Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-33814 (GCVE-0-2026-33814)
Vulnerability from cvelistv5 – Published: 2026-05-07 19:41 – Updated: 2026-07-02 12:05
VLAI
EPSS
Title
Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
Summary
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
15 references
| URL | Tags |
|---|---|
| https://go.dev/cl/761581 | |
| https://go.dev/cl/761640 | |
| https://go.dev/issue/78476 | |
| https://groups.google.com/g/golang-announce/c/qcC… | |
| https://pkg.go.dev/vuln/GO-2026-4918 | |
| https://access.redhat.com/security/cve/CVE-2026-33814 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2467815 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| https://access.redhat.com/errata/RHSA-2026:34342 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:23262 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:23264 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:33120 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:33123 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:33142 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:33150 | vendor-advisoryx_refsource_REDHAT |
Impacted products
15 products
| Vendor | Product | Version | |
|---|---|---|---|
| golang.org/x/net | golang.org/x/net/http2 |
Affected:
0 , < 0.53.0
(semver)
|
|
| Go standard library | net/http |
Affected:
0 , < 1.25.10
(semver)
Affected: 1.26.0-0 , < 1.26.3 (semver) |
|
| Red Hat | Cluster Observability Operator 1.5.0 |
cpe:/a:redhat:cluster_observability_operator:1.5::el9 |
|
| Red Hat | Red Hat Hardened Images |
cpe:/a:redhat:hummingbird:1 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3.0 |
cpe:/a:redhat:service_mesh:3.0::el9 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3.1 |
cpe:/a:redhat:service_mesh:3.1::el9 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3.2 |
cpe:/a:redhat:service_mesh:3.2::el9 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3.3 |
cpe:/a:redhat:service_mesh:3.3::el9 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat Enterprise Linux AI (RHEL AI) 3 |
cpe:/a:redhat:enterprise_linux_ai:3 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
| Red Hat | Red Hat OpenShift Virtualization 4 |
cpe:/a:redhat:container_native_virtualization:4 |
|
| Red Hat | OpenShift Service Mesh 2 |
cpe:/a:redhat:service_mesh:2 |
Credits
Marwan Atia (marwansamir688@gmail.com)
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-33814",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-08T18:00:53.951676Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-08T18:01:02.989Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:cluster_observability_operator:1.5::el9"
],
"defaultStatus": "affected",
"product": "Cluster Observability Operator 1.5.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "affected",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.0::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.1::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux_ai:3"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:2"
],
"defaultStatus": "unaffected",
"product": "OpenShift Service Mesh 2",
"vendor": "Red Hat"
}
],
"datePublic": "2026-05-07T19:41:17.631Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the HTTP/2 protocol implementation within the Go standard library (golang.org/x/net and net/http/internal/http2). A remote attacker can exploit this vulnerability by sending a specially crafted HTTP/2 SETTINGS frame with the SETTINGS_MAX_FRAME_SIZE parameter set to zero. This malicious frame causes the transport layer to enter an infinite loop of writing CONTINUATION frames, leading to resource exhaustion and a Denial of Service (DoS) condition."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-606",
"description": "Unchecked Input for Loop Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T12:05:19.070Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-33814"
},
{
"name": "RHBZ#2467815",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467815"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33814.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34342"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23262"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23264"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33120"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33123"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33142"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33150"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:34342: Cluster Observability Operator 1.5.0"
},
{
"lang": "en",
"value": "RHSA-2026:23262: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:23264: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:33120: Red Hat OpenShift Service Mesh 3.0"
},
{
"lang": "en",
"value": "RHSA-2026:33123: Red Hat OpenShift Service Mesh 3.1"
},
{
"lang": "en",
"value": "RHSA-2026:33142: Red Hat OpenShift Service Mesh 3.2"
},
{
"lang": "en",
"value": "RHSA-2026:33150: Red Hat OpenShift Service Mesh 3.3"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-07T20:01:11.324Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-05-07T19:41:17.631Z",
"value": "Made public."
}
],
"title": "net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "golang.org/x/net/http2",
"product": "golang.org/x/net/http2",
"programRoutines": [
{
"name": "clientConnReadLoop.processSettingsNoWrite"
},
{
"name": "Transport.NewClientConn"
},
{
"name": "Transport.RoundTrip"
},
{
"name": "Transport.RoundTripOpt"
},
{
"name": "clientConnPool.GetClientConn"
},
{
"name": "noDialClientConnPool.GetClientConn"
},
{
"name": "noDialH2RoundTripper.NewClientConn"
},
{
"name": "noDialH2RoundTripper.RoundTrip"
},
{
"name": "unencryptedTransport.RoundTrip"
}
],
"vendor": "golang.org/x/net",
"versions": [
{
"lessThan": "0.53.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "net/http",
"product": "net/http",
"programRoutines": [
{
"name": "http2clientConnReadLoop.processSettingsNoWrite"
},
{
"name": "Client.CloseIdleConnections"
},
{
"name": "Client.Do"
},
{
"name": "Client.Get"
},
{
"name": "Client.Head"
},
{
"name": "Client.Post"
},
{
"name": "Client.PostForm"
},
{
"name": "ClientConn.Close"
},
{
"name": "ClientConn.RoundTrip"
},
{
"name": "Get"
},
{
"name": "Head"
},
{
"name": "Post"
},
{
"name": "PostForm"
},
{
"name": "Transport.CloseIdleConnections"
},
{
"name": "Transport.NewClientConn"
},
{
"name": "Transport.RoundTrip"
},
{
"name": "http1ClientConn.Close"
},
{
"name": "http1ClientConn.RoundTrip"
},
{
"name": "http2Transport.NewClientConn"
},
{
"name": "http2Transport.RoundTrip"
},
{
"name": "http2Transport.RoundTripOpt"
},
{
"name": "http2clientConnPool.GetClientConn"
},
{
"name": "http2noDialClientConnPool.GetClientConn"
},
{
"name": "http2noDialH2RoundTripper.NewClientConn"
},
{
"name": "http2noDialH2RoundTripper.RoundTrip"
},
{
"name": "http2unencryptedTransport.RoundTrip"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.25.10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.26.3",
"status": "affected",
"version": "1.26.0-0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Marwan Atia (marwansamir688@gmail.com)"
}
],
"descriptions": [
{
"lang": "en",
"value": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T19:41:17.631Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/cl/761581"
},
{
"url": "https://go.dev/cl/761640"
},
{
"url": "https://go.dev/issue/78476"
},
{
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"url": "https://pkg.go.dev/vuln/GO-2026-4918"
}
],
"title": "Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2026-33814",
"datePublished": "2026-05-07T19:41:17.631Z",
"dateReserved": "2026-03-23T20:35:32.814Z",
"dateUpdated": "2026-07-02T12:05:19.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-33814",
"date": "2026-07-02",
"epss": "0.00781",
"percentile": "0.51466"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-33814\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2026-05-07T20:16:42.880\",\"lastModified\":\"2026-07-02T12:17:06.340\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.\"}],\"affected\":[{\"source\":\"security@golang.org\",\"affectedData\":[{\"vendor\":\"golang.org/x/net\",\"product\":\"golang.org/x/net/http2\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://pkg.go.dev\",\"packageName\":\"golang.org/x/net/http2\",\"programRoutines\":[{\"name\":\"clientConnReadLoop.processSettingsNoWrite\"},{\"name\":\"Transport.NewClientConn\"},{\"name\":\"Transport.RoundTrip\"},{\"name\":\"Transport.RoundTripOpt\"},{\"name\":\"clientConnPool.GetClientConn\"},{\"name\":\"noDialClientConnPool.GetClientConn\"},{\"name\":\"noDialH2RoundTripper.NewClientConn\"},{\"name\":\"noDialH2RoundTripper.RoundTrip\"},{\"name\":\"unencryptedTransport.RoundTrip\"}],\"versions\":[{\"version\":\"0\",\"lessThan\":\"0.53.0\",\"versionType\":\"semver\",\"status\":\"affected\"}]},{\"vendor\":\"Go standard library\",\"product\":\"net/http\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://pkg.go.dev\",\"packageName\":\"net/http\",\"programRoutines\":[{\"name\":\"http2clientConnReadLoop.processSettingsNoWrite\"},{\"name\":\"Client.CloseIdleConnections\"},{\"name\":\"Client.Do\"},{\"name\":\"Client.Get\"},{\"name\":\"Client.Head\"},{\"name\":\"Client.Post\"},{\"name\":\"Client.PostForm\"},{\"name\":\"ClientConn.Close\"},{\"name\":\"ClientConn.RoundTrip\"},{\"name\":\"Get\"},{\"name\":\"Head\"},{\"name\":\"Post\"},{\"name\":\"PostForm\"},{\"name\":\"Transport.CloseIdleConnections\"},{\"name\":\"Transport.NewClientConn\"},{\"name\":\"Transport.RoundTrip\"},{\"name\":\"http1ClientConn.Close\"},{\"name\":\"http1ClientConn.RoundTrip\"},{\"name\":\"http2Transport.NewClientConn\"},{\"name\":\"http2Transport.RoundTrip\"},{\"name\":\"http2Transport.RoundTripOpt\"},{\"name\":\"http2clientConnPool.GetClientConn\"},{\"name\":\"http2noDialClientConnPool.GetClientConn\"},{\"name\":\"http2noDialH2RoundTripper.NewClientConn\"},{\"name\":\"http2noDialH2RoundTripper.RoundTrip\"},{\"name\":\"http2unencryptedTransport.RoundTrip\"}],\"versions\":[{\"version\":\"0\",\"lessThan\":\"1.25.10\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"1.26.0-0\",\"lessThan\":\"1.26.3\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Cluster Observability Operator 1.5.0\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:cluster_observability_operator:1.5::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Hardened Images\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:hummingbird:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.0\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.0::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.1::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.2::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.3::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AI (RHEL AI) 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux_ai:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Virtualization 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:container_native_virtualization:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Service Mesh 2\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:2\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-05-08T18:00:53.951676Z\",\"id\":\"CVE-2026-33814\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-835\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-606\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.25.10\",\"matchCriteriaId\":\"1C966EF3-C51C-4239-B5FC-C44A5202FEC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.26.0\",\"versionEndExcluding\":\"1.26.3\",\"matchCriteriaId\":\"522E4CD0-2B99-4363-9C78-0BAFD988A2D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:http2:*:*:*:*:*:go:*:*\",\"versionEndExcluding\":\"0.53.0\",\"matchCriteriaId\":\"365ED1C8-AAF7-4BA7-949C-6F69AF4CD27E\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/761581\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://go.dev/cl/761640\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://go.dev/issue/78476\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/qcCIEXso47M\",\"source\":\"security@golang.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2026-4918\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23262\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23264\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33120\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33123\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33142\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33150\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34342\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-33814\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2467815\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33814.