rpm package
suse/google-osconfig-agent&distro=SUSE Linux Enterprise Module for Public Cloud 12
pkg:rpm/suse/google-osconfig-agent&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-33186 | Cri | 9.1 | < 20250416.02-1.44.1 | 20250416.02-1.44.1 | Mar 20, 2026 | gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omi | |
| CVE-2025-22868 | Hig | 7.5 | < 20250115.01-1.38.1 | 20250115.01-1.38.1 | Feb 26, 2025 | An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. | |
| CVE-2024-45339 | Hig | 7.1 | < 20250416.02-1.41.1 | 20250416.02-1.41.1 | Jan 28, 2025 | When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and | |
| CVE-2024-24790 | Cri | 9.8 | < 20250115.01-1.32.1 | 20250115.01-1.32.1 | Jun 5, 2024 | The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. | |
| CVE-2022-23806 | Cri | 9.1 | < 20230222.00-1.20.1 | 20230222.00-1.20.1 | Feb 11, 2022 | Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element. | |
| CVE-2021-38297 | Cri | 9.8 | < 20230222.00-1.20.1 | 20230222.00-1.20.1 | Oct 18, 2021 | Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used. |
- affected < 20250416.02-1.44.1fixed 20250416.02-1.44.1
gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omi
- affected < 20250115.01-1.38.1fixed 20250115.01-1.38.1
An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.
- affected < 20250416.02-1.41.1fixed 20250416.02-1.41.1
When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and
- affected < 20250115.01-1.32.1fixed 20250115.01-1.32.1
The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.
- affected < 20230222.00-1.20.1fixed 20230222.00-1.20.1
Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
- affected < 20230222.00-1.20.1fixed 20230222.00-1.20.1
Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.