VYPR

rpm package

opensuse/govulncheck-vulndb&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed

Vulnerabilities (690)

  • CVE-2025-54386Aug 1, 2025
    affected < 0.0.20250811T192933-1.1fixed 0.0.20250811T192933-1.1

    Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a path traversal vulnerability was discovered in WASM Traefik’s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file path

  • CVE-2025-54424Aug 1, 2025
    affected < 0.0.20250811T192933-1.1fixed 0.0.20250811T192933-1.1

    1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5 and below, the HTTPS protocol used for communication between the Core and Agent endpoints has incomplete certificate verification during cer

  • CVE-2025-6015Aug 1, 2025
    affected < 0.0.20250811T192933-1.1fixed 0.0.20250811T192933-1.1

    Vault and Vault Enterprise’s (“Vault”) login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

  • CVE-2025-6011Aug 1, 2025
    affected < 0.0.20250811T192933-1.1fixed 0.0.20250811T192933-1.1

    A timing side channel in Vault and Vault Enterprise’s (“Vault”) userpass auth method allowed an attacker to distinguish between existing and non-existing users, and potentially enumerate valid usernames for Vault’s Userpass auth method. Fixed in Vault Community Edition 1.20.1 and

  • CVE-2025-6004Aug 1, 2025
    affected < 0.0.20250811T192933-1.1fixed 0.0.20250811T192933-1.1

    Vault and Vault Enterprise’s (“Vault”) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

  • CVE-2025-6037Aug 1, 2025
    affected < 0.0.20250811T192933-1.1fixed 0.0.20250811T192933-1.1

    Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as [+trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/cert#certificate]. In this configuration, an att

  • CVE-2025-6014Aug 1, 2025
    affected < 0.0.20250811T192933-1.1fixed 0.0.20250811T192933-1.1

    Vault and Vault Enterprise’s (“Vault”) TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

  • CVE-2025-6000Aug 1, 2025
    affected < 0.0.20250811T192933-1.1fixed 0.0.20250811T192933-1.1

    A privileged Vault operator within the root namespace with write permission to {{sys/audit}} may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.1

  • CVE-2025-5999Aug 1, 2025
    affected < 0.0.20250811T192933-1.1fixed 0.0.20250811T192933-1.1

    A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11 and 1.16.22.

  • CVE-2025-54576Jul 30, 2025
    affected < 0.0.20250811T192933-1.1fixed 0.0.20250811T192933-1.1

    OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions 7.10.0 and below, oauth2-proxy deployments are vulnerable when using the skip_auth_routes co

  • CVE-2025-54410Jul 30, 2025
    affected < 0.0.20250811T192933-1.1fixed 0.0.20250811T192933-1.1

    Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby releases before 28.0.0. When firewalld reloads, Docker fail

  • CVE-2025-54388Jul 30, 2025
    affected < 0.0.20250811T192933-1.1fixed 0.0.20250811T192933-1.1

    Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. In versions 28.2.0 through 28.3.2, when the firewalld service is reloaded it removes all iptables

  • CVE-2025-4674Jul 29, 2025
    affected < 0.0.20250730T213748-1.1fixed 0.0.20250730T213748-1.1

    The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS (e.g. Git), but contains metadata for another V

  • CVE-2025-50738Jul 29, 2025
    affected < 0.0.20250811T192933-1.1fixed 0.0.20250811T192933-1.1

    The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a user views a memo containing such an image, their browser automatically fetches the image URL without explicit user consent or interaction beyond viewing the memo

  • CVE-2025-30086MedJul 25, 2025
    affected < 0.0.20250730T213748-1.1fixed 0.0.20250730T213748-1.1

    CNCF Harbor 2.13.x before 2.13.1 and 2.12.x before 2.12.4 allows information disclosure by administrators who can exploit an ORM Leak present in the /api/v2.0/users endpoint to leak users' password hash and salt values. The q URL parameter allows a user to filter users by any col

  • CVE-2025-54379Jul 24, 2025
    affected < 0.0.20250730T213748-1.1fixed 0.0.20250730T213748-1.1

    LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. In versions before 2.2.1, there is a critical SQL Injection vulnerability in the getLast API functionality of the eKuiper project. This flaw allows unauth

  • CVE-2025-32019MedJul 23, 2025
    affected < 0.0.20250730T213748-1.1fixed 0.0.20250730T213748-1.1

    Harbor is an open source trusted cloud native registry project that stores, signs, and scans content. Versions 2.11.2 and below, as well as versions 2.12.0-rc1 and 2.13.0-rc1, contain a vulnerability where the markdown field in the info tab page can be exploited to inject XSS cod

  • CVE-2025-47281Jul 23, 2025
    affected < 0.0.20250730T213748-1.1fixed 0.0.20250730T213748-1.1

    Kyverno is a policy engine designed for cloud native platform engineering teams. In versions 1.14.1 and below, a Denial of Service (DoS) vulnerability exists due to improper handling of JMESPath variable substitutions. Attackers with permissions to create or update Kyverno polici

  • CVE-2025-53942Jul 23, 2025
    affected < 0.0.20250811T192933-1.1fixed 0.0.20250811T192933-1.1

    authentik is an open-source Identity Provider that emphasizes flexibility and versatility, with support for a wide set of protocols. In versions 2025.4.4 and earlier, as well as versions 2025.6.0-rc1 through 2025.6.3, deactivated users who registered through OAuth/SAML or linked

  • CVE-2025-51471Jul 22, 2025
    affected < 0.0.20250730T213748-1.1fixed 0.0.20250730T213748-1.1

    Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via a malicious realm value in a WWW-Authenticate header returned by the /api/pull endpoint.

Page 9 of 35