rpm package
suse/helm&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
pkg:rpm/suse/helm&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-58190 | — | < 3.19.1-150000.1.57.1 | 3.19.1-150000.1.57.1 | Feb 5, 2026 | The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content. | ||
| CVE-2025-47911 | — | < 3.19.1-150000.1.57.1 | 3.19.1-150000.1.57.1 | Feb 5, 2026 | The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content. | ||
| CVE-2025-53547 | — | < 3.19.1-150000.1.57.1 | 3.19.1-150000.1.57.1 | Jul 8, 2025 | Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lo | ||
| CVE-2024-45338 | Med | 5.3 | < 3.17.1-150000.1.41.1 | 3.17.1-150000.1.41.1 | Dec 18, 2024 | An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service. | |
| CVE-2024-45337 | Cri | 9.1 | < 3.17.1-150000.1.41.1 | 3.17.1-150000.1.41.1 | Dec 12, 2024 | Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that | |
| CVE-2022-41723 | — | < 3.13.1-150000.1.26.1 | 3.13.1-150000.1.26.1 | Feb 28, 2023 | A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. | ||
| CVE-2023-25173 | — | < 3.13.1-150000.1.26.1 | 3.13.1-150000.1.26.1 | Feb 16, 2023 | containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group acces |
- CVE-2025-58190Feb 5, 2026affected < 3.19.1-150000.1.57.1fixed 3.19.1-150000.1.57.1
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
- CVE-2025-47911Feb 5, 2026affected < 3.19.1-150000.1.57.1fixed 3.19.1-150000.1.57.1
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
- CVE-2025-53547Jul 8, 2025affected < 3.19.1-150000.1.57.1fixed 3.19.1-150000.1.57.1
Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lo
- affected < 3.17.1-150000.1.41.1fixed 3.17.1-150000.1.41.1
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.
- affected < 3.17.1-150000.1.41.1fixed 3.17.1-150000.1.41.1
Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that
- CVE-2022-41723Feb 28, 2023affected < 3.13.1-150000.1.26.1fixed 3.13.1-150000.1.26.1
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
- CVE-2023-25173Feb 16, 2023affected < 3.13.1-150000.1.26.1fixed 3.13.1-150000.1.26.1
containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group acces