.0.20250807T150727-1.1 | Mar 1, 2023 | Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomRes | ||
| CVE-2022-31022 | — | < 0.0.20250612T141001-1.1 | 0.0.20250612T141001-1.1 | Jun 1, 2022 | Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node’s filesystem where the bleve index resides, if the user has used bleve’s own HTTP (blev | ||
| CVE-2022-29177 | — | < 0.0.20250807T150727-1.1 | 0.0.20250807T150727-1.1 | May 20, 2022 | Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.17, a vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node. Version 1.10.17 cont | ||
| CVE-2022-29162 | — | < 0.0.20250807T150727-1.1 | 0.0.20250807T150727-1.1 | May 17, 2022 | runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environme | ||
| CVE-2020-8562 | Low | 2.2 | < 0.0.20250807T150727-1.1 | 0.0.20250807T150727-1.1 | Feb 1, 2022 | As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation K | |
| CVE-2021-25743 | — | < 0.0.20250807T150727-1.1 | 0.0.20250807T150727-1.1 | Jan 7, 2022 | kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events. | ||
| CVE-2021-25741 | — | < 0.0.20250807T150727-1.1 | 0.0.20250807T150727-1.1 | Sep 20, 2021 | A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem. | ||
| CVE-2021-25737 | — | < 0.0.20250807T150727-1.1 | 0.0.20250807T150727-1.1 | Sep 6, 2021 | A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs. | ||
| CVE-2021-25735 | — | < 0.0.20250807T150727-1.1 | 0.0.20250807T150727-1.1 | Sep 6, 2021 | A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the ol | ||
| CVE-2021-30465 | — | < 0.0.20250807T150727-1.1 | 0.0.20250807T150727-1.1 | May 27, 2021 | runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on |
- CVE-2023-42818Sep 27, 2023affected < 0.0.20250612T141001-1.1fixed 0.0.20250612T141001-1.1
JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force au
- CVE-2023-22644Sep 20, 2023affected < 0.0.20241030T212825-1.1fixed 0.0.20241030T212825-1.1
A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE.
- CVE-2023-2728Jul 3, 2023affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1
Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s se
- CVE-2023-2727Jul 3, 2023affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.
- CVE-2023-2431Jun 16, 2023affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1
A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in un
- CVE-2022-47930Apr 21, 2023affected < 0.0.20250207T224745-1.1fixed 0.0.20250207T224745-1.1
An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not
- CVE-2023-25809Mar 29, 2023affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1
runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes `/sys/fs/cgroup` writable in following conditons: 1. when runc is executed inside the user namespace, and the `config.json` does n
- CVE-2023-28642Mar 29, 2023affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1
runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibitin
- CVE-2023-27561Mar 3, 2023affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1
runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this is
- CVE-2022-3294Mar 1, 2023affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1
Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoint
- CVE-2022-3162Mar 1, 2023affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1
Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomRes
- CVE-2022-31022Jun 1, 2022affected < 0.0.20250612T141001-1.1fixed 0.0.20250612T141001-1.1
Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node’s filesystem where the bleve index resides, if the user has used bleve’s own HTTP (blev
- CVE-2022-29177May 20, 2022affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1
Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.17, a vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node. Version 1.10.17 cont
- CVE-2022-29162May 17, 2022affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environme
- affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1
As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation K
- CVE-2021-25743Jan 7, 2022affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1
kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.
- CVE-2021-25741Sep 20, 2021affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1
A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.
- CVE-2021-25737Sep 6, 2021affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1
A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs.
- CVE-2021-25735Sep 6, 2021affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1
A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the ol
- CVE-2021-30465May 27, 2021affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1
runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on
Page 32 of 35