rpm package
suse/govulncheck-vulndb&distro=SUSE Linux Enterprise Module for Package Hub 15 SP6
pkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6
Vulnerabilities (274)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-24883 | Hig | — | < 0.0.20250207T224745-150000.1.32.1 | 0.0.20250207T224745-150000.1.32.1 | Jan 30, 2025 | go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.14.13. | |
| CVE-2025-24784 | Med | 4.3 | < 0.0.20250207T224745-150000.1.32.1 | 0.0.20250207T224745-150000.1.32.1 | Jan 30, 2025 | kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. The policy group feature, added to by the 1.17.0 release. By being namespaced, the AdmissionPolicyGroup has a well constrained impact on cluster resources. Henc | |
| CVE-2025-24376 | Med | 6.5 | < 0.0.20250207T224745-150000.1.32.1 | 0.0.20250207T224745-150000.1.32.1 | Jan 30, 2025 | kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. By design, AdmissionPolicy and AdmissionPolicyGroup can evaluate only namespaced resources. The resources to be evaluated are determined by the rules provided b | |
| CVE-2025-23216 | — | < 0.0.20250207T224745-150000.1.32.1 | 0.0.20250207T224745-150000.1.32.1 | Jan 30, 2025 | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was discovered in Argo CD that exposed secret values in error messages and the diff view when an invalid Kubernetes Secret resource was synced from a repository. The vulnerability assumes th | ||
| CVE-2025-24884 | Med | — | < 0.0.20250207T224745-150000.1.32.1 | 0.0.20250207T224745-150000.1.32.1 | Jan 29, 2025 | kube-audit-rest is a simple logger of mutation/creation requests to the k8s api. If the "full-elastic-stack" example vector configuration was used for a real cluster, the previous values of kubernetes secrets would have been disclosed in the audit messages. This vulnerability is | |
| CVE-2024-13484 | Hig | 8.2 | < 0.0.20250207T224745-150000.1.32.1 | 0.0.20250207T224745-150000.1.32.1 | Jan 28, 2025 | A flaw was found in openshift-gitops-operator-container. The openshift.io/cluster-monitoring label is applied to all namespaces that deploy an ArgoCD CR instance, allowing the namespace to create a rogue PrometheusRule. This issue can have adverse effects on the platform monitori | |
| CVE-2025-0750 | Med | 6.6 | < 0.0.20250207T224745-150000.1.32.1 | 0.0.20250207T224745-150000.1.32.1 | Jan 28, 2025 | A vulnerability was found in CRI-O. A path traversal issue in the log management functions (UnMountPodLogs and LinkContainerLogs) may allow an attacker with permissions to create and delete Pods to unmount arbitrary host paths, leading to node-level denial of service by unmountin | |
| CVE-2025-22865 | Hig | 7.5 | < 0.0.20250128T150132-150000.1.29.1 | 0.0.20250128T150132-150000.1.29.1 | Jan 28, 2025 | Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed. | |
| CVE-2024-45341 | Med | 6.1 | < 0.0.20250128T150132-150000.1.29.1 | 0.0.20250128T150132-150000.1.29.1 | Jan 28, 2025 | A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs. | |
| CVE-2024-45340 | Hig | 8.8 | < 0.0.20250128T150132-150000.1.29.1 | 0.0.20250128T150132-150000.1.29.1 | Jan 28, 2025 | Credentials provided via the new GOAUTH feature were not being properly segmented by domain, allowing a malicious server to request credentials they should not have access to. By default, unless otherwise set, this only affected credentials stored in the users .netrc file. | |
| CVE-2024-45339 | Hig | 7.1 | < 0.0.20250128T150132-150000.1.29.1 | 0.0.20250128T150132-150000.1.29.1 | Jan 28, 2025 | When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and | |
| CVE-2024-45336 | Med | 6.1 | < 0.0.20250128T150132-150000.1.29.1 | 0.0.20250128T150132-150000.1.29.1 | Jan 28, 2025 | The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain re | |
| CVE-2025-24369 | Low | — | < 0.0.20250207T224745-150000.1.32.1 | 0.0.20250207T224745-150000.1.32.1 | Jan 27, 2025 | Anubis is a tool that allows administrators to protect bots against AI scrapers through bot-checking heuristics and a proof-of-work challenge to discourage scraping from multiple IP addresses. Anubis allows attackers to bypass the bot protection by requesting a challenge, formula | |