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"cpes\": [\"cpe:/a:redhat:cluster_observability_operator:1.5::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Cluster Observability Operator 1.5.0\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:hummingbird:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Hardened Images\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.0::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.0\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.1::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.2::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.3::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux_ai:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AI (RHEL AI) 3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:container_native_virtualization:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Virtualization 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:2\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Service Mesh 2\", \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-05-07T20:01:11.324Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-05-07T19:41:17.631Z\", \"value\": \"Made public.\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"RHSA-2026:34342: Cluster Observability Operator 1.5.0\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:23262: Red Hat Hardened Images\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:23264: Red Hat Hardened Images\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33120: Red Hat OpenShift Service Mesh 3.0\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33123: Red Hat OpenShift Service Mesh 3.1\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33142: Red Hat OpenShift Service Mesh 3.2\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33150: Red Hat OpenShift Service Mesh 3.3\"}], \"x_adpType\": \"supplier\", \"datePublic\": \"2026-05-07T19:41:17.631Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2026-33814\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2467815\", \"name\": \"RHBZ#2467815\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33814.json\", \"tags\": [\"x_sadp-csaf-vex\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:34342\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:23262\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:23264\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33120\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33123\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33142\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33150\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.\"}], \"x_generator\": {\"engine\": \"sadp-cli 1.0.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in the HTTP/2 protocol implementation within the Go standard library (golang.org/x/net and net/http/internal/http2). A remote attacker can exploit this vulnerability by sending a specially crafted HTTP/2 SETTINGS frame with the SETTINGS_MAX_FRAME_SIZE parameter set to zero. This malicious frame causes the transport layer to enter an infinite loop of writing CONTINUATION frames, leading to resource exhaustion and a Denial of Service (DoS) condition.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-606\", \"description\": \"Unchecked Input for Loop Condition\"}]}], \"providerMetadata\": {\"orgId\": \"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\", \"shortName\": \"redhat-SADP\", \"dateUpdated\": \"2026-07-02T12:05:19.070Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-33814\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-08T18:00:53.951676Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-08T18:00:42.436Z\"}}], \"cna\": {\"title\": \"Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net\", \"credits\": [{\"lang\": \"en\", \"value\": \"Marwan Atia (marwansamir688@gmail.com)\"}], \"affected\": [{\"vendor\": \"golang.org/x/net\", \"product\": \"golang.org/x/net/http2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"0.53.0\", \"versionType\": \"semver\"}], \"packageName\": \"golang.org/x/net/http2\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"clientConnReadLoop.processSettingsNoWrite\"}, {\"name\": \"Transport.NewClientConn\"}, {\"name\": \"Transport.RoundTrip\"}, {\"name\": \"Transport.RoundTripOpt\"}, {\"name\": \"clientConnPool.GetClientConn\"}, {\"name\": \"noDialClientConnPool.GetClientConn\"}, {\"name\": \"noDialH2RoundTripper.NewClientConn\"}, {\"name\": \"noDialH2RoundTripper.RoundTrip\"}, {\"name\": \"unencryptedTransport.RoundTrip\"}]}, {\"vendor\": \"Go standard library\", \"product\": \"net/http\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.25.10\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.26.0-0\", \"lessThan\": \"1.26.3\", \"versionType\": \"semver\"}], \"packageName\": \"net/http\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"http2clientConnReadLoop.processSettingsNoWrite\"}, {\"name\": \"Client.CloseIdleConnections\"}, {\"name\": \"Client.Do\"}, {\"name\": \"Client.Get\"}, {\"name\": \"Client.Head\"}, {\"name\": \"Client.Post\"}, {\"name\": \"Client.PostForm\"}, {\"name\": \"ClientConn.Close\"}, {\"name\": \"ClientConn.RoundTrip\"}, {\"name\": \"Get\"}, {\"name\": \"Head\"}, {\"name\": \"Post\"}, {\"name\": \"PostForm\"}, {\"name\": \"Transport.CloseIdleConnections\"}, {\"name\": \"Transport.NewClientConn\"}, {\"name\": \"Transport.RoundTrip\"}, {\"name\": \"http1ClientConn.Close\"}, {\"name\": \"http1ClientConn.RoundTrip\"}, {\"name\": \"http2Transport.NewClientConn\"}, {\"name\": \"http2Transport.RoundTrip\"}, {\"name\": \"http2Transport.RoundTripOpt\"}, {\"name\": \"http2clientConnPool.GetClientConn\"}, {\"name\": \"http2noDialClientConnPool.GetClientConn\"}, {\"name\": \"http2noDialH2RoundTripper.NewClientConn\"}, {\"name\": \"http2noDialH2RoundTripper.RoundTrip\"}, {\"name\": \"http2unencryptedTransport.RoundTrip\"}]}], \"references\": [{\"url\": \"https://go.dev/cl/761581\"}, {\"url\": \"https://go.dev/cl/761640\"}, {\"url\": \"https://go.dev/issue/78476\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/qcCIEXso47M\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2026-4918\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2026-05-07T19:41:17.631Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-33814\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-02T12:05:19.070Z\", \"dateReserved\": \"2026-03-23T20:35:32.814Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2026-05-07T19:41:17.631Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
OPENSUSE-SU-2026:10848-1
Vulnerability from csaf_opensuse - Published: 2026-05-24 00:00 - Updated: 2026-05-24 00:00Summary
amazon-ecs-init-1.103.0-2.1 on GA media
Severity
Moderate
Notes
Title of the patch: amazon-ecs-init-1.103.0-2.1 on GA media
Description of the patch: These are all security issues fixed in the amazon-ecs-init-1.103.0-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10848
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:amazon-ecs-init-1.103.0-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:amazon-ecs-init-1.103.0-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:amazon-ecs-init-1.103.0-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:amazon-ecs-init-1.103.0-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "amazon-ecs-init-1.103.0-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the amazon-ecs-init-1.103.0-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10848",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10848-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
}
],
"title": "amazon-ecs-init-1.103.0-2.1 on GA media",
"tracking": {
"current_release_date": "2026-05-24T00:00:00Z",
"generator": {
"date": "2026-05-24T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10848-1",
"initial_release_date": "2026-05-24T00:00:00Z",
"revision_history": [
{
"date": "2026-05-24T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "amazon-ecs-init-1.103.0-2.1.aarch64",
"product": {
"name": "amazon-ecs-init-1.103.0-2.1.aarch64",
"product_id": "amazon-ecs-init-1.103.0-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "amazon-ecs-init-1.103.0-2.1.ppc64le",
"product": {
"name": "amazon-ecs-init-1.103.0-2.1.ppc64le",
"product_id": "amazon-ecs-init-1.103.0-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "amazon-ecs-init-1.103.0-2.1.s390x",
"product": {
"name": "amazon-ecs-init-1.103.0-2.1.s390x",
"product_id": "amazon-ecs-init-1.103.0-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "amazon-ecs-init-1.103.0-2.1.x86_64",
"product": {
"name": "amazon-ecs-init-1.103.0-2.1.x86_64",
"product_id": "amazon-ecs-init-1.103.0-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "amazon-ecs-init-1.103.0-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:amazon-ecs-init-1.103.0-2.1.aarch64"
},
"product_reference": "amazon-ecs-init-1.103.0-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amazon-ecs-init-1.103.0-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:amazon-ecs-init-1.103.0-2.1.ppc64le"
},
"product_reference": "amazon-ecs-init-1.103.0-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amazon-ecs-init-1.103.0-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:amazon-ecs-init-1.103.0-2.1.s390x"
},
"product_reference": "amazon-ecs-init-1.103.0-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amazon-ecs-init-1.103.0-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:amazon-ecs-init-1.103.0-2.1.x86_64"
},
"product_reference": "amazon-ecs-init-1.103.0-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:amazon-ecs-init-1.103.0-2.1.aarch64",
"openSUSE Tumbleweed:amazon-ecs-init-1.103.0-2.1.ppc64le",
"openSUSE Tumbleweed:amazon-ecs-init-1.103.0-2.1.s390x",
"openSUSE Tumbleweed:amazon-ecs-init-1.103.0-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:amazon-ecs-init-1.103.0-2.1.aarch64",
"openSUSE Tumbleweed:amazon-ecs-init-1.103.0-2.1.ppc64le",
"openSUSE Tumbleweed:amazon-ecs-init-1.103.0-2.1.s390x",
"openSUSE Tumbleweed:amazon-ecs-init-1.103.0-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:amazon-ecs-init-1.103.0-2.1.aarch64",
"openSUSE Tumbleweed:amazon-ecs-init-1.103.0-2.1.ppc64le",
"openSUSE Tumbleweed:amazon-ecs-init-1.103.0-2.1.s390x",
"openSUSE Tumbleweed:amazon-ecs-init-1.103.0-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
}
]
}
OPENSUSE-SU-2026:10849-1
Vulnerability from csaf_opensuse - Published: 2026-05-24 00:00 - Updated: 2026-05-24 00:00Summary
azure-storage-azcopy-10.32.2-3.1 on GA media
Severity
Moderate
Notes
Title of the patch: azure-storage-azcopy-10.32.2-3.1 on GA media
Description of the patch: These are all security issues fixed in the azure-storage-azcopy-10.32.2-3.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10849
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:azure-storage-azcopy-10.32.2-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:azure-storage-azcopy-10.32.2-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:azure-storage-azcopy-10.32.2-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:azure-storage-azcopy-10.32.2-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "azure-storage-azcopy-10.32.2-3.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the azure-storage-azcopy-10.32.2-3.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10849",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10849-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
}
],
"title": "azure-storage-azcopy-10.32.2-3.1 on GA media",
"tracking": {
"current_release_date": "2026-05-24T00:00:00Z",
"generator": {
"date": "2026-05-24T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10849-1",
"initial_release_date": "2026-05-24T00:00:00Z",
"revision_history": [
{
"date": "2026-05-24T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "azure-storage-azcopy-10.32.2-3.1.aarch64",
"product": {
"name": "azure-storage-azcopy-10.32.2-3.1.aarch64",
"product_id": "azure-storage-azcopy-10.32.2-3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "azure-storage-azcopy-10.32.2-3.1.ppc64le",
"product": {
"name": "azure-storage-azcopy-10.32.2-3.1.ppc64le",
"product_id": "azure-storage-azcopy-10.32.2-3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "azure-storage-azcopy-10.32.2-3.1.s390x",
"product": {
"name": "azure-storage-azcopy-10.32.2-3.1.s390x",
"product_id": "azure-storage-azcopy-10.32.2-3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "azure-storage-azcopy-10.32.2-3.1.x86_64",
"product": {
"name": "azure-storage-azcopy-10.32.2-3.1.x86_64",
"product_id": "azure-storage-azcopy-10.32.2-3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "azure-storage-azcopy-10.32.2-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:azure-storage-azcopy-10.32.2-3.1.aarch64"
},
"product_reference": "azure-storage-azcopy-10.32.2-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azure-storage-azcopy-10.32.2-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:azure-storage-azcopy-10.32.2-3.1.ppc64le"
},
"product_reference": "azure-storage-azcopy-10.32.2-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azure-storage-azcopy-10.32.2-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:azure-storage-azcopy-10.32.2-3.1.s390x"
},
"product_reference": "azure-storage-azcopy-10.32.2-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azure-storage-azcopy-10.32.2-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:azure-storage-azcopy-10.32.2-3.1.x86_64"
},
"product_reference": "azure-storage-azcopy-10.32.2-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:azure-storage-azcopy-10.32.2-3.1.aarch64",
"openSUSE Tumbleweed:azure-storage-azcopy-10.32.2-3.1.ppc64le",
"openSUSE Tumbleweed:azure-storage-azcopy-10.32.2-3.1.s390x",
"openSUSE Tumbleweed:azure-storage-azcopy-10.32.2-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:azure-storage-azcopy-10.32.2-3.1.aarch64",
"openSUSE Tumbleweed:azure-storage-azcopy-10.32.2-3.1.ppc64le",
"openSUSE Tumbleweed:azure-storage-azcopy-10.32.2-3.1.s390x",
"openSUSE Tumbleweed:azure-storage-azcopy-10.32.2-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:azure-storage-azcopy-10.32.2-3.1.aarch64",
"openSUSE Tumbleweed:azure-storage-azcopy-10.32.2-3.1.ppc64le",
"openSUSE Tumbleweed:azure-storage-azcopy-10.32.2-3.1.s390x",
"openSUSE Tumbleweed:azure-storage-azcopy-10.32.2-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
}
]
}
OPENSUSE-SU-2026:10889-1
Vulnerability from csaf_opensuse - Published: 2026-05-29 00:00 - Updated: 2026-05-29 00:00Summary
distribution-registry-3.1.1-3.1 on GA media
Severity
Moderate
Notes
Title of the patch: distribution-registry-3.1.1-3.1 on GA media
Description of the patch: These are all security issues fixed in the distribution-registry-3.1.1-3.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10889
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
20 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "distribution-registry-3.1.1-3.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the distribution-registry-3.1.1-3.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10889",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10889-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39821 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39827 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39834 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42508 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42508/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46597 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46597/"
}
],
"title": "distribution-registry-3.1.1-3.1 on GA media",
"tracking": {
"current_release_date": "2026-05-29T00:00:00Z",
"generator": {
"date": "2026-05-29T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10889-1",
"initial_release_date": "2026-05-29T00:00:00Z",
"revision_history": [
{
"date": "2026-05-29T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "distribution-registry-3.1.1-3.1.aarch64",
"product": {
"name": "distribution-registry-3.1.1-3.1.aarch64",
"product_id": "distribution-registry-3.1.1-3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "distribution-registry-3.1.1-3.1.ppc64le",
"product": {
"name": "distribution-registry-3.1.1-3.1.ppc64le",
"product_id": "distribution-registry-3.1.1-3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "distribution-registry-3.1.1-3.1.s390x",
"product": {
"name": "distribution-registry-3.1.1-3.1.s390x",
"product_id": "distribution-registry-3.1.1-3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "distribution-registry-3.1.1-3.1.x86_64",
"product": {
"name": "distribution-registry-3.1.1-3.1.x86_64",
"product_id": "distribution-registry-3.1.1-3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "distribution-registry-3.1.1-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.aarch64"
},
"product_reference": "distribution-registry-3.1.1-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distribution-registry-3.1.1-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.ppc64le"
},
"product_reference": "distribution-registry-3.1.1-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distribution-registry-3.1.1-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.s390x"
},
"product_reference": "distribution-registry-3.1.1-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distribution-registry-3.1.1-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.x86_64"
},
"product_reference": "distribution-registry-3.1.1-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.aarch64",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.ppc64le",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.s390x",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.aarch64",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.ppc64le",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.s390x",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.aarch64",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.ppc64le",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.s390x",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-29T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-39821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39821"
}
],
"notes": [
{
"category": "general",
"text": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.aarch64",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.ppc64le",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.s390x",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39821",
"url": "https://www.suse.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "SUSE Bug 1266474 for CVE-2026-39821",
"url": "https://bugzilla.suse.com/1266474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.aarch64",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.ppc64le",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.s390x",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.aarch64",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.ppc64le",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.s390x",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-29T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39821"
},
{
"cve": "CVE-2026-39827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39827"
}
],
"notes": [
{
"category": "general",
"text": "An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection\u0027s internal state and released for garbage collection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.aarch64",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.ppc64le",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.s390x",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39827",
"url": "https://www.suse.com/security/cve/CVE-2026-39827"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39827",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.aarch64",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.ppc64le",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.s390x",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.aarch64",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.ppc64le",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.s390x",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-29T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39827"
},
{
"cve": "CVE-2026-39834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39834"
}
],
"notes": [
{
"category": "general",
"text": "When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.aarch64",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.ppc64le",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.s390x",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39834",
"url": "https://www.suse.com/security/cve/CVE-2026-39834"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39834",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.aarch64",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.ppc64le",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.s390x",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.aarch64",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.ppc64le",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.s390x",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-29T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39834"
},
{
"cve": "CVE-2026-42508",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42508"
}
],
"notes": [
{
"category": "general",
"text": "Previously, a revoked \u0027SignatureKey\u0027 belonging to a CA was not correctly checked for revocation. Now, both the \u0027key\u0027 and \u0027key.SignatureKey\u0027 are checked for @revoked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.aarch64",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.ppc64le",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.s390x",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42508",
"url": "https://www.suse.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-42508",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.aarch64",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.ppc64le",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.s390x",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.aarch64",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.ppc64le",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.s390x",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-29T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42508"
},
{
"cve": "CVE-2026-46597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46597"
}
],
"notes": [
{
"category": "general",
"text": "An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.aarch64",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.ppc64le",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.s390x",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46597",
"url": "https://www.suse.com/security/cve/CVE-2026-46597"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46597",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.aarch64",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.ppc64le",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.s390x",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.aarch64",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.ppc64le",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.s390x",
"openSUSE Tumbleweed:distribution-registry-3.1.1-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-29T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-46597"
}
]
}
OPENSUSE-SU-2026:10892-1
Vulnerability from csaf_opensuse - Published: 2026-05-29 00:00 - Updated: 2026-05-29 00:00Summary
ignition-2.26.0-4.1 on GA media
Severity
Moderate
Notes
Title of the patch: ignition-2.26.0-4.1 on GA media
Description of the patch: These are all security issues fixed in the ignition-2.26.0-4.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10892
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ignition-2.26.0-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ignition-2.26.0-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ignition-2.26.0-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ignition-2.26.0-4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ignition-2.26.0-4.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ignition-2.26.0-4.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10892",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10892-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
}
],
"title": "ignition-2.26.0-4.1 on GA media",
"tracking": {
"current_release_date": "2026-05-29T00:00:00Z",
"generator": {
"date": "2026-05-29T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10892-1",
"initial_release_date": "2026-05-29T00:00:00Z",
"revision_history": [
{
"date": "2026-05-29T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ignition-2.26.0-4.1.aarch64",
"product": {
"name": "ignition-2.26.0-4.1.aarch64",
"product_id": "ignition-2.26.0-4.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ignition-2.26.0-4.1.ppc64le",
"product": {
"name": "ignition-2.26.0-4.1.ppc64le",
"product_id": "ignition-2.26.0-4.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ignition-2.26.0-4.1.s390x",
"product": {
"name": "ignition-2.26.0-4.1.s390x",
"product_id": "ignition-2.26.0-4.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ignition-2.26.0-4.1.x86_64",
"product": {
"name": "ignition-2.26.0-4.1.x86_64",
"product_id": "ignition-2.26.0-4.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-2.26.0-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ignition-2.26.0-4.1.aarch64"
},
"product_reference": "ignition-2.26.0-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-2.26.0-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ignition-2.26.0-4.1.ppc64le"
},
"product_reference": "ignition-2.26.0-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-2.26.0-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ignition-2.26.0-4.1.s390x"
},
"product_reference": "ignition-2.26.0-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-2.26.0-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ignition-2.26.0-4.1.x86_64"
},
"product_reference": "ignition-2.26.0-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ignition-2.26.0-4.1.aarch64",
"openSUSE Tumbleweed:ignition-2.26.0-4.1.ppc64le",
"openSUSE Tumbleweed:ignition-2.26.0-4.1.s390x",
"openSUSE Tumbleweed:ignition-2.26.0-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ignition-2.26.0-4.1.aarch64",
"openSUSE Tumbleweed:ignition-2.26.0-4.1.ppc64le",
"openSUSE Tumbleweed:ignition-2.26.0-4.1.s390x",
"openSUSE Tumbleweed:ignition-2.26.0-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ignition-2.26.0-4.1.aarch64",
"openSUSE Tumbleweed:ignition-2.26.0-4.1.ppc64le",
"openSUSE Tumbleweed:ignition-2.26.0-4.1.s390x",
"openSUSE Tumbleweed:ignition-2.26.0-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-29T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
}
]
}
OPENSUSE-SU-2026:11032-1
Vulnerability from csaf_opensuse - Published: 2026-06-15 00:00 - Updated: 2026-06-15 00:00Summary
google-osconfig-agent-20260611.00-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: google-osconfig-agent-20260611.00-1.1 on GA media
Description of the patch: These are all security issues fixed in the google-osconfig-agent-20260611.00-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-11032
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:google-osconfig-agent-20260611.00-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:google-osconfig-agent-20260611.00-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:google-osconfig-agent-20260611.00-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:google-osconfig-agent-20260611.00-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "google-osconfig-agent-20260611.00-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the google-osconfig-agent-20260611.00-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-11032",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_11032-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
}
],
"title": "google-osconfig-agent-20260611.00-1.1 on GA media",
"tracking": {
"current_release_date": "2026-06-15T00:00:00Z",
"generator": {
"date": "2026-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:11032-1",
"initial_release_date": "2026-06-15T00:00:00Z",
"revision_history": [
{
"date": "2026-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "google-osconfig-agent-20260611.00-1.1.aarch64",
"product": {
"name": "google-osconfig-agent-20260611.00-1.1.aarch64",
"product_id": "google-osconfig-agent-20260611.00-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "google-osconfig-agent-20260611.00-1.1.ppc64le",
"product": {
"name": "google-osconfig-agent-20260611.00-1.1.ppc64le",
"product_id": "google-osconfig-agent-20260611.00-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "google-osconfig-agent-20260611.00-1.1.s390x",
"product": {
"name": "google-osconfig-agent-20260611.00-1.1.s390x",
"product_id": "google-osconfig-agent-20260611.00-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "google-osconfig-agent-20260611.00-1.1.x86_64",
"product": {
"name": "google-osconfig-agent-20260611.00-1.1.x86_64",
"product_id": "google-osconfig-agent-20260611.00-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "google-osconfig-agent-20260611.00-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:google-osconfig-agent-20260611.00-1.1.aarch64"
},
"product_reference": "google-osconfig-agent-20260611.00-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-osconfig-agent-20260611.00-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:google-osconfig-agent-20260611.00-1.1.ppc64le"
},
"product_reference": "google-osconfig-agent-20260611.00-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-osconfig-agent-20260611.00-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:google-osconfig-agent-20260611.00-1.1.s390x"
},
"product_reference": "google-osconfig-agent-20260611.00-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-osconfig-agent-20260611.00-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:google-osconfig-agent-20260611.00-1.1.x86_64"
},
"product_reference": "google-osconfig-agent-20260611.00-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:google-osconfig-agent-20260611.00-1.1.aarch64",
"openSUSE Tumbleweed:google-osconfig-agent-20260611.00-1.1.ppc64le",
"openSUSE Tumbleweed:google-osconfig-agent-20260611.00-1.1.s390x",
"openSUSE Tumbleweed:google-osconfig-agent-20260611.00-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:google-osconfig-agent-20260611.00-1.1.aarch64",
"openSUSE Tumbleweed:google-osconfig-agent-20260611.00-1.1.ppc64le",
"openSUSE Tumbleweed:google-osconfig-agent-20260611.00-1.1.s390x",
"openSUSE Tumbleweed:google-osconfig-agent-20260611.00-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:google-osconfig-agent-20260611.00-1.1.aarch64",
"openSUSE Tumbleweed:google-osconfig-agent-20260611.00-1.1.ppc64le",
"openSUSE Tumbleweed:google-osconfig-agent-20260611.00-1.1.s390x",
"openSUSE Tumbleweed:google-osconfig-agent-20260611.00-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
}
]
}
OPENSUSE-SU-2026:11050-1
Vulnerability from csaf_opensuse - Published: 2026-06-17 00:00 - Updated: 2026-06-17 00:00Summary
warewulf4-4.7.0-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: warewulf4-4.7.0-1.1 on GA media
Description of the patch: These are all security issues fixed in the warewulf4-4.7.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-11050
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-4.7.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-4.7.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-4.7.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-4.7.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-4.7.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-4.7.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-4.7.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-4.7.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "warewulf4-4.7.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the warewulf4-4.7.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-11050",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_11050-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39821 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39821/"
}
],
"title": "warewulf4-4.7.0-1.1 on GA media",
"tracking": {
"current_release_date": "2026-06-17T00:00:00Z",
"generator": {
"date": "2026-06-17T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:11050-1",
"initial_release_date": "2026-06-17T00:00:00Z",
"revision_history": [
{
"date": "2026-06-17T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "warewulf4-4.7.0-1.1.aarch64",
"product": {
"name": "warewulf4-4.7.0-1.1.aarch64",
"product_id": "warewulf4-4.7.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "warewulf4-dracut-4.7.0-1.1.aarch64",
"product": {
"name": "warewulf4-dracut-4.7.0-1.1.aarch64",
"product_id": "warewulf4-dracut-4.7.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "warewulf4-man-4.7.0-1.1.aarch64",
"product": {
"name": "warewulf4-man-4.7.0-1.1.aarch64",
"product_id": "warewulf4-man-4.7.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "warewulf4-overlay-4.7.0-1.1.aarch64",
"product": {
"name": "warewulf4-overlay-4.7.0-1.1.aarch64",
"product_id": "warewulf4-overlay-4.7.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "warewulf4-overlay-rke2-4.7.0-1.1.aarch64",
"product": {
"name": "warewulf4-overlay-rke2-4.7.0-1.1.aarch64",
"product_id": "warewulf4-overlay-rke2-4.7.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "warewulf4-reference-doc-4.7.0-1.1.aarch64",
"product": {
"name": "warewulf4-reference-doc-4.7.0-1.1.aarch64",
"product_id": "warewulf4-reference-doc-4.7.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "warewulf4-4.7.0-1.1.ppc64le",
"product": {
"name": "warewulf4-4.7.0-1.1.ppc64le",
"product_id": "warewulf4-4.7.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "warewulf4-dracut-4.7.0-1.1.ppc64le",
"product": {
"name": "warewulf4-dracut-4.7.0-1.1.ppc64le",
"product_id": "warewulf4-dracut-4.7.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "warewulf4-man-4.7.0-1.1.ppc64le",
"product": {
"name": "warewulf4-man-4.7.0-1.1.ppc64le",
"product_id": "warewulf4-man-4.7.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "warewulf4-overlay-4.7.0-1.1.ppc64le",
"product": {
"name": "warewulf4-overlay-4.7.0-1.1.ppc64le",
"product_id": "warewulf4-overlay-4.7.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "warewulf4-overlay-rke2-4.7.0-1.1.ppc64le",
"product": {
"name": "warewulf4-overlay-rke2-4.7.0-1.1.ppc64le",
"product_id": "warewulf4-overlay-rke2-4.7.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "warewulf4-reference-doc-4.7.0-1.1.ppc64le",
"product": {
"name": "warewulf4-reference-doc-4.7.0-1.1.ppc64le",
"product_id": "warewulf4-reference-doc-4.7.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "warewulf4-4.7.0-1.1.s390x",
"product": {
"name": "warewulf4-4.7.0-1.1.s390x",
"product_id": "warewulf4-4.7.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "warewulf4-dracut-4.7.0-1.1.s390x",
"product": {
"name": "warewulf4-dracut-4.7.0-1.1.s390x",
"product_id": "warewulf4-dracut-4.7.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "warewulf4-man-4.7.0-1.1.s390x",
"product": {
"name": "warewulf4-man-4.7.0-1.1.s390x",
"product_id": "warewulf4-man-4.7.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "warewulf4-overlay-4.7.0-1.1.s390x",
"product": {
"name": "warewulf4-overlay-4.7.0-1.1.s390x",
"product_id": "warewulf4-overlay-4.7.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "warewulf4-overlay-rke2-4.7.0-1.1.s390x",
"product": {
"name": "warewulf4-overlay-rke2-4.7.0-1.1.s390x",
"product_id": "warewulf4-overlay-rke2-4.7.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "warewulf4-reference-doc-4.7.0-1.1.s390x",
"product": {
"name": "warewulf4-reference-doc-4.7.0-1.1.s390x",
"product_id": "warewulf4-reference-doc-4.7.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "warewulf4-4.7.0-1.1.x86_64",
"product": {
"name": "warewulf4-4.7.0-1.1.x86_64",
"product_id": "warewulf4-4.7.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "warewulf4-dracut-4.7.0-1.1.x86_64",
"product": {
"name": "warewulf4-dracut-4.7.0-1.1.x86_64",
"product_id": "warewulf4-dracut-4.7.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "warewulf4-man-4.7.0-1.1.x86_64",
"product": {
"name": "warewulf4-man-4.7.0-1.1.x86_64",
"product_id": "warewulf4-man-4.7.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "warewulf4-overlay-4.7.0-1.1.x86_64",
"product": {
"name": "warewulf4-overlay-4.7.0-1.1.x86_64",
"product_id": "warewulf4-overlay-4.7.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "warewulf4-overlay-rke2-4.7.0-1.1.x86_64",
"product": {
"name": "warewulf4-overlay-rke2-4.7.0-1.1.x86_64",
"product_id": "warewulf4-overlay-rke2-4.7.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "warewulf4-reference-doc-4.7.0-1.1.x86_64",
"product": {
"name": "warewulf4-reference-doc-4.7.0-1.1.x86_64",
"product_id": "warewulf4-reference-doc-4.7.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-4.7.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-4.7.0-1.1.aarch64"
},
"product_reference": "warewulf4-4.7.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-4.7.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-4.7.0-1.1.ppc64le"
},
"product_reference": "warewulf4-4.7.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-4.7.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-4.7.0-1.1.s390x"
},
"product_reference": "warewulf4-4.7.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-4.7.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-4.7.0-1.1.x86_64"
},
"product_reference": "warewulf4-4.7.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-dracut-4.7.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.aarch64"
},
"product_reference": "warewulf4-dracut-4.7.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-dracut-4.7.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.ppc64le"
},
"product_reference": "warewulf4-dracut-4.7.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-dracut-4.7.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.s390x"
},
"product_reference": "warewulf4-dracut-4.7.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-dracut-4.7.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.x86_64"
},
"product_reference": "warewulf4-dracut-4.7.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-man-4.7.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.aarch64"
},
"product_reference": "warewulf4-man-4.7.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-man-4.7.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.ppc64le"
},
"product_reference": "warewulf4-man-4.7.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-man-4.7.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.s390x"
},
"product_reference": "warewulf4-man-4.7.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-man-4.7.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.x86_64"
},
"product_reference": "warewulf4-man-4.7.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-overlay-4.7.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.aarch64"
},
"product_reference": "warewulf4-overlay-4.7.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-overlay-4.7.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.ppc64le"
},
"product_reference": "warewulf4-overlay-4.7.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-overlay-4.7.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.s390x"
},
"product_reference": "warewulf4-overlay-4.7.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-overlay-4.7.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.x86_64"
},
"product_reference": "warewulf4-overlay-4.7.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-overlay-rke2-4.7.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.aarch64"
},
"product_reference": "warewulf4-overlay-rke2-4.7.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-overlay-rke2-4.7.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.ppc64le"
},
"product_reference": "warewulf4-overlay-rke2-4.7.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-overlay-rke2-4.7.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.s390x"
},
"product_reference": "warewulf4-overlay-rke2-4.7.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-overlay-rke2-4.7.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.x86_64"
},
"product_reference": "warewulf4-overlay-rke2-4.7.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-reference-doc-4.7.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.aarch64"
},
"product_reference": "warewulf4-reference-doc-4.7.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-reference-doc-4.7.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.ppc64le"
},
"product_reference": "warewulf4-reference-doc-4.7.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-reference-doc-4.7.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.s390x"
},
"product_reference": "warewulf4-reference-doc-4.7.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "warewulf4-reference-doc-4.7.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.x86_64"
},
"product_reference": "warewulf4-reference-doc-4.7.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-39821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39821"
}
],
"notes": [
{
"category": "general",
"text": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39821",
"url": "https://www.suse.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "SUSE Bug 1266474 for CVE-2026-39821",
"url": "https://bugzilla.suse.com/1266474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-dracut-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-man-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-overlay-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-overlay-rke2-4.7.0-1.1.x86_64",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.aarch64",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.ppc64le",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.s390x",
"openSUSE Tumbleweed:warewulf4-reference-doc-4.7.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-17T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39821"
}
]
}
OPENSUSE-SU-2026:11075-1
Vulnerability from csaf_opensuse - Published: 2026-06-22 00:00 - Updated: 2026-06-22 00:00Summary
docker-stable-24.0.9_ce-18.1 on GA media
Severity
Moderate
Notes
Title of the patch: docker-stable-24.0.9_ce-18.1 on GA media
Description of the patch: These are all security issues fixed in the docker-stable-24.0.9_ce-18.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-11075
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.1 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.4 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.4 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.4 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.2 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
29 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "docker-stable-24.0.9_ce-18.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the docker-stable-24.0.9_ce-18.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-11075",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_11075-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33186 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33747 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33747/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33748 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33748/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33997 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33997/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-34040 page",
"url": "https://www.suse.com/security/cve/CVE-2026-34040/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39821 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41567 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41567/"
}
],
"title": "docker-stable-24.0.9_ce-18.1 on GA media",
"tracking": {
"current_release_date": "2026-06-22T00:00:00Z",
"generator": {
"date": "2026-06-22T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:11075-1",
"initial_release_date": "2026-06-22T00:00:00Z",
"revision_history": [
{
"date": "2026-06-22T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-18.1.aarch64",
"product": {
"name": "docker-stable-24.0.9_ce-18.1.aarch64",
"product_id": "docker-stable-24.0.9_ce-18.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"product": {
"name": "docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"product_id": "docker-stable-bash-completion-24.0.9_ce-18.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-stable-buildx-0.25.0-18.1.aarch64",
"product": {
"name": "docker-stable-buildx-0.25.0-18.1.aarch64",
"product_id": "docker-stable-buildx-0.25.0-18.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"product": {
"name": "docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"product_id": "docker-stable-fish-completion-24.0.9_ce-18.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"product": {
"name": "docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"product_id": "docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"product": {
"name": "docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"product_id": "docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-18.1.ppc64le",
"product": {
"name": "docker-stable-24.0.9_ce-18.1.ppc64le",
"product_id": "docker-stable-24.0.9_ce-18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"product": {
"name": "docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"product_id": "docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-stable-buildx-0.25.0-18.1.ppc64le",
"product": {
"name": "docker-stable-buildx-0.25.0-18.1.ppc64le",
"product_id": "docker-stable-buildx-0.25.0-18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"product": {
"name": "docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"product_id": "docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"product": {
"name": "docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"product_id": "docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"product": {
"name": "docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"product_id": "docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-18.1.s390x",
"product": {
"name": "docker-stable-24.0.9_ce-18.1.s390x",
"product_id": "docker-stable-24.0.9_ce-18.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"product": {
"name": "docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"product_id": "docker-stable-bash-completion-24.0.9_ce-18.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-stable-buildx-0.25.0-18.1.s390x",
"product": {
"name": "docker-stable-buildx-0.25.0-18.1.s390x",
"product_id": "docker-stable-buildx-0.25.0-18.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"product": {
"name": "docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"product_id": "docker-stable-fish-completion-24.0.9_ce-18.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"product": {
"name": "docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"product_id": "docker-stable-rootless-extras-24.0.9_ce-18.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"product": {
"name": "docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"product_id": "docker-stable-zsh-completion-24.0.9_ce-18.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-18.1.x86_64",
"product": {
"name": "docker-stable-24.0.9_ce-18.1.x86_64",
"product_id": "docker-stable-24.0.9_ce-18.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"product": {
"name": "docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"product_id": "docker-stable-bash-completion-24.0.9_ce-18.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-stable-buildx-0.25.0-18.1.x86_64",
"product": {
"name": "docker-stable-buildx-0.25.0-18.1.x86_64",
"product_id": "docker-stable-buildx-0.25.0-18.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"product": {
"name": "docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"product_id": "docker-stable-fish-completion-24.0.9_ce-18.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"product": {
"name": "docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"product_id": "docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64",
"product": {
"name": "docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64",
"product_id": "docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-18.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64"
},
"product_reference": "docker-stable-24.0.9_ce-18.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-18.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le"
},
"product_reference": "docker-stable-24.0.9_ce-18.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-18.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x"
},
"product_reference": "docker-stable-24.0.9_ce-18.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-18.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64"
},
"product_reference": "docker-stable-24.0.9_ce-18.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-18.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-18.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-18.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.25.0-18.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64"
},
"product_reference": "docker-stable-buildx-0.25.0-18.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.25.0-18.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le"
},
"product_reference": "docker-stable-buildx-0.25.0-18.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.25.0-18.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x"
},
"product_reference": "docker-stable-buildx-0.25.0-18.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.25.0-18.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64"
},
"product_reference": "docker-stable-buildx-0.25.0-18.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-fish-completion-24.0.9_ce-18.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64"
},
"product_reference": "docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le"
},
"product_reference": "docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-fish-completion-24.0.9_ce-18.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x"
},
"product_reference": "docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-fish-completion-24.0.9_ce-18.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64"
},
"product_reference": "docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64"
},
"product_reference": "docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le"
},
"product_reference": "docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-rootless-extras-24.0.9_ce-18.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x"
},
"product_reference": "docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64"
},
"product_reference": "docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64"
},
"product_reference": "docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le"
},
"product_reference": "docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-zsh-completion-24.0.9_ce-18.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x"
},
"product_reference": "docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
},
"product_reference": "docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33186"
}
],
"notes": [
{
"category": "general",
"text": "gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33186",
"url": "https://www.suse.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "SUSE Bug 1260085 for CVE-2026-33186",
"url": "https://bugzilla.suse.com/1260085"
},
{
"category": "external",
"summary": "SUSE Bug 1268676 for CVE-2026-33186",
"url": "https://bugzilla.suse.com/1268676"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33186"
},
{
"cve": "CVE-2026-33747",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33747"
}
],
"notes": [
{
"category": "general",
"text": "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for the execution context. The issue has been fixed in v0.28.1. The vulnerability requires using an untrusted BuildKit frontend set with `#syntax` or `--build-arg BUILDKIT_SYNTAX`. Using these options with a well-known frontend image like `docker/dockerfile` is not affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33747",
"url": "https://www.suse.com/security/cve/CVE-2026-33747"
},
{
"category": "external",
"summary": "SUSE Bug 1260954 for CVE-2026-33747",
"url": "https://bugzilla.suse.com/1260954"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33747"
},
{
"cve": "CVE-2026-33748",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33748"
}
],
"notes": [
{
"category": "general",
"text": "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is limited to files on the same mounted filesystem. The issue has been fixed in version v0.28.1 The issue affects only builds that use Git URLs with a subpath component. As a workaround, avoid building Dockerfiles from untrusted sources or using the subdir component from an untrusted Git repository where the subdir component could point to a symlink.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33748",
"url": "https://www.suse.com/security/cve/CVE-2026-33748"
},
{
"category": "external",
"summary": "SUSE Bug 1261046 for CVE-2026-33748",
"url": "https://bugzilla.suse.com/1261046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33748"
},
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
},
{
"category": "external",
"summary": "SUSE Bug 1268758 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1268758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-33997",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33997"
}
],
"notes": [
{
"category": "general",
"text": "Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon\u0027s privilege comparison logic, the daemon may incorrectly accept a privilege set that differs from the one approved by the user. Plugins that request exactly one privilege are also affected, because no comparison is performed at all. This issue has been patched in version 29.3.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33997",
"url": "https://www.suse.com/security/cve/CVE-2026-33997"
},
{
"category": "external",
"summary": "SUSE Bug 1265907 for CVE-2026-33997",
"url": "https://bugzilla.suse.com/1265907"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33997"
},
{
"cve": "CVE-2026-34040",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-34040"
}
],
"notes": [
{
"category": "general",
"text": "Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-34040",
"url": "https://www.suse.com/security/cve/CVE-2026-34040"
},
{
"category": "external",
"summary": "SUSE Bug 1261378 for CVE-2026-34040",
"url": "https://bugzilla.suse.com/1261378"
},
{
"category": "external",
"summary": "SUSE Bug 1265929 for CVE-2026-34040",
"url": "https://bugzilla.suse.com/1265929"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-34040"
},
{
"cve": "CVE-2026-39821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39821"
}
],
"notes": [
{
"category": "general",
"text": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39821",
"url": "https://www.suse.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "SUSE Bug 1266474 for CVE-2026-39821",
"url": "https://bugzilla.suse.com/1266474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39821"
},
{
"cve": "CVE-2026-41567",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41567"
}
],
"notes": [
{
"category": "general",
"text": "Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via `PUT /containers/{id}/archive` or piped through `docker cp -`, the daemon resolves decompression binaries (such as `xz` or `unpigz`) from the container\u0027s filesystem rather than the host\u0027s due to incorrect ordering of operations. A malicious container image containing a trojanized decompression binary can achieve arbitrary code execution with full daemon privileges, including host root UID and unrestricted capabilities, when a user uploads a compressed (xz or gzip) archive into that container. This issue is fixed in Docker Engine 29.5.1 and moby/moby v2.0.0-beta.14. Workarounds include only running containers from trusted images, using authorization plugins to restrict access to the `PUT /containers/{id}/archive` endpoint, and avoiding piping compressed archives into containers created from untrusted images",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41567",
"url": "https://www.suse.com/security/cve/CVE-2026-41567"
},
{
"category": "external",
"summary": "SUSE Bug 1267827 for CVE-2026-41567",
"url": "https://bugzilla.suse.com/1267827"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-18.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-41567"
}
]
}
OPENSUSE-SU-2026:11126-1
Vulnerability from csaf_opensuse - Published: 2026-06-25 00:00 - Updated: 2026-06-25 00:00Summary
velociraptor-0.7.0.4.git185.a5708584-2.1 on GA media
Severity
Moderate
Notes
Title of the patch: velociraptor-0.7.0.4.git185.a5708584-2.1 on GA media
Description of the patch: These are all security issues fixed in the velociraptor-0.7.0.4.git185.a5708584-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-11126
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.2 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.4 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5.4 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.4 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.7 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
155 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "velociraptor-0.7.0.4.git185.a5708584-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the velociraptor-0.7.0.4.git185.a5708584-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-11126",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_11126-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45288 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45288/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45339 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45339/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-13465 page",
"url": "https://www.suse.com/security/cve/CVE-2025-13465/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22868 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22868/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22872 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-24358 page",
"url": "https://www.suse.com/security/cve/CVE-2025-24358/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47911 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58058 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58190 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58190/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5889 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-64718 page",
"url": "https://www.suse.com/security/cve/CVE-2025-64718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-6545 page",
"url": "https://www.suse.com/security/cve/CVE-2025-6545/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-6547 page",
"url": "https://www.suse.com/security/cve/CVE-2025-6547/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-7783 page",
"url": "https://www.suse.com/security/cve/CVE-2025-7783/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-1229 page",
"url": "https://www.suse.com/security/cve/CVE-2026-1229/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25128 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25128/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25680 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25681 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-26278 page",
"url": "https://www.suse.com/security/cve/CVE-2026-26278/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-26996 page",
"url": "https://www.suse.com/security/cve/CVE-2026-26996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27136 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-2739 page",
"url": "https://www.suse.com/security/cve/CVE-2026-2739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27606 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27606/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27904 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27904/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33036 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33036/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33186 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33487 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33487/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-34986 page",
"url": "https://www.suse.com/security/cve/CVE-2026-34986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39821 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39827 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39828 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39829 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39830 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39831 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39832 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39833 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39834 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39835 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42039 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42039/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42502 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42502/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42506 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42508 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42508/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46595 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46595/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46597 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46598 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46598/"
}
],
"title": "velociraptor-0.7.0.4.git185.a5708584-2.1 on GA media",
"tracking": {
"current_release_date": "2026-06-25T00:00:00Z",
"generator": {
"date": "2026-06-25T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:11126-1",
"initial_release_date": "2026-06-25T00:00:00Z",
"revision_history": [
{
"date": "2026-06-25T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"product": {
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"product_id": "velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"product": {
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"product_id": "velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"product": {
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"product_id": "velociraptor-0.7.0.4.git185.a5708584-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64",
"product": {
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64",
"product_id": "velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64"
},
"product_reference": "velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le"
},
"product_reference": "velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x"
},
"product_reference": "velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
},
"product_reference": "velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45288"
}
],
"notes": [
{
"category": "general",
"text": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request\u0027s headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45288",
"url": "https://www.suse.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "SUSE Bug 1221400 for CVE-2023-45288",
"url": "https://bugzilla.suse.com/1221400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-45288"
},
{
"cve": "CVE-2024-45339",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45339"
}
],
"notes": [
{
"category": "general",
"text": "When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process\u0027s log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that sensitive file. To fix that, glog now causes the program to exit (with status code 2) when it finds that the configured log file already exists.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45339",
"url": "https://www.suse.com/security/cve/CVE-2024-45339"
},
{
"category": "external",
"summary": "SUSE Bug 1236541 for CVE-2024-45339",
"url": "https://bugzilla.suse.com/1236541"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-45339"
},
{
"cve": "CVE-2025-13465",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-13465"
}
],
"notes": [
{
"category": "general",
"text": "Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes.\n\nThe issue permits deletion of properties but does not allow overwriting their original behavior.\n\nThis issue is patched on 4.17.23",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-13465",
"url": "https://www.suse.com/security/cve/CVE-2025-13465"
},
{
"category": "external",
"summary": "SUSE Bug 1257321 for CVE-2025-13465",
"url": "https://bugzilla.suse.com/1257321"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-13465"
},
{
"cve": "CVE-2025-22868",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22868"
}
],
"notes": [
{
"category": "general",
"text": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22868",
"url": "https://www.suse.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "SUSE Bug 1239185 for CVE-2025-22868",
"url": "https://bugzilla.suse.com/1239185"
},
{
"category": "external",
"summary": "SUSE Bug 1239186 for CVE-2025-22868",
"url": "https://bugzilla.suse.com/1239186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-22868"
},
{
"cve": "CVE-2025-22869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22869"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22869",
"url": "https://www.suse.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "SUSE Bug 1239322 for CVE-2025-22869",
"url": "https://bugzilla.suse.com/1239322"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-22869"
},
{
"cve": "CVE-2025-22870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22870"
}
],
"notes": [
{
"category": "general",
"text": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22870",
"url": "https://www.suse.com/security/cve/CVE-2025-22870"
},
{
"category": "external",
"summary": "SUSE Bug 1238572 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238572"
},
{
"category": "external",
"summary": "SUSE Bug 1238611 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-22870"
},
{
"cve": "CVE-2025-22872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22872"
}
],
"notes": [
{
"category": "general",
"text": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22872",
"url": "https://www.suse.com/security/cve/CVE-2025-22872"
},
{
"category": "external",
"summary": "SUSE Bug 1241710 for CVE-2025-22872",
"url": "https://bugzilla.suse.com/1241710"
},
{
"category": "external",
"summary": "SUSE Bug 1265255 for CVE-2025-22872",
"url": "https://bugzilla.suse.com/1265255"
},
{
"category": "external",
"summary": "SUSE Bug 1265256 for CVE-2025-22872",
"url": "https://bugzilla.suse.com/1265256"
},
{
"category": "external",
"summary": "SUSE Bug 1265259 for CVE-2025-22872",
"url": "https://bugzilla.suse.com/1265259"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-22872"
},
{
"cve": "CVE-2025-24358",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-24358"
}
],
"notes": [
{
"category": "general",
"text": "gorilla/csrf provides Cross Site Request Forgery (CSRF) prevention middleware for Go web applications \u0026 services. Prior to 1.7.2, gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Referer header for cross-origin requests only when it believes the request is being served over TLS. It determines this by inspecting the r.URL.Scheme value. However, this value is never populated for \"server\" requests per the Go spec, and so this check does not run in practice. This vulnerability allows an attacker who has gained XSS on a subdomain or top level domain to perform authenticated form submissions against gorilla/csrf protected targets that share the same top level domain. This vulnerability is fixed in 1.7.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-24358",
"url": "https://www.suse.com/security/cve/CVE-2025-24358"
},
{
"category": "external",
"summary": "SUSE Bug 1241233 for CVE-2025-24358",
"url": "https://bugzilla.suse.com/1241233"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-24358"
},
{
"cve": "CVE-2025-47911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47911"
}
],
"notes": [
{
"category": "general",
"text": "The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47911",
"url": "https://www.suse.com/security/cve/CVE-2025-47911"
},
{
"category": "external",
"summary": "SUSE Bug 1251308 for CVE-2025-47911",
"url": "https://bugzilla.suse.com/1251308"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-47911"
},
{
"cve": "CVE-2025-58058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58058"
}
],
"notes": [
{
"category": "general",
"text": "xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current implementation allocates the full decoding buffer directly after reading the header. The LZMA header doesn\u0027t include a magic number or has a checksum to detect such an issue according to the specification. Note that the code recognizes the issue later while reading the stream, but at this time the memory allocation has already been done. This issue has been patched in version 0.5.14.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58058",
"url": "https://www.suse.com/security/cve/CVE-2025-58058"
},
{
"category": "external",
"summary": "SUSE Bug 1248889 for CVE-2025-58058",
"url": "https://bugzilla.suse.com/1248889"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-58058"
},
{
"cve": "CVE-2025-58181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58181"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58181",
"url": "https://www.suse.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "SUSE Bug 1253784 for CVE-2025-58181",
"url": "https://bugzilla.suse.com/1253784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-58181"
},
{
"cve": "CVE-2025-58190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58190"
}
],
"notes": [
{
"category": "general",
"text": "The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58190",
"url": "https://www.suse.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "SUSE Bug 1251309 for CVE-2025-58190",
"url": "https://bugzilla.suse.com/1251309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-58190"
},
{
"cve": "CVE-2025-5889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5889"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.1.12, 2.0.2, 3.0.1 and 4.0.1 is able to address this issue. The name of the patch is a5b98a4f30d7813266b221435e1eaaf25a1b0ac5. It is recommended to upgrade the affected component.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5889",
"url": "https://www.suse.com/security/cve/CVE-2025-5889"
},
{
"category": "external",
"summary": "SUSE Bug 1244340 for CVE-2025-5889",
"url": "https://bugzilla.suse.com/1244340"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2025-5889"
},
{
"cve": "CVE-2025-64718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-64718"
}
],
"notes": [
{
"category": "general",
"text": "js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it\u0027s possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. The problem is patched in js-yaml 4.1.1 and 3.14.2. Users can protect against this kind of attack on the server by using `node --disable-proto=delete` or `deno` (in Deno, pollution protection is on by default).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-64718",
"url": "https://www.suse.com/security/cve/CVE-2025-64718"
},
{
"category": "external",
"summary": "SUSE Bug 1255407 for CVE-2025-64718",
"url": "https://bugzilla.suse.com/1255407"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-64718"
},
{
"cve": "CVE-2025-6545",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-6545"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js.\n\nThis issue affects pbkdf2: from 3.0.10 through 3.1.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-6545",
"url": "https://www.suse.com/security/cve/CVE-2025-6545"
},
{
"category": "external",
"summary": "SUSE Bug 1245273 for CVE-2025-6545",
"url": "https://bugzilla.suse.com/1245273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-6545"
},
{
"cve": "CVE-2025-6547",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-6547"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation.This issue affects pbkdf2: \u003c=3.1.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-6547",
"url": "https://www.suse.com/security/cve/CVE-2025-6547"
},
{
"category": "external",
"summary": "SUSE Bug 1245271 for CVE-2025-6547",
"url": "https://bugzilla.suse.com/1245271"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-6547"
},
{
"cve": "CVE-2025-7783",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-7783"
}
],
"notes": [
{
"category": "general",
"text": "Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js.\n\nThis issue affects form-data: \u003c 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-7783",
"url": "https://www.suse.com/security/cve/CVE-2025-7783"
},
{
"category": "external",
"summary": "SUSE Bug 1246810 for CVE-2025-7783",
"url": "https://bugzilla.suse.com/1246810"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-7783"
},
{
"cve": "CVE-2026-1229",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-1229"
}
],
"notes": [
{
"category": "general",
"text": "The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas.\nECDH and ECDSA signing relying on this curve are not affected.\n\nThe bug was fixed in v1.6.3 https://github.com/cloudflare/circl/releases/tag/v1.6.3 .",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-1229",
"url": "https://www.suse.com/security/cve/CVE-2026-1229"
},
{
"category": "external",
"summary": "SUSE Bug 1265416 for CVE-2026-1229",
"url": "https://bugzilla.suse.com/1265416"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-1229"
},
{
"cve": "CVE-2026-25128",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25128"
}
],
"notes": [
{
"category": "general",
"text": "fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 5.0.9 through 5.3.3, a RangeError vulnerability exists in the numeric entity processing of fast-xml-parser when parsing XML with out-of-range entity code points (e.g., `\u0026#9999999;` or `\u0026#xFFFFFF;`). This causes the parser to throw an uncaught exception, crashing any application that processes untrusted XML input. Version 5.3.4 fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25128",
"url": "https://www.suse.com/security/cve/CVE-2026-25128"
},
{
"category": "external",
"summary": "SUSE Bug 1257518 for CVE-2026-25128",
"url": "https://bugzilla.suse.com/1257518"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-25128"
},
{
"cve": "CVE-2026-25680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25680"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25680",
"url": "https://www.suse.com/security/cve/CVE-2026-25680"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-25680",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-25680"
},
{
"cve": "CVE-2026-25681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25681"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25681",
"url": "https://www.suse.com/security/cve/CVE-2026-25681"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-25681",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-25681"
},
{
"cve": "CVE-2026-26278",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-26278"
}
],
"notes": [
{
"category": "general",
"text": "fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML input, it\u0027s possible to make the parser spend seconds or even minutes processing a single request, effectively freezing the application. Version 5.3.6 fixes the issue. As a workaround, avoid using DOCTYPE parsing by `processEntities: false` option.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-26278",
"url": "https://www.suse.com/security/cve/CVE-2026-26278"
},
{
"category": "external",
"summary": "SUSE Bug 1258547 for CVE-2026-26278",
"url": "https://bugzilla.suse.com/1258547"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-26278"
},
{
"cve": "CVE-2026-26996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-26996"
}
],
"notes": [
{
"category": "general",
"text": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn\u0027t appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8\u0027s regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-26996",
"url": "https://www.suse.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "SUSE Bug 1258621 for CVE-2026-26996",
"url": "https://bugzilla.suse.com/1258621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-26996"
},
{
"cve": "CVE-2026-27136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27136"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27136",
"url": "https://www.suse.com/security/cve/CVE-2026-27136"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-27136",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-27136"
},
{
"cve": "CVE-2026-2739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-2739"
}
],
"notes": [
{
"category": "general",
"text": "This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-2739",
"url": "https://www.suse.com/security/cve/CVE-2026-2739"
},
{
"category": "external",
"summary": "SUSE Bug 1258647 for CVE-2026-2739",
"url": "https://bugzilla.suse.com/1258647"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-2739"
},
{
"cve": "CVE-2026-27606",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27606"
}
