VYPR

rpm package

opensuse/kubelogin&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/kubelogin&distro=openSUSE%20Tumbleweed

Vulnerabilities (7)

  • CVE-2026-27137HigMar 6, 2026
    affected < 0.2.18-1.1fixed 0.2.18-1.1

    When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.

  • CVE-2025-68121CriFeb 5, 2026
    affected < 0.2.16-1.1fixed 0.2.16-1.1

    During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and

  • CVE-2025-61728Jan 28, 2026
    affected < 0.2.16-1.1fixed 0.2.16-1.1

    archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.

  • CVE-2025-61727Dec 3, 2025
    affected < 0.2.14-1.1fixed 0.2.14-1.1

    An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.

  • CVE-2025-22871CriApr 8, 2025
    affected < 0.2.10-1.1fixed 0.2.10-1.1

    The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

  • CVE-2024-45338MedDec 18, 2024
    affected < 0.1.7-1.1fixed 0.1.7-1.1

    An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

  • CVE-2024-24790Jun 5, 2024
    affected < 0.1.4-1.1fixed 0.1.4-1.1

    The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.