rpm package
suse/google-osconfig-agent&distro=SUSE Linux Enterprise Module for Public Cloud 12
pkg:rpm/suse/google-osconfig-agent&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-22868 | — | < 20250115.01-1.38.1 | 20250115.01-1.38.1 | Feb 26, 2025 | An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. | ||
| CVE-2024-45339 | Hig | 7.1 | < 20250416.02-1.41.1 | 20250416.02-1.41.1 | Jan 28, 2025 | When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and | |
| CVE-2024-24790 | — | < 20250115.01-1.32.1 | 20250115.01-1.32.1 | Jun 5, 2024 | The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. | ||
| CVE-2022-23806 | — | < 20230222.00-1.20.1 | 20230222.00-1.20.1 | Feb 11, 2022 | Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element. | ||
| CVE-2021-38297 | — | < 20230222.00-1.20.1 | 20230222.00-1.20.1 | Oct 18, 2021 | Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used. |
- CVE-2025-22868Feb 26, 2025affected < 20250115.01-1.38.1fixed 20250115.01-1.38.1
An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.
- affected < 20250416.02-1.41.1fixed 20250416.02-1.41.1
When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and
- CVE-2024-24790Jun 5, 2024affected < 20250115.01-1.32.1fixed 20250115.01-1.32.1
The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.
- CVE-2022-23806Feb 11, 2022affected < 20230222.00-1.20.1fixed 20230222.00-1.20.1
Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
- CVE-2021-38297Oct 18, 2021affected < 20230222.00-1.20.1fixed 20230222.00-1.20.1
Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.