VYPR

rpm package

suse/govulncheck-vulndb&distro=SUSE Linux Enterprise Module for Package Hub 15 SP6

pkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6

Vulnerabilities (274)

  • CVE-2025-54388Jul 30, 2025
    affected < 0.0.20250814T182633-150000.1.98.1fixed 0.0.20250814T182633-150000.1.98.1

    Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. In versions 28.2.0 through 28.3.2, when the firewalld service is reloaded it removes all iptables

  • CVE-2025-50738Jul 29, 2025
    affected < 0.0.20250814T182633-150000.1.98.1fixed 0.0.20250814T182633-150000.1.98.1

    The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a user views a memo containing such an image, their browser automatically fetches the image URL without explicit user consent or interaction beyond viewing the memo

  • CVE-2025-53942Jul 23, 2025
    affected < 0.0.20250814T182633-150000.1.98.1fixed 0.0.20250814T182633-150000.1.98.1

    authentik is an open-source Identity Provider that emphasizes flexibility and versatility, with support for a wide set of protocols. In versions 2025.4.4 and earlier, as well as versions 2025.6.0-rc1 through 2025.6.3, deactivated users who registered through OAuth/SAML or linked

  • CVE-2025-23267HigJul 17, 2025
    affected < 0.0.20251023T162509-150000.1.110.1fixed 0.0.20251023T162509-150000.1.110.1

    NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook, where an attacker could cause a link following by using a specially crafted container image. A successful exploit of this vulnerability might lead to data tampering and denial of servi

  • CVE-2025-23266CriJul 17, 2025
    affected < 0.0.20251023T162509-150000.1.110.1fixed 0.0.20251023T162509-150000.1.110.1

    NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data ta

  • CVE-2024-44906Jun 12, 2025
    affected < 0.0.20250814T182633-150000.1.98.1fixed 0.0.20250814T182633-150000.1.98.1

    uptrace pgdriver v1.2.1 was discovered to contain a SQL injection vulnerability via the appendArg function in /pgdriver/format.go. The maintainer has stated that the issue is fixed in v1.2.15.

  • CVE-2024-52281HigApr 16, 2025
    affected < 0.0.20250128T150132-150000.1.29.1fixed 0.0.20250128T150132-150000.1.29.1

    A: Improper Neutralization of Input During Web Page Generation vulnerability in SUSE rancher allows a malicious actor to perform a Stored XSS attack through the cluster description field. This issue affects rancher: from 2.9.0 before 2.9.4.

  • CVE-2024-22036CriApr 16, 2025
    affected < 0.0.20241030T212825-150000.1.9.1fixed 0.0.20241030T212825-150000.1.9.1

    A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the chroot jail and gain root access to the Rancher container itself. In production environments, further privilege escalation is possible based on living off the land withi

  • CVE-2023-32197MedApr 16, 2025
    affected < 0.0.20241030T212825-150000.1.9.1fixed 0.0.20241030T212825-150000.1.9.1

    A Improper Privilege Management vulnerability in SUSE rancher in RoleTemplateobjects when external=true is set can lead to privilege escalation in specific scenarios.This issue affects rancher: from 2.7.0 before 2.7.14, from 2.8.0 before 2.8.5.

  • CVE-2025-22868Feb 26, 2025
    affected < 0.0.20250226T025151-150000.1.35.1fixed 0.0.20250226T025151-150000.1.35.1

    An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.

  • CVE-2025-22869Feb 26, 2025
    affected < 0.0.20250226T025151-150000.1.35.1fixed 0.0.20250226T025151-150000.1.35.1

    SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

  • CVE-2025-24366HigFeb 7, 2025
    affected < 0.0.20250207T224745-150000.1.32.1fixed 0.0.20250207T224745-150000.1.32.1

    SFTPGo is an open source, event-driven file transfer solution. SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being `rsync`. It is disabled in the default configuration and it

  • CVE-2025-24786Feb 6, 2025
    affected < 0.0.20250207T224745-150000.1.32.1fixed 0.0.20250207T224745-150000.1.32.1

    WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory `/db`, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine

  • CVE-2025-24787Feb 6, 2025
    affected < 0.0.20250207T224745-150000.1.32.1fixed 0.0.20250207T224745-150000.1.32.1

    WhoDB is an open source database management tool. In affected versions the application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files on the machine the application is running on. The application uses string conca

  • CVE-2025-22867HigFeb 6, 2025
    affected < 0.0.20250207T224745-150000.1.32.1fixed 0.0.20250207T224745-150000.1.32.1

    On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the @executable_path, @loader_path, or @rpath special values in a "#cgo LDFLAGS" directive. This issue only affected go1.24rc2.

  • CVE-2025-22866MedFeb 6, 2025
    affected < 0.0.20250207T224745-150000.1.32.1fixed 0.0.20250207T224745-150000.1.32.1

    Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recover

  • CVE-2025-24371HigFeb 3, 2025
    affected < 0.0.20250207T224745-150000.1.32.1fixed 0.0.20250207T224745-150000.1.32.1

    CometBFT is a distributed, Byzantine fault-tolerant, deterministic state machine replication engine. In the `blocksync` protocol peers send their `base` and `latest` heights when they connect to a new node (`A`), which is syncing to the tip of a network. `base` acts as a lower gr

  • CVE-2024-35177Feb 3, 2025
    affected < 0.0.20250207T224745-150000.1.32.1fixed 0.0.20250207T224745-150000.1.32.1

    Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. The wazuh-agent for Windows is vulnerable to a Local Privilege Escalat

  • CVE-2024-47770Feb 3, 2025
    affected < 0.0.20250207T224745-150000.1.32.1fixed 0.0.20250207T224745-150000.1.32.1

    Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. This vulnerability occurs when the system has weak privilege access, t

  • CVE-2024-11741MedJan 31, 2025
    affected < 0.0.20250207T224745-150000.1.32.1fixed 0.0.20250207T224745-150000.1.32.1

    Grafana is an open-source platform for monitoring and observability. The Grafana Alerting VictorOps integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 11.5.0, 11.4.1, 11.3.3,  11.2.6, 11.1.11, 11.0.11 and 10.4.15

Page 7 of 14