| CVE-2025-24354 | Med | 5.3 | < 0.0.20250128T150132-150000.1.29.1 | 0.0.20250128T150132-150000.1.29.1 | Jan 27, 2025 | imgproxy is server for resizing, processing, and converting images. Imgproxy does not block the 0.0.0.0 address, even with IMGPROXY_ALLOW_LOOPBACK_SOURCE_ADDRESSES set to false. This can expose services on the local host. This vulnerability is fixed in 3.27.2. | |
| CVE-2025-24355 | Hig | 7.1 | < 0.0.20250128T150132-150000.1.29.1 | 0.0.20250128T150132-150000.1.29.1 | Jan 24, 2025 | Updatecli is a tool used to apply file update strategies. Prior to version 0.93.0, private maven repository credentials may be leaked in application logs in case of unsuccessful retrieval operation. During the execution of an updatecli pipeline which contains a `maven` source con | |
| CVE-2024-10846 | Med | 5.9 | < 0.0.20250207T224745-150000.1.32.1 | 0.0.20250207T224745-150000.1.32.1 | Jan 23, 2025 | The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 | |
| CVE-2025-24030 | — | < 0.0.20250128T150132-150000.1.29.1 | 0.0.20250128T150132-150000.1.29.1 | Jan 23, 2025 | Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user with access to the Kubernetes cluster can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by any version of En | ||
| CVE-2025-23047 | — | < 0.0.20250128T150132-150000.1.29.1 | 0.0.20250128T150132-150000.1.29.1 | Jan 22, 2025 | Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An insecure default `Access-Control-Allow-Origin` header value could lead to sensitive data exposure for users of Cilium versions 1.14.0 through 1.14.7, 1.15.0 through 1.15.11, and 1.16.0 t | ||
| CVE-2025-23028 | — | < 0.0.20250128T150132-150000.1.29.1 | 0.0.20250128T150132-150000.1.29.1 | Jan 22, 2025 | Cilium is a networking, observability, and security solution with an eBPF-based dataplane. A denial of service vulnerability affects versions 1.14.0 through 1.14.7, 1.15.0 through 1.15.11, and 1.16.0 through 1.16.4. In a Kubernetes cluster where Cilium is configured to proxy DNS | ||
| CVE-2024-11218 | Hig | 8.6 | < 0.0.20250128T150132-150000.1.29.1 | 0.0.20250128T150132-150000.1.29.1 | Jan 22, 2025 | A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and d |
- affected < 0.0.20250207T224745-150000.1.32.1fixed 0.0.20250207T224745-150000.1.32.1
go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.14.13.
- affected < 0.0.20250207T224745-150000.1.32.1fixed 0.0.20250207T224745-150000.1.32.1
kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. The policy group feature, added to by the 1.17.0 release. By being namespaced, the AdmissionPolicyGroup has a well constrained impact on cluster resources. Henc
- affected < 0.0.20250207T224745-150000.1.32.1fixed 0.0.20250207T224745-150000.1.32.1
kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. By design, AdmissionPolicy and AdmissionPolicyGroup can evaluate only namespaced resources. The resources to be evaluated are determined by the rules provided b
- CVE-2025-23216Jan 30, 2025affected < 0.0.20250207T224745-150000.1.32.1fixed 0.0.20250207T224745-150000.1.32.1
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was discovered in Argo CD that exposed secret values in error messages and the diff view when an invalid Kubernetes Secret resource was synced from a repository. The vulnerability assumes th
- affected < 0.0.20250207T224745-150000.1.32.1fixed 0.0.20250207T224745-150000.1.32.1
kube-audit-rest is a simple logger of mutation/creation requests to the k8s api. If the "full-elastic-stack" example vector configuration was used for a real cluster, the previous values of kubernetes secrets would have been disclosed in the audit messages. This vulnerability is
- affected < 0.0.20250207T224745-150000.1.32.1fixed 0.0.20250207T224745-150000.1.32.1
A flaw was found in openshift-gitops-operator-container. The openshift.io/cluster-monitoring label is applied to all namespaces that deploy an ArgoCD CR instance, allowing the namespace to create a rogue PrometheusRule. This issue can have adverse effects on the platform monitori
- affected < 0.0.20250207T224745-150000.1.32.1fixed 0.0.20250207T224745-150000.1.32.1
A vulnerability was found in CRI-O. A path traversal issue in the log management functions (UnMountPodLogs and LinkContainerLogs) may allow an attacker with permissions to create and delete Pods to unmount arbitrary host paths, leading to node-level denial of service by unmountin
- affected < 0.0.20250128T150132-150000.1.29.1fixed 0.0.20250128T150132-150000.1.29.1
Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed.
- affected < 0.0.20250128T150132-150000.1.29.1fixed 0.0.20250128T150132-150000.1.29.1
A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs.
- affected < 0.0.20250128T150132-150000.1.29.1fixed 0.0.20250128T150132-150000.1.29.1
Credentials provided via the new GOAUTH feature were not being properly segmented by domain, allowing a malicious server to request credentials they should not have access to. By default, unless otherwise set, this only affected credentials stored in the users .netrc file.
- affected < 0.0.20250128T150132-150000.1.29.1fixed 0.0.20250128T150132-150000.1.29.1
When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and
- affected < 0.0.20250128T150132-150000.1.29.1fixed 0.0.20250128T150132-150000.1.29.1
The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain re
- affected < 0.0.20250207T224745-150000.1.32.1fixed 0.0.20250207T224745-150000.1.32.1
Anubis is a tool that allows administrators to protect bots against AI scrapers through bot-checking heuristics and a proof-of-work challenge to discourage scraping from multiple IP addresses. Anubis allows attackers to bypass the bot protection by requesting a challenge, formula
- affected < 0.0.20250128T150132-150000.1.29.1fixed 0.0.20250128T150132-150000.1.29.1
imgproxy is server for resizing, processing, and converting images. Imgproxy does not block the 0.0.0.0 address, even with IMGPROXY_ALLOW_LOOPBACK_SOURCE_ADDRESSES set to false. This can expose services on the local host. This vulnerability is fixed in 3.27.2.
- affected < 0.0.20250128T150132-150000.1.29.1fixed 0.0.20250128T150132-150000.1.29.1
Updatecli is a tool used to apply file update strategies. Prior to version 0.93.0, private maven repository credentials may be leaked in application logs in case of unsuccessful retrieval operation. During the execution of an updatecli pipeline which contains a `maven` source con
- affected < 0.0.20250207T224745-150000.1.32.1fixed 0.0.20250207T224745-150000.1.32.1
The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7
- CVE-2025-24030Jan 23, 2025affected < 0.0.20250128T150132-150000.1.29.1fixed 0.0.20250128T150132-150000.1.29.1
Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user with access to the Kubernetes cluster can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by any version of En
- CVE-2025-23047Jan 22, 2025affected < 0.0.20250128T150132-150000.1.29.1fixed 0.0.20250128T150132-150000.1.29.1
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An insecure default `Access-Control-Allow-Origin` header value could lead to sensitive data exposure for users of Cilium versions 1.14.0 through 1.14.7, 1.15.0 through 1.15.11, and 1.16.0 t
- CVE-2025-23028Jan 22, 2025affected < 0.0.20250128T150132-150000.1.29.1fixed 0.0.20250128T150132-150000.1.29.1
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. A denial of service vulnerability affects versions 1.14.0 through 1.14.7, 1.15.0 through 1.15.11, and 1.16.0 through 1.16.4. In a Kubernetes cluster where Cilium is configured to proxy DNS
- affected < 0.0.20250128T150132-150000.1.29.1fixed 0.0.20250128T150132-150000.1.29.1
A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and d
Page 8 of 14