VYPR

rpm package

suse/govulncheck-vulndb&distro=SUSE Linux Enterprise Module for Package Hub 15 SP6

pkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6

Vulnerabilities (274)

  • CVE-2025-9566HigSep 5, 2025
    affected < 0.0.20250918T182144-150000.1.107.1fixed 0.0.20250918T182144-150000.1.107.1

    There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only

  • CVE-2025-7445MedSep 5, 2025
    affected < 0.0.20250918T182144-150000.1.107.1fixed 0.0.20250918T182144-150000.1.107.1

    Kubernetes secrets-store-sync-controller in versions before 0.0.2 discloses service account tokens in logs.

  • CVE-2025-55190Sep 4, 2025
    affected < 0.0.20250918T182144-150000.1.107.1fixed 0.0.20250918T182144-150000.1.107.1

    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1, API tokens with project-level permissions are able to retrieve sensitive repository credentials (

  • CVE-2025-58355HigSep 4, 2025
    affected < 0.0.20250918T182144-150000.1.107.1fixed 0.0.20250918T182144-150000.1.107.1

    Soft Serve is a self-hostable Git server for the command line. In versions 0.9.1 and below, attackers can create or override arbitrary files with uncontrolled data through its SSH API. This issue is fixed in version 0.10.0.

  • CVE-2025-56761Sep 3, 2025
    affected < 0.0.20250918T182144-150000.1.107.1fixed 0.0.20250918T182144-150000.1.107.1

    Memos 0.22 is vulnerable to Stored Cross site scripting (XSS) vulnerabilities by the upload attachment and user avatar features. Memos does not verify the content type of the uploaded data and serve it back as is. An authenticated attacker can use this to elevate their privileges

  • CVE-2025-56760Sep 3, 2025
    affected < 0.0.20250918T182144-150000.1.107.1fixed 0.0.20250918T182144-150000.1.107.1

    When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write on the server.

  • CVE-2024-58259HigSep 2, 2025
    affected < 0.0.20250918T182144-150000.1.107.1fixed 0.0.20250918T182144-150000.1.107.1

    A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public (unauthenticated) and authenticated API endpoints. This allows a malicious user to exploit this by sending excessively large payloads, which are f

  • CVE-2024-52284HigSep 2, 2025
    affected < 0.0.20250918T182144-150000.1.107.1fixed 0.0.20250918T182144-150000.1.107.1

    Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `BundleDeployment` resources could retrieve Helm values containing credentials or other secrets.

  • CVE-2025-58157Aug 29, 2025
    affected < 0.0.20250918T182144-150000.1.107.1fixed 0.0.20250918T182144-150000.1.107.1

    gnark is a zero-knowledge proof system framework. In version 0.12.0, there is a potential denial of service vulnerability when computing scalar multiplication is using the fake-GLV algorithm. This is because the algorithm didn't converge quickly enough for some of the inputs. Thi

  • CVE-2025-58158HigAug 29, 2025
    affected < 0.0.20250918T182144-150000.1.107.1fixed 0.0.20250918T182144-150000.1.107.1

    Harness Open Source is an end-to-end developer platform with Source Control Management, CI/CD Pipelines, Hosted Developer Environments, and Artifact Registries. Prior to version 3.3.0, Open Source Harness git LFS server (Gitness) exposes api to retrieve and upload files via git L

  • CVE-2025-58058MedAug 28, 2025
    affected < 0.0.20250918T182144-150000.1.107.1fixed 0.0.20250918T182144-150000.1.107.1

    xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the

  • CVE-2025-6203Aug 28, 2025
    affected < 0.0.20250918T182144-150000.1.107.1fixed 0.0.20250918T182144-150000.1.107.1

    A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server

  • CVE-2025-5187MedAug 27, 2025
    affected < 0.0.20250918T182144-150000.1.107.1fixed 0.0.20250918T182144-150000.1.107.1

    A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is su

  • CVE-2025-51667Aug 27, 2025
    affected < 0.0.20250918T182144-150000.1.107.1fixed 0.0.20250918T182144-150000.1.107.1

    An issue was discovered in simple-admin-core v1.2.0 thru v1.6.7. The /sys-api/role/update interface in the simple-admin-core system has a limited SQL injection vulnerability, which may lead to partial data leakage or disruption of normal system operations.

  • CVE-2025-55003Aug 9, 2025
    affected < 0.0.20250814T182633-150000.1.98.1fixed 0.0.20250814T182633-150000.1.98.1

    OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao's Login Multi-Factor Authentication (MFA) system allows enforcing MFA using Time-based One Time Password (

  • CVE-2025-55001Aug 9, 2025
    affected < 0.0.20250814T182633-150000.1.98.1fixed 0.0.20250814T182633-150000.1.98.1

    OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao allowed the assignment of policies and MFA attribution based upon entity aliases, chosen by the underlying

  • CVE-2025-55000Aug 9, 2025
    affected < 0.0.20250814T182633-150000.1.98.1fixed 0.0.20250814T182633-150000.1.98.1

    OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, OpenBao's TOTP secrets engine could accept valid codes multiple times rather than strictly-once. This was caus

  • CVE-2025-54999Aug 9, 2025
    affected < 0.0.20250814T182633-150000.1.98.1fixed 0.0.20250814T182633-150000.1.98.1

    OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, when using OpenBao's userpass auth method, user enumeration was possible due to timing difference between non-

  • CVE-2025-54998Aug 9, 2025
    affected < 0.0.20250814T182633-150000.1.98.1fixed 0.0.20250814T182633-150000.1.98.1

    OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, attackers could bypass the automatic user lockout mechanisms in the OpenBao Userpass or LDAP auth systems. Thi

  • CVE-2025-54997Aug 9, 2025
    affected < 0.0.20250814T182633-150000.1.98.1fixed 0.0.20250814T182633-150000.1.98.1

    OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, some OpenBao deployments intentionally limit privileged API operators from executing system code or making network

Page 5 of 14