rpm package
opensuse/govulncheck-vulndb&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed
Vulnerabilities (690)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-11073 | — | < 0.0.20251105T184115-1.1 | 0.0.20251105T184115-1.1 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting. | ||
| CVE-2016-11072 | — | < 0.0.20251105T184115-1.1 | 0.0.20251105T184115-1.1 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 3.0.2. The purposes of a session ID and a Session Token were mishandled. | ||
| CVE-2016-11071 | — | < 0.0.20251105T184115-1.1 | 0.0.20251105T184115-1.1 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place. | ||
| CVE-2016-11070 | — | < 0.0.20251105T184115-1.1 | 0.0.20251105T184115-1.1 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values. | ||
| CVE-2016-11069 | — | < 0.0.20251105T184115-1.1 | 0.0.20251105T184115-1.1 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at password change. | ||
| CVE-2016-11068 | — | < 0.0.20251105T184115-1.1 | 0.0.20251105T184115-1.1 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 3.2.0. Attackers could read LDAP fields via injection. | ||
| CVE-2016-11067 | — | < 0.0.20251105T184115-1.1 | 0.0.20251105T184115-1.1 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang. | ||
| CVE-2016-11066 | — | < 0.0.20251105T184115-1.1 | 0.0.20251105T184115-1.1 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 3.2.0. The initial_load API disclosed unnecessary personal information. | ||
| CVE-2016-11063 | — | < 0.0.20251105T184115-1.1 | 0.0.20251105T184115-1.1 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 3.5.1. XSS can occur via file preview. | ||
| CVE-2017-18872 | — | < 0.0.20251105T184115-1.1 | 0.0.20251105T184115-1.1 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. Attackers could reconfigure an OAuth app in some cases where Mattermost is an OAuth 2.0 service provider. | ||
| CVE-2020-8555 | — | < 0.0.20250807T150727-1.1 | 0.0.20250807T150727-1.1 | Jun 4, 2020 | The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprot | ||
| CVE-2020-10696 | — | < 0.0.20241213T205935-1.1 | 0.0.20241213T205935-1.1 | Mar 31, 2020 | A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions. | ||
| CVE-2020-8551 | — | < 0.0.20250807T150727-1.1 | 0.0.20250807T150727-1.1 | Mar 27, 2020 | The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API ty | ||
| CVE-2019-11251 | — | < 0.0.20250807T150727-1.1 | 0.0.20250807T150727-1.1 | Feb 3, 2020 | The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocati | ||
| CVE-2019-11253 | — | < 0.0.20250807T150727-1.1 | 0.0.20250807T150727-1.1 | Oct 17, 2019 | Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crash | ||
| CVE-2019-11245 | — | < 0.0.20250807T150727-1.1 | 0.0.20250807T150727-1.1 | Aug 29, 2019 | In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. If the pod specified mustRunAsNonRoot: true, the kubelet will refuse to start the | ||
| CVE-2019-15119 | — | < 0.0.20250422T181640-1.1 | 0.0.20250422T181640-1.1 | Aug 16, 2019 | lib/install/install.go in cnlh nps through 0.23.2 uses 0777 permissions for /usr/local/bin/nps and/or /usr/bin/nps, leading to a file overwrite by a local user. | ||
| CVE-2019-11243 | — | < 0.0.20250506T153719-1.1 | 0.0.20250506T153719-1.1 | Apr 22, 2019 | In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not ef | ||
| CVE-2019-1002101 | — | < 0.0.20250807T150727-1.1 | 0.0.20250807T150727-1.1 | Apr 1, 2019 | The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is mali | ||
| CVE-2019-1002100 | — | < 0.0.20250807T150727-1.1 | 0.0.20250807T150727-1.1 | Apr 1, 2019 | In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. `kubectl patch --type json` or `"Content-Type: application/json-patch+jso |
- CVE-2016-11073Jun 19, 2020affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1
An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting.
- CVE-2016-11072Jun 19, 2020affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1
An issue was discovered in Mattermost Server before 3.0.2. The purposes of a session ID and a Session Token were mishandled.
- CVE-2016-11071Jun 19, 2020affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1
An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place.
- CVE-2016-11070Jun 19, 2020affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1
An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values.
- CVE-2016-11069Jun 19, 2020affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1
An issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at password change.
- CVE-2016-11068Jun 19, 2020affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1
An issue was discovered in Mattermost Server before 3.2.0. Attackers could read LDAP fields via injection.
- CVE-2016-11067Jun 19, 2020affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1
An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang.
- CVE-2016-11066Jun 19, 2020affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1
An issue was discovered in Mattermost Server before 3.2.0. The initial_load API disclosed unnecessary personal information.
- CVE-2016-11063Jun 19, 2020affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1
An issue was discovered in Mattermost Server before 3.5.1. XSS can occur via file preview.
- CVE-2017-18872Jun 19, 2020affected < 0.0.20251105T184115-1.1fixed 0.0.20251105T184115-1.1
An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. Attackers could reconfigure an OAuth app in some cases where Mattermost is an OAuth 2.0 service provider.
- CVE-2020-8555Jun 4, 2020affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprot
- CVE-2020-10696Mar 31, 2020affected < 0.0.20241213T205935-1.1fixed 0.0.20241213T205935-1.1
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.
- CVE-2020-8551Mar 27, 2020affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1
The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API ty
- CVE-2019-11251Feb 3, 2020affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1
The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocati
- CVE-2019-11253Oct 17, 2019affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1
Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crash
- CVE-2019-11245Aug 29, 2019affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1
In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. If the pod specified mustRunAsNonRoot: true, the kubelet will refuse to start the
- CVE-2019-15119Aug 16, 2019affected < 0.0.20250422T181640-1.1fixed 0.0.20250422T181640-1.1
lib/install/install.go in cnlh nps through 0.23.2 uses 0777 permissions for /usr/local/bin/nps and/or /usr/bin/nps, leading to a file overwrite by a local user.
- CVE-2019-11243Apr 22, 2019affected < 0.0.20250506T153719-1.1fixed 0.0.20250506T153719-1.1
In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not ef
- CVE-2019-1002101Apr 1, 2019affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is mali
- CVE-2019-1002100Apr 1, 2019affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1
In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. `kubectl patch --type json` or `"Content-Type: application/json-patch+jso
Page 34 of 35