VYPR

rpm package

opensuse/govulncheck-vulndb&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed

Vulnerabilities (690)

  • CVE-2016-11073Jun 19, 2020
    affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1

    An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting.

  • CVE-2016-11072Jun 19, 2020
    affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1

    An issue was discovered in Mattermost Server before 3.0.2. The purposes of a session ID and a Session Token were mishandled.

  • CVE-2016-11071Jun 19, 2020
    affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1

    An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place.

  • CVE-2016-11070Jun 19, 2020
    affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1

    An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values.

  • CVE-2016-11069Jun 19, 2020
    affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1

    An issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at password change.

  • CVE-2016-11068Jun 19, 2020
    affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1

    An issue was discovered in Mattermost Server before 3.2.0. Attackers could read LDAP fields via injection.

  • CVE-2016-11067Jun 19, 2020
    affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1

    An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang.

  • CVE-2016-11066Jun 19, 2020
    affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1

    An issue was discovered in Mattermost Server before 3.2.0. The initial_load API disclosed unnecessary personal information.

  • CVE-2016-11063Jun 19, 2020
    affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1

    An issue was discovered in Mattermost Server before 3.5.1. XSS can occur via file preview.

  • CVE-2017-18872Jun 19, 2020
    affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1

    An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. Attackers could reconfigure an OAuth app in some cases where Mattermost is an OAuth 2.0 service provider.

  • CVE-2020-8555Jun 4, 2020
    affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1

    The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprot

  • CVE-2020-10696Mar 31, 2020
    affected < 0.0.20241213T205935-1.1fixed 0.0.20241213T205935-1.1

    A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.

  • CVE-2020-8551Mar 27, 2020
    affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1

    The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API ty

  • CVE-2019-11251Feb 3, 2020
    affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1

    The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocati

  • CVE-2019-11253Oct 17, 2019
    affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1

    Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crash

  • CVE-2019-11245Aug 29, 2019
    affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1

    In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. If the pod specified mustRunAsNonRoot: true, the kubelet will refuse to start the

  • CVE-2019-15119Aug 16, 2019
    affected < 0.0.20250422T181640-1.1fixed 0.0.20250422T181640-1.1

    lib/install/install.go in cnlh nps through 0.23.2 uses 0777 permissions for /usr/local/bin/nps and/or /usr/bin/nps, leading to a file overwrite by a local user.

  • CVE-2019-11243Apr 22, 2019
    affected < 0.0.20250506T153719-1.1fixed 0.0.20250506T153719-1.1

    In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not ef

  • CVE-2019-1002101Apr 1, 2019
    affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1

    The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is mali

  • CVE-2019-1002100Apr 1, 2019
    affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1

    In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. `kubectl patch --type json` or `"Content-Type: application/json-patch+jso

Page 34 of 35