VYPR

rpm package

opensuse/velero&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/velero&distro=openSUSE%20Tumbleweed

Vulnerabilities (10)

  • CVE-2024-45338MedDec 18, 2024
    affected < 1.15.1-1.1fixed 1.15.1-1.1

    An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

  • CVE-2024-45337CriDec 12, 2024
    affected < 1.15.1-1.1fixed 1.15.1-1.1

    Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that

  • CVE-2023-39325Oct 11, 2023
    affected < 1.12.1-1.1fixed 1.12.1-1.1

    A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attack

  • CVE-2023-44487HigKEVOct 10, 2023
    affected < 1.12.2-1.1fixed 1.12.2-1.1

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2022-41717Dec 8, 2022
    affected < 1.11.1-1.1fixed 1.11.1-1.1

    An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the s

  • CVE-2022-1962Aug 9, 2022
    affected < 1.9.2-1.1fixed 1.9.2-1.1

    Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.

  • CVE-2022-27191Mar 18, 2022
    affected < 1.11.1-1.1fixed 1.11.1-1.1

    The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.

  • CVE-2021-3121Jan 11, 2021
    affected < 1.7.0-1.1fixed 1.7.0-1.1

    An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue.

  • CVE-2020-29652Dec 17, 2020
    affected < 1.7.1-1.1fixed 1.7.1-1.1

    A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.

  • CVE-2020-3996Oct 22, 2020
    affected < 1.6.3-1.2fixed 1.6.3-1.2

    Velero (prior to 1.4.3 and 1.5.2) in some instances doesn’t properly manage volume identifiers which may result in information leakage to unauthorized users.