VYPR

rpm package

opensuse/govulncheck-vulndb&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed

Vulnerabilities (690)

  • CVE-2023-42818Sep 27, 2023
    affected < 0.0.20250612T141001-1.1fixed 0.0.20250612T141001-1.1

    JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force au

  • CVE-2023-22644Sep 20, 2023
    affected < 0.0.20241030T212825-1.1fixed 0.0.20241030T212825-1.1

    A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE.

  • CVE-2023-2728Jul 3, 2023
    affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1

    Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s se

  • CVE-2023-2727Jul 3, 2023
    affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1

    Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.

  • CVE-2023-2431Jun 16, 2023
    affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1

    A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in un

  • CVE-2022-47930Apr 21, 2023
    affected < 0.0.20250207T224745-1.1fixed 0.0.20250207T224745-1.1

    An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not

  • CVE-2023-25809Mar 29, 2023
    affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1

    runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes `/sys/fs/cgroup` writable in following conditons: 1. when runc is executed inside the user namespace, and the `config.json` does n

  • CVE-2023-28642Mar 29, 2023
    affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1

    runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibitin

  • CVE-2023-27561Mar 3, 2023
    affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1

    runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this is

  • CVE-2022-3294Mar 1, 2023
    affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1

    Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoint

  • CVE-2022-3162Mar 1, 2023
    affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1

    Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomRes

  • CVE-2022-31022Jun 1, 2022
    affected < 0.0.20250612T141001-1.1fixed 0.0.20250612T141001-1.1

    Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node’s filesystem where the bleve index resides, if the user has used bleve’s own HTTP (blev

  • CVE-2022-29177May 20, 2022
    affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1

    Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.17, a vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node. Version 1.10.17 cont

  • CVE-2022-29162May 17, 2022
    affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1

    runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environme

  • CVE-2020-8562LowFeb 1, 2022
    affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1

    As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation K

  • CVE-2021-25743Jan 7, 2022
    affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1

    kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.

  • CVE-2021-25741Sep 20, 2021
    affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1

    A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.

  • CVE-2021-25737Sep 6, 2021
    affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1

    A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs.

  • CVE-2021-25735Sep 6, 2021
    affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1

    A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the ol

  • CVE-2021-30465May 27, 2021
    affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1

    runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on

Page 32 of 35