rpm package
opensuse/govulncheck-vulndb&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed
Vulnerabilities (690)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-58157 | — | < 0.0.20250917T170349-1.1 | 0.0.20250917T170349-1.1 | Aug 29, 2025 | gnark is a zero-knowledge proof system framework. In version 0.12.0, there is a potential denial of service vulnerability when computing scalar multiplication is using the fake-GLV algorithm. This is because the algorithm didn't converge quickly enough for some of the inputs. Thi | ||
| CVE-2025-58158 | Hig | 8.8 | < 0.0.20250917T170349-1.1 | 0.0.20250917T170349-1.1 | Aug 29, 2025 | Harness Open Source is an end-to-end developer platform with Source Control Management, CI/CD Pipelines, Hosted Developer Environments, and Artifact Registries. Prior to version 3.3.0, Open Source Harness git LFS server (Gitness) exposes api to retrieve and upload files via git L | |
| CVE-2025-58058 | Med | 5.3 | < 0.0.20250917T170349-1.1 | 0.0.20250917T170349-1.1 | Aug 28, 2025 | xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the | |
| CVE-2025-6203 | — | < 0.0.20250908T141310-1.1 | 0.0.20250908T141310-1.1 | Aug 28, 2025 | A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server | ||
| CVE-2025-5187 | Med | 6.7 | < 0.0.20250918T182144-1.1 | 0.0.20250918T182144-1.1 | Aug 27, 2025 | A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is su | |
| CVE-2025-51667 | — | < 0.0.20250908T141310-1.1 | 0.0.20250908T141310-1.1 | Aug 27, 2025 | An issue was discovered in simple-admin-core v1.2.0 thru v1.6.7. The /sys-api/role/update interface in the simple-admin-core system has a limited SQL injection vulnerability, which may lead to partial data leakage or disruption of normal system operations. | ||
| CVE-2025-9039 | Med | 4.3 | < 0.0.20250818T190335-1.1 | 0.0.20250818T190335-1.1 | Aug 14, 2025 | We identified an issue in the Amazon ECS agent where, under certain conditions, an introspection server could be accessed off-host by another instance if the instances are in the same security group or if their security groups allow incoming connections that include the port wher | |
| CVE-2025-55198 | — | < 0.0.20250818T190335-1.1 | 0.0.20250818T190335-1.1 | Aug 13, 2025 | Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring YAML files are formatt | ||
| CVE-2025-55199 | — | < 0.0.20250818T190335-1.1 | 0.0.20250818T190335-1.1 | Aug 13, 2025 | Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory (OOM) termination. This issue has been resolved in Helm 3.18.5. A work | ||
| CVE-2025-55196 | Hig | — | < 0.0.20250818T190335-1.1 | 0.0.20250818T190335-1.1 | Aug 13, 2025 | External Secrets Operator is a Kubernetes operator that integrates external secret management systems. From version 0.15.0 to before 0.19.2, a vulnerability was discovered where the List() calls for Kubernetes Secret and SecretStore resources performed by the PushSecret controlle | |
| CVE-2025-50946 | — | < 0.0.20250818T190335-1.1 | 0.0.20250818T190335-1.1 | Aug 13, 2025 | OS Command Injection in Olivetin 2025.4.22 Custom Themes via the ParseRequestURI function in service/internal/executor/arguments.go. | ||
| CVE-2025-8285 | — | < 0.0.20250818T190335-1.1 | 0.0.20250818T190335-1.1 | Aug 11, 2025 | Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint. | ||
| CVE-2025-54525 | — | < 0.0.20250818T190335-1.1 | 0.0.20250818T190335-1.1 | Aug 11, 2025 | Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to create channel subscription endpoint with an invalid request body. | ||
| CVE-2025-54478 | — | < 0.0.20250818T190335-1.1 | 0.0.20250818T190335-1.1 | Aug 11, 2025 | Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint. | ||
| CVE-2025-54463 | — | < 0.0.20250818T190335-1.1 | 0.0.20250818T190335-1.1 | Aug 11, 2025 | Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body. | ||
| CVE-2025-54458 | — | < 0.0.20250818T190335-1.1 | 0.0.20250818T190335-1.1 | Aug 11, 2025 | Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to create a subscription for a Confluence space the user does not have access to via the create subscription endpoint. | ||
| CVE-2025-53910 | — | < 0.0.20250818T190335-1.1 | 0.0.20250818T190335-1.1 | Aug 11, 2025 | Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create a channel subscription without proper access to the channel via API call to the edit channel subscription endpoint. | ||
| CVE-2025-53857 | — | < 0.0.20250818T190335-1.1 | 0.0.20250818T190335-1.1 | Aug 11, 2025 | Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the GET autocomplete/GetChannelSubscriptions endpoint. | ||
| CVE-2025-53514 | — | < 0.0.20250818T190335-1.1 | 0.0.20250818T190335-1.1 | Aug 11, 2025 | Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body. | ||
