VYPR

rpm package

opensuse/grype&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/grype&distro=openSUSE%20Tumbleweed

Vulnerabilities (6)

  • CVE-2025-12183HigNov 28, 2025
    affected < 0.109.1-1.1fixed 0.109.1-1.1

    Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input.

  • CVE-2025-5702Jun 5, 2025
    affected < 0.94.0-1.1fixed 0.94.0-1.1

    The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in ove

  • CVE-2024-3154HigApr 26, 2024
    affected < 0.80.1-1.1fixed 0.80.1-1.1

    A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system.

  • CVE-2023-45853Oct 14, 2023
    affected < 0.88.0-1.1fixed 0.88.0-1.1

    MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable becaus

  • CVE-2022-2068Jun 21, 2022
    affected < 0.92.1-1.1fixed 0.92.1-1.1

    In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not dis

  • CVE-2021-3711Aug 24, 2021
    affected < 0.92.1-1.1fixed 0.92.1-1.1

    In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with