VYPR

rpm package

opensuse/govulncheck-vulndb&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed

Vulnerabilities (690)

  • CVE-2021-21411Mar 26, 2021
    affected < 0.0.20250811T192933-1.1fixed 0.0.20250811T192933-1.1

    OAuth2-Proxy is an open source reverse proxy that provides authentication with Google, Github or other providers. The `--gitlab-group` flag for group-based authorization in the GitLab provider stopped working in the v7.0.0 release. Regardless of the flag settings, authorization w

  • CVE-2020-8563Dec 7, 2020
    affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1

    In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects < v1.19.3.

  • CVE-2020-8566Dec 7, 2020
    affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1

    In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects < v1.19.3, < v1.18.10, <

  • CVE-2020-26240Nov 25, 2020
    affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1

    Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ET

  • CVE-2020-26241Nov 25, 2020
    affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1

    Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. This is a Consensus vulnerability in Geth before version 1.9.17 which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth's pre-compiled dataCopy (at 0x0

  • CVE-2020-8912Aug 11, 2020
    affected < 0.0.20241213T205935-1.1fixed 0.0.20241213T205935-1.1

    A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-

  • CVE-2020-8911Aug 11, 2020
    affected < 0.0.20241119T173509-1.1fixed 0.0.20241119T173509-1.1

    A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code (MAC), which then allows an attacker who has write access to the target's S3 bucket a

  • CVE-2020-8558Jul 27, 2020
    affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1

    The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a ser

  • CVE-2020-8557Jul 23, 2020
    affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1

    The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculati

  • CVE-2016-11084Jun 19, 2020
    affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1

    An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF.

  • CVE-2016-11083Jun 19, 2020
    affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1

    An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window.

  • CVE-2016-11082Jun 19, 2020
    affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1

    An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link.

  • CVE-2016-11081Jun 19, 2020
    affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1

    An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser.

  • CVE-2016-11080Jun 19, 2020
    affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1

    An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details.

  • CVE-2016-11079Jun 19, 2020
    affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1

    An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL.

  • CVE-2016-11078Jun 19, 2020
    affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1

    An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI.

  • CVE-2016-11077Jun 19, 2020
    affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1

    An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account.

  • CVE-2016-11076Jun 19, 2020
    affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1

    An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL.

  • CVE-2016-11075Jun 19, 2020
    affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1

    An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API.

  • CVE-2016-11074Jun 19, 2020
    affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1

    An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused.