rpm package
suse/helm&distro=SUSE Linux Enterprise Micro 5.5
pkg:rpm/suse/helm&distro=SUSE%20Linux%20Enterprise%20Micro%205.5
Vulnerabilities (11)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-35206 | Med | 4.4 | < 3.20.2-150000.1.71.2 | 3.20.2-150000.1.71.2 | Apr 9, 2026 | Helm is a package manager for Charts for Kubernetes. In Helm versions <=3.20.1 and <=4.1.3, a specially crafted Chart will cause helm pull --untar [chart URL | repo/chartname] to write the Chart's contents to the immediate output directory (as defaulted to the current working di | |
| CVE-2025-58190 | — | < 3.19.1-150000.1.57.1 | 3.19.1-150000.1.57.1 | Feb 5, 2026 | The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content. | ||
| CVE-2025-47911 | — | < 3.19.1-150000.1.57.1 | 3.19.1-150000.1.57.1 | Feb 5, 2026 | The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content. | ||
| CVE-2025-55199 | — | < 3.20.2-150000.1.71.2 | 3.20.2-150000.1.71.2 | Aug 13, 2025 | Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory (OOM) termination. This issue has been resolved in Helm 3.18.5. A work | ||
| CVE-2025-53547 | — | < 3.19.1-150000.1.57.1 | 3.19.1-150000.1.57.1 | Jul 8, 2025 | Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lo | ||
| CVE-2025-22872 | Med | 6.5 | < 3.18.3-150000.1.50.1 | 3.18.3-150000.1.50.1 | Apr 16, 2025 | The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can resul | |
| CVE-2025-22870 | Med | 4.4 | < 3.17.2-150000.1.44.1 | 3.17.2-150000.1.44.1 | Mar 12, 2025 | Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied. | |
| CVE-2024-45338 | Med | 5.3 | < 3.17.1-150000.1.41.1 | 3.17.1-150000.1.41.1 | Dec 18, 2024 | An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service. | |
| CVE-2024-45337 | Cri | 9.1 | < 3.17.1-150000.1.41.1 | 3.17.1-150000.1.41.1 | Dec 12, 2024 | Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that | |
| CVE-2024-26147 | — | < 3.16.3-150000.1.38.1 | 3.16.3-150000.1.38.1 | Feb 21, 2024 | Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an `index.yaml` file or a plugins `plugin.yaml` file were missing all m | ||
| CVE-2024-25620 | — | < 3.16.3-150000.1.38.1 | 3.16.3-150000.1.38.1 | Feb 14, 2024 | Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whose name within the `Chart.yaml` file includes a relative path change, the chart would be saved outside its expected direct |
- affected < 3.20.2-150000.1.71.2fixed 3.20.2-150000.1.71.2
Helm is a package manager for Charts for Kubernetes. In Helm versions <=3.20.1 and <=4.1.3, a specially crafted Chart will cause helm pull --untar [chart URL | repo/chartname] to write the Chart's contents to the immediate output directory (as defaulted to the current working di
- CVE-2025-58190Feb 5, 2026affected < 3.19.1-150000.1.57.1fixed 3.19.1-150000.1.57.1
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
- CVE-2025-47911Feb 5, 2026affected < 3.19.1-150000.1.57.1fixed 3.19.1-150000.1.57.1
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
- CVE-2025-55199Aug 13, 2025affected < 3.20.2-150000.1.71.2fixed 3.20.2-150000.1.71.2
Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory (OOM) termination. This issue has been resolved in Helm 3.18.5. A work
- CVE-2025-53547Jul 8, 2025affected < 3.19.1-150000.1.57.1fixed 3.19.1-150000.1.57.1
Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lo
- affected < 3.18.3-150000.1.50.1fixed 3.18.3-150000.1.50.1
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can resul
- affected < 3.17.2-150000.1.44.1fixed 3.17.2-150000.1.44.1
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.
- affected < 3.17.1-150000.1.41.1fixed 3.17.1-150000.1.41.1
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.
- affected < 3.17.1-150000.1.41.1fixed 3.17.1-150000.1.41.1
Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that
- CVE-2024-26147Feb 21, 2024affected < 3.16.3-150000.1.38.1fixed 3.16.3-150000.1.38.1
Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an `index.yaml` file or a plugins `plugin.yaml` file were missing all m
- CVE-2024-25620Feb 14, 2024affected < 3.16.3-150000.1.38.1fixed 3.16.3-150000.1.38.1
Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whose name within the `Chart.yaml` file includes a relative path change, the chart would be saved outside its expected direct