],
"notes": [
{
"category": "general",
"text": "Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler (specifically v4.x and present in current source) is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker to control output filenames (e.g., via CLI named inputs, manual chunk aliases, or malicious plugins) and use traversal sequences (`../`) to overwrite files anywhere on the host filesystem that the build process has permissions for. This can lead to persistent Remote Code Execution (RCE) by overwriting critical system or user configuration files. Versions 2.80.0, 3.30.0, and 4.59.0 contain a patch for the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27606",
"url": "https://www.suse.com/security/cve/CVE-2026-27606"
},
{
"category": "external",
"summary": "SUSE Bug 1258846 for CVE-2026-27606",
"url": "https://bugzilla.suse.com/1258846"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-27606"
},
{
"cve": "CVE-2026-27904",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27904"
}
],
"notes": [
{
"category": "general",
"text": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtracking in V8. With a 12-byte pattern `*(*(*(a|b)))` and an 18-byte non-matching input, `minimatch()` stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes this to minutes. This is the most severe finding: it is triggered by the default `minimatch()` API with no special options, and the minimum viable pattern is only 12 bytes. The same issue affects `+()` extglobs equally. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27904",
"url": "https://www.suse.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "SUSE Bug 1258994 for CVE-2026-27904",
"url": "https://bugzilla.suse.com/1258994"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-27904"
},
{
"cve": "CVE-2026-33036",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33036"
}
],
"notes": [
{
"category": "general",
"text": "fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Versions 4.0.0-beta.3 through 5.5.5 contain a bypass vulnerability where numeric character references (\u0026#NNN;, \u0026#xHH;) and standard XML entities completely evade the entity expansion limits (e.g., maxTotalExpansions, maxExpandedLength) added to fix CVE-2026-26278, enabling XML entity expansion Denial of Service. The root cause is that replaceEntitiesValue() in OrderedObjParser.js only enforces expansion counting on DOCTYPE-defined entities while the lastEntities loop handling numeric/standard entities performs no counting at all. An attacker supplying 1M numeric entity references like \u0026#65; can force ~147MB of memory allocation and heavy CPU usage, potentially crashing the process-even when developers have configured strict limits. This issue has been fixed in version 5.5.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33036",
"url": "https://www.suse.com/security/cve/CVE-2026-33036"
},
{
"category": "external",
"summary": "SUSE Bug 1259974 for CVE-2026-33036",
"url": "https://bugzilla.suse.com/1259974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33036"
},
{
"cve": "CVE-2026-33186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33186"
}
],
"notes": [
{
"category": "general",
"text": "gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33186",
"url": "https://www.suse.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "SUSE Bug 1260085 for CVE-2026-33186",
"url": "https://bugzilla.suse.com/1260085"
},
{
"category": "external",
"summary": "SUSE Bug 1268676 for CVE-2026-33186",
"url": "https://bugzilla.suse.com/1268676"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33186"
},
{
"cve": "CVE-2026-33487",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33487"
}
],
"notes": [
{
"category": "general",
"text": "goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the `validateSignature` function in `validate.go` goes through the references in the `SignedInfo` block to find one that matches the signed element\u0027s ID. In Go versions before 1.22, or when `go.mod` uses an older version, there is a loop variable capture issue. The code takes the address of the loop variable `_ref` instead of its value. As a result, if more than one reference matches the ID or if the loop logic is incorrect, the `ref` pointer will always end up pointing to the last element in the `SignedInfo.References` slice after the loop. goxmlsig version 1.6.0 contains a patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33487",
"url": "https://www.suse.com/security/cve/CVE-2026-33487"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33487"
},
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
},
{
"category": "external",
"summary": "SUSE Bug 1268758 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1268758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-34986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-34986"
}
],
"notes": [
{
"category": "general",
"text": "Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JWE) object will panic if the alg field indicates a key wrapping algorithm (one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW) and the encrypted_key field is empty. The panic happens when cipher.KeyUnwrap() in key_wrap.go attempts to allocate a slice with a zero or negative length based on the length of the encrypted_key. This code path is reachable from ParseEncrypted() / ParseEncryptedJSON() / ParseEncryptedCompact() followed by Decrypt() on the resulting object. Note that the parse functions take a list of accepted key algorithms. If the accepted key algorithms do not include any key wrapping algorithms, parsing will fail and the application will be unaffected. This panic is also reachable by calling cipher.KeyUnwrap() directly with any ciphertext parameter less than 16 bytes long, but calling this function directly is less common. Panics can lead to denial of service. This vulnerability is fixed in 4.1.4 and 3.0.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-34986",
"url": "https://www.suse.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "SUSE Bug 1262805 for CVE-2026-34986",
"url": "https://bugzilla.suse.com/1262805"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-34986"
},
{
"cve": "CVE-2026-39821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39821"
}
],
"notes": [
{
"category": "general",
"text": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39821",
"url": "https://www.suse.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "SUSE Bug 1266474 for CVE-2026-39821",
"url": "https://bugzilla.suse.com/1266474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39821"
},
{
"cve": "CVE-2026-39827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39827"
}
],
"notes": [
{
"category": "general",
"text": "An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection\u0027s internal state and released for garbage collection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39827",
"url": "https://www.suse.com/security/cve/CVE-2026-39827"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39827",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39827"
},
{
"cve": "CVE-2026-39828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39828"
}
],
"notes": [
{
"category": "general",
"text": "When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39828",
"url": "https://www.suse.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39828",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39828"
},
{
"cve": "CVE-2026-39829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39829"
}
],
"notes": [
{
"category": "general",
"text": "The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39829",
"url": "https://www.suse.com/security/cve/CVE-2026-39829"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39829",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39829"
},
{
"cve": "CVE-2026-39830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39830"
}
],
"notes": [
{
"category": "general",
"text": "A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection\u0027s read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39830",
"url": "https://www.suse.com/security/cve/CVE-2026-39830"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39830",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39830"
},
{
"cve": "CVE-2026-39831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39831"
}
],
"notes": [
{
"category": "general",
"text": "The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior, return a \"no-touch-required\" extension in Permissions.Extensions from PublicKeyCallback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39831",
"url": "https://www.suse.com/security/cve/CVE-2026-39831"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39831",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39831"
},
{
"cve": "CVE-2026-39832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39832"
}
],
"notes": [
{
"category": "general",
"text": "When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39832",
"url": "https://www.suse.com/security/cve/CVE-2026-39832"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39832",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39832"
},
{
"cve": "CVE-2026-39833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39833"
}
],
"notes": [
{
"category": "general",
"text": "The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring() now returns an error when unsupported constraints are requested.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39833",
"url": "https://www.suse.com/security/cve/CVE-2026-39833"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39833",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39833"
},
{
"cve": "CVE-2026-39834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39834"
}
],
"notes": [
{
"category": "general",
"text": "When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39834",
"url": "https://www.suse.com/security/cve/CVE-2026-39834"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39834",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39834"
},
{
"cve": "CVE-2026-39835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39835"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39835",
"url": "https://www.suse.com/security/cve/CVE-2026-39835"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39835",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39835"
},
{
"cve": "CVE-2026-42039",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42039"
}
],
"notes": [
{
"category": "general",
"text": "Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, toFormData recursively walks nested objects with no depth limit, so a deeply nested value passed as request data crashes the Node.js process with a RangeError. This vulnerability is fixed in 1.15.1 and 0.31.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42039",
"url": "https://www.suse.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "SUSE Bug 1267406 for CVE-2026-42039",
"url": "https://bugzilla.suse.com/1267406"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42039"
},
{
"cve": "CVE-2026-42502",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42502"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42502",
"url": "https://www.suse.com/security/cve/CVE-2026-42502"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-42502",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42502"
},
{
"cve": "CVE-2026-42506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42506"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42506",
"url": "https://www.suse.com/security/cve/CVE-2026-42506"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-42506",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42506"
},
{
"cve": "CVE-2026-42508",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42508"
}
],
"notes": [
{
"category": "general",
"text": "Previously, a revoked \u0027SignatureKey\u0027 belonging to a CA was not correctly checked for revocation. Now, both the \u0027key\u0027 and \u0027key.SignatureKey\u0027 are checked for @revoked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42508",
"url": "https://www.suse.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-42508",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42508"
},
{
"cve": "CVE-2026-46595",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46595"
}
],
"notes": [
{
"category": "general",
"text": "Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46595",
"url": "https://www.suse.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46595",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-46595"
},
{
"cve": "CVE-2026-46597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46597"
}
],
"notes": [
{
"category": "general",
"text": "An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46597",
"url": "https://www.suse.com/security/cve/CVE-2026-46597"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46597",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-46597"
},
{
"cve": "CVