VYPR

rpm package

suse/govulncheck-vulndb&distro=SUSE Package Hub 12

pkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Package%20Hub%2012

Vulnerabilities (56)

  • CVE-2024-7558Oct 2, 2024
    affected < 0.0.20241104T154416-5.1fixed 0.0.20241104T154416-5.1

    JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unpr

  • CVE-2024-33662Oct 2, 2024
    affected < 0.0.20241104T154416-5.1fixed 0.0.20241104T154416-5.1

    Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function.

  • CVE-2024-9407MedOct 1, 2024
    affected < 0.0.20241104T154416-5.1fixed 0.0.20241104T154416-5.1

    A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensi

  • CVE-2024-9355MedOct 1, 2024
    affected < 0.0.20241104T154416-5.1fixed 0.0.20241104T154416-5.1

    A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when co

  • CVE-2024-9341Oct 1, 2024
    affected < 0.0.20241104T154416-5.1fixed 0.0.20241104T154416-5.1

    A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting se

  • CVE-2024-47534HigOct 1, 2024
    affected < 0.0.20241104T154416-5.1fixed 0.0.20241104T154416-5.1

    go-tuf is a Go implementation of The Update Framework (TUF). The go-tuf client inconsistently traces the delegations. For example, if targets delegate to "A", and to "B", and "B" delegates to "C", then the client should trace the delegations in the order "A" then "B" then "C" but

  • CVE-2024-47067Sep 30, 2024
    affected < 0.0.20241104T154416-5.1fixed 0.0.20241104T154416-5.1

    AList is a file list program that supports multiple storages. AList contains a reflected cross-site scripting vulnerability in helper.go. The endpoint /i/:link_name takes in a user-provided value and reflects it back in the response. The endpoint returns an application/xml respon

  • CVE-2024-47182Sep 27, 2024
    affected < 0.0.20241104T154416-5.1fixed 0.0.20241104T154416-5.1

    Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches to bcrypt, a more appropriate hash for passwords, in version 8.5.3.

  • CVE-2024-7594Sep 26, 2024
    affected < 0.0.20241104T154416-5.1fixed 0.0.20241104T154416-5.1

    Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engin

  • CVE-2024-47003Sep 26, 2024
    affected < 0.0.20241104T154416-5.1fixed 0.0.20241104T154416-5.1

    Mattermost versions 9.11.x <= 9.11.0 and 9.5.x <= 9.5.8 fail to validate that the message of the permalink post is a string, which allows an attacker to send a non-string value as the message of a permalink post and crash the frontend.

  • CVE-2024-0133Sep 26, 2024
    affected < 0.0.20241104T154416-5.1fixed 0.0.20241104T154416-5.1

    NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerab

  • CVE-2024-0132Sep 26, 2024
    affected < 0.0.20241104T154416-5.1fixed 0.0.20241104T154416-5.1

    NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A su

  • CVE-2024-8996Sep 25, 2024
    affected < 0.0.20241104T154416-5.1fixed 0.0.20241104T154416-5.1

    Unquoted Search Path or Element vulnerability in Grafana Agent (Flow mode) on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Agent Flow: before 0.43.2

  • CVE-2024-8975Sep 25, 2024
    affected < 0.0.20241104T154416-5.1fixed 0.0.20241104T154416-5.1

    Unquoted Search Path or Element vulnerability in Grafana Alloy on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Alloy: before 1.3.3, from 1.4.0-rc.0 through 1.4.0-rc.1.

  • CVE-2024-39223CriJul 3, 2024
    affected < 0.0.20241104T154416-5.1fixed 0.0.20241104T154416-5.1

    An authentication bypass in the SSH service of gost v2.11.5 allows attackers to intercept communications via setting the HostKeyCallback function to ssh.InsecureIgnoreHostKey

  • CVE-2023-22644Sep 20, 2023
    affected < 0.0.20241104T154416-5.1fixed 0.0.20241104T154416-5.1

    A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE.

Page 3 of 3