| CVE-2025-52931 | — | < 0.0.20250818T190335-1.1 | 0.0.20250818T190335-1.1 | Aug 11, 2025 | Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to update channel subscription endpoint with an invalid request body. |
- CVE-2025-58157Aug 29, 2025affected < 0.0.20250917T170349-1.1fixed 0.0.20250917T170349-1.1
gnark is a zero-knowledge proof system framework. In version 0.12.0, there is a potential denial of service vulnerability when computing scalar multiplication is using the fake-GLV algorithm. This is because the algorithm didn't converge quickly enough for some of the inputs. Thi
- affected < 0.0.20250917T170349-1.1fixed 0.0.20250917T170349-1.1
Harness Open Source is an end-to-end developer platform with Source Control Management, CI/CD Pipelines, Hosted Developer Environments, and Artifact Registries. Prior to version 3.3.0, Open Source Harness git LFS server (Gitness) exposes api to retrieve and upload files via git L
- affected < 0.0.20250917T170349-1.1fixed 0.0.20250917T170349-1.1
xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the
- CVE-2025-6203Aug 28, 2025affected < 0.0.20250908T141310-1.1fixed 0.0.20250908T141310-1.1
A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server
- affected < 0.0.20250918T182144-1.1fixed 0.0.20250918T182144-1.1
A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is su
- CVE-2025-51667Aug 27, 2025affected < 0.0.20250908T141310-1.1fixed 0.0.20250908T141310-1.1
An issue was discovered in simple-admin-core v1.2.0 thru v1.6.7. The /sys-api/role/update interface in the simple-admin-core system has a limited SQL injection vulnerability, which may lead to partial data leakage or disruption of normal system operations.
- affected < 0.0.20250818T190335-1.1fixed 0.0.20250818T190335-1.1
We identified an issue in the Amazon ECS agent where, under certain conditions, an introspection server could be accessed off-host by another instance if the instances are in the same security group or if their security groups allow incoming connections that include the port wher
- CVE-2025-55198Aug 13, 2025affected < 0.0.20250818T190335-1.1fixed 0.0.20250818T190335-1.1
Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring YAML files are formatt
- CVE-2025-55199Aug 13, 2025affected < 0.0.20250818T190335-1.1fixed 0.0.20250818T190335-1.1
Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory (OOM) termination. This issue has been resolved in Helm 3.18.5. A work
- affected < 0.0.20250818T190335-1.1fixed 0.0.20250818T190335-1.1
External Secrets Operator is a Kubernetes operator that integrates external secret management systems. From version 0.15.0 to before 0.19.2, a vulnerability was discovered where the List() calls for Kubernetes Secret and SecretStore resources performed by the PushSecret controlle
- CVE-2025-50946Aug 13, 2025affected < 0.0.20250818T190335-1.1fixed 0.0.20250818T190335-1.1
OS Command Injection in Olivetin 2025.4.22 Custom Themes via the ParseRequestURI function in service/internal/executor/arguments.go.
- CVE-2025-8285Aug 11, 2025affected < 0.0.20250818T190335-1.1fixed 0.0.20250818T190335-1.1
Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint.
- CVE-2025-54525Aug 11, 2025affected < 0.0.20250818T190335-1.1fixed 0.0.20250818T190335-1.1
Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to create channel subscription endpoint with an invalid request body.
- CVE-2025-54478Aug 11, 2025affected < 0.0.20250818T190335-1.1fixed 0.0.20250818T190335-1.1
Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint.
- CVE-2025-54463Aug 11, 2025affected < 0.0.20250818T190335-1.1fixed 0.0.20250818T190335-1.1
Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body.
- CVE-2025-54458Aug 11, 2025affected < 0.0.20250818T190335-1.1fixed 0.0.20250818T190335-1.1
Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to create a subscription for a Confluence space the user does not have access to via the create subscription endpoint.
- CVE-2025-53910Aug 11, 2025affected < 0.0.20250818T190335-1.1fixed 0.0.20250818T190335-1.1
Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create a channel subscription without proper access to the channel via API call to the edit channel subscription endpoint.
- CVE-2025-53857Aug 11, 2025affected < 0.0.20250818T190335-1.1fixed 0.0.20250818T190335-1.1
Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the GET autocomplete/GetChannelSubscriptions endpoint.
- CVE-2025-53514Aug 11, 2025affected < 0.0.20250818T190335-1.1fixed 0.0.20250818T190335-1.1
Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body.
- CVE-2025-52931Aug 11, 2025affected < 0.0.20250818T190335-1.1fixed 0.0.20250818T190335-1.1
Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to update channel subscription endpoint with an invalid request body.
Page 7 of 35