rpm package
opensuse/govulncheck-vulndb&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed
Vulnerabilities (690)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-21411 | — | < 0.0.20250811T192933-1.1 | 0.0.20250811T192933-1.1 | Mar 26, 2021 | OAuth2-Proxy is an open source reverse proxy that provides authentication with Google, Github or other providers. The `--gitlab-group` flag for group-based authorization in the GitLab provider stopped working in the v7.0.0 release. Regardless of the flag settings, authorization w | ||
| CVE-2020-8563 | — | < 0.0.20250807T150727-1.1 | 0.0.20250807T150727-1.1 | Dec 7, 2020 | In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects < v1.19.3. | ||
| CVE-2020-8566 | — | < 0.0.20250807T150727-1.1 | 0.0.20250807T150727-1.1 | Dec 7, 2020 | In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects < v1.19.3, < v1.18.10, < | ||
| CVE-2020-26240 | — | < 0.0.20250807T150727-1.1 | 0.0.20250807T150727-1.1 | Nov 25, 2020 | Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ET | ||
| CVE-2020-26241 | — | < 0.0.20250807T150727-1.1 | 0.0.20250807T150727-1.1 | Nov 25, 2020 | Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. This is a Consensus vulnerability in Geth before version 1.9.17 which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth's pre-compiled dataCopy (at 0x0 | ||
| CVE-2020-8912 | — | < 0.0.20241213T205935-1.1 | 0.0.20241213T205935-1.1 | Aug 11, 2020 | A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES- | ||
| CVE-2020-8911 | — | < 0.0.20241119T173509-1.1 | 0.0.20241119T173509-1.1 | Aug 11, 2020 | A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code (MAC), which then allows an attacker who has write access to the target's S3 bucket a | ||
| CVE-2020-8558 | — | < 0.0.20250807T150727-1.1 | 0.0.20250807T150727-1.1 | Jul 27, 2020 | The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a ser | ||
| CVE-2020-8557 | — | < 0.0.20250807T150727-1.1 | 0.0.20250807T150727-1.1 | Jul 23, 2020 | The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculati | ||
| CVE-2016-11084 | — | < 0.0.20251105T184115-1.1 | 0.0.20251105T184115-1.1 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF. | ||
| CVE-2016-11083 | — | < 0.0.20251105T184115-1.1 | 0.0.20251105T184115-1.1 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window. | ||
| CVE-2016-11082 | — | < 0.0.20251105T184115-1.1 | 0.0.20251105T184115-1.1 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link. | ||
| CVE-2016-11081 | — | < 0.0.20251105T184115-1.1 | 0.0.20251105T184115-1.1 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser. | ||
| CVE-2016-11080 | — | < 0.0.20251105T184115-1.1 | 0.0.20251105T184115-1.1 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details. | ||
| CVE-2016-11079 | — | < 0.0.20251105T184115-1.1 | 0.0.20251105T184115-1.1 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL. | ||
| CVE-2016-11078 | — | < 0.0.20251105T184115-1.1 | 0.0.20251105T184115-1.1 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI. | ||
| CVE-2016-11077 | — | < 0.0.20251105T184115-1.1 | 0.0.20251105T184115-1.1 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account. | ||
| CVE-2016-11076 | — | < 0.0.20251105T184115-1.1 | 0.0.20251105T184115-1.1 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL. | ||
| CVE-2016-11075 | — | < 0.0.20251105T184115-1.1 | 0.0.20251105T184115-1.1 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API. | ||
| CVE-2016-11074 | — | < 0.0.20251105T184115-1.1 | 0.0.20251105T184115-1.1 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused. |
- CVE-2021-21411Mar 26, 2021affected < 0.0.20250811T192933-1.1fixed 0.0.20250811T192933-1.1
OAuth2-Proxy is an open source reverse proxy that provides authentication with Google, Github or other providers. The `--gitlab-group` flag for group-based authorization in the GitLab provider stopped working in the v7.0.0 release. Regardless of the flag settings, authorization w
- CVE-2020-8563Dec 7, 2020affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1
In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects < v1.19.3.
- CVE-2020-8566Dec 7, 2020affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1
In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects < v1.19.3, < v1.18.10, <
- CVE-2020-26240Nov 25, 2020affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ET
- CVE-2020-26241Nov 25, 2020affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. This is a Consensus vulnerability in Geth before version 1.9.17 which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth's pre-compiled dataCopy (at 0x0
- CVE-2020-8912Aug 11, 2020affected < 0.0.20241213T205935-1.1fixed 0.0.20241213T205935-1.1
A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-
- CVE-2020-8911Aug 11, 2020affected < 0.0.20241119T173509-1.1fixed 0.0.20241119T173509-1.1
A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code (MAC), which then allows an attacker who has write access to the target's S3 bucket a
- CVE-2020-8558Jul 27, 2020affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1
The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a ser
- CVE-2020-8557Jul 23, 2020affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1
The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculati
- CVE-2016-11084Jun 19, 2020affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1
An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF.
- CVE-2016-11083Jun 19, 2020affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window.
- CVE-2016-11082Jun 19, 2020affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link.
- CVE-2016-11081Jun 19, 2020affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1
An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser.
- CVE-2016-11080Jun 19, 2020affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1
An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details.
- CVE-2016-11079Jun 19, 2020affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1
An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL.
- CVE-2016-11078Jun 19, 2020affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1
An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI.
- CVE-2016-11077Jun 19, 2020affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1
An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account.
- CVE-2016-11076Jun 19, 2020affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1
An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL.
- CVE-2016-11075Jun 19, 2020affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1
An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API.
- CVE-2016-11074Jun 19, 2020affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1
An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused.
Page 33 of 35