rpm package
opensuse/grype&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/grype&distro=openSUSE%20Tumbleweed
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-12183 | Hig | — | < 0.109.1-1.1 | 0.109.1-1.1 | Nov 28, 2025 | Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input. | |
| CVE-2025-5702 | — | < 0.94.0-1.1 | 0.94.0-1.1 | Jun 5, 2025 | The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in ove | ||
| CVE-2024-3154 | Hig | 7.2 | < 0.80.1-1.1 | 0.80.1-1.1 | Apr 26, 2024 | A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system. | |
| CVE-2023-45853 | — | < 0.88.0-1.1 | 0.88.0-1.1 | Oct 14, 2023 | MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable becaus | ||
| CVE-2022-2068 | — | < 0.92.1-1.1 | 0.92.1-1.1 | Jun 21, 2022 | In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not dis | ||
| CVE-2021-3711 | — | < 0.92.1-1.1 | 0.92.1-1.1 | Aug 24, 2021 | In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with |
- affected < 0.109.1-1.1fixed 0.109.1-1.1
Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input.
- CVE-2025-5702Jun 5, 2025affected < 0.94.0-1.1fixed 0.94.0-1.1
The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in ove
- affected < 0.80.1-1.1fixed 0.80.1-1.1
A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system.
- CVE-2023-45853Oct 14, 2023affected < 0.88.0-1.1fixed 0.88.0-1.1
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable becaus
- CVE-2022-2068Jun 21, 2022affected < 0.92.1-1.1fixed 0.92.1-1.1
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not dis
- CVE-2021-3711Aug 24, 2021affected < 0.92.1-1.1fixed 0.92.1-1.1
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with