VYPR

rpm package

suse/govulncheck-vulndb&distro=SUSE Linux Enterprise Module for Package Hub 15 SP6

pkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6

Vulnerabilities (274)

  • CVE-2025-22449Jan 9, 2025
    affected < 0.0.20250128T150132-150000.1.29.1fixed 0.0.20250128T150132-150000.1.29.1

    Mattermost versions 9.11.x <= 9.11.5 fail to enforce invite permissions, which allows team admins, with no permission to invite users to their team, to invite users by updating the "allow_open_invite" field via making their team public.

  • CVE-2025-22130Jan 8, 2025
    affected < 0.0.20250108T191942-150000.1.26.1fixed 0.0.20250108T191942-150000.1.26.1

    Soft Serve is a self-hostable Git server for the command line. Prior to 0.8.2 , a path traversal attack allows existing non-admin users to access and take over other user's repositories. A malicious user then can modify, delete, and arbitrarily repositories as if they were an adm

  • CVE-2025-21614Jan 6, 2025
    affected < 0.0.20250108T191942-150000.1.26.1fixed 0.0.20250108T191942-150000.1.26.1

    go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted respons

  • CVE-2025-21613Jan 6, 2025
    affected < 0.0.20250108T191942-150000.1.26.1fixed 0.0.20250108T191942-150000.1.26.1

    go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flag

  • CVE-2024-56514MedJan 3, 2025
    affected < 0.0.20250108T191942-150000.1.26.1fixed 0.0.20250108T191942-150000.1.26.1

    Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, both in karmadactl and karmada-operator, it is possible to supply a filesystem path, or an HTTP(s) URL to retrieve

  • CVE-2024-56513HigJan 3, 2025
    affected < 0.0.20250108T191942-150000.1.26.1fixed 0.0.20250108T191942-150000.1.26.1

    Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, the PULL mode clusters registered with the `karmadactl register` command have excessive privileges to access contr

  • CVE-2025-21609Jan 3, 2025
    affected < 0.0.20250108T191942-150000.1.26.1fixed 0.0.20250108T191942-150000.1.26.1

    SiYuan is self-hosted, open source personal knowledge management software. SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability. The vulnerability exists in the `POST /api/history/getDocHistoryContent` endpoint. An attacker can craft a payload to exploit this v

  • CVE-2024-25133HigDec 31, 2024
    affected < 0.0.20250108T191942-150000.1.26.1fixed 0.0.20250108T191942-150000.1.26.1

    A flaw was found in the Hive ClusterDeployments resource in OpenShift Dedicated. In certain conditions, this issue may allow a developer account on a Hive-enabled cluster to obtain cluster-admin privileges by executing arbitrary commands on the hive/hive-controllers pod.

  • CVE-2024-56362Dec 23, 2024
    affected < 0.0.20250108T191942-150000.1.26.1fixed 0.0.20250108T191942-150000.1.26.1

    Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the database file can retrie

  • CVE-2024-45387Dec 23, 2024
    affected < 0.0.20250108T191942-150000.1.26.1fixed 0.0.20250108T191942-150000.1.26.1

    An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8.0.1, >= 8.0.0 allows a privileged user with role "admin", "federation", "operations", "portal", or "steering" to execute arbitrary SQL against the database by sending a specially-crafted PUT request. Us

  • CVE-2024-55947Dec 23, 2024
    affected < 0.0.20250108T191942-150000.1.26.1fixed 0.0.20250108T191942-150000.1.26.1

    Gogs is an open source self-hosted Git service. A malicious user is able to write a file to an arbitrary path on the server to gain SSH access to the server. The vulnerability is fixed in 0.13.1.

  • CVE-2024-54148Dec 23, 2024
    affected < 0.0.20250108T191942-150000.1.26.1fixed 0.0.20250108T191942-150000.1.26.1

    Gogs is an open source self-hosted Git service. A malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. The vulnerability is fixed in 0.13.1.

  • CVE-2024-12678Dec 20, 2024
    affected < 0.0.20250108T191942-150000.1.26.1fixed 0.0.20250108T191942-150000.1.26.1

    Nomad Community and Nomad Enterprise ("Nomad") allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1.9.4 and Nomad Enterprise 1.9.4

  • CVE-2024-55196HigDec 19, 2024
    affected < 0.0.20250108T191942-150000.1.26.1fixed 0.0.20250108T191942-150000.1.26.1

    Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers.

  • CVE-2024-25131HigDec 19, 2024
    affected < 0.0.20250108T191942-150000.1.26.1fixed 0.0.20250108T191942-150000.1.26.1

    A flaw was found in the MustGather.managed.openshift.io Custom Defined Resource (CRD) of OpenShift Dedicated. A non-privileged user on the cluster can create a MustGather object with a specially crafted file and set the most privileged service account to run the job. This can all

  • CVE-2024-45338MedDec 18, 2024
    affected < 0.0.20250108T191942-150000.1.26.1fixed 0.0.20250108T191942-150000.1.26.1

    An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

  • CVE-2024-9779HigDec 17, 2024
    affected < 0.0.20250108T191942-150000.1.26.1fixed 0.0.20250108T191942-150000.1.26.1

    A flaw was found in Open Cluster Management (OCM) when a user has access to the worker nodes which contain the cluster-manager or klusterlet deployments. The cluster-manager deployment uses a service account with the same name "cluster-manager" which is bound to a ClusterRole als

  • CVE-2024-45337CriDec 12, 2024
    affected < 0.0.20250226T025151-150000.1.35.1fixed 0.0.20250226T025151-150000.1.35.1

    Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that

  • CVE-2024-28892Nov 21, 2024
    affected < 0.0.20250108T191942-150000.1.26.1fixed 0.0.20250108T191942-150000.1.26.1

    An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

  • CVE-2022-45157CriNov 13, 2024
    affected < 0.0.20241030T212825-150000.1.9.1fixed 0.0.20241030T212825-150000.1.9.1

    A vulnerability has been identified in the way that Rancher stores vSphere's CPI (Cloud Provider Interface) and CSI (Container Storage Interface) credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI and CSI passwords being st

Page 10 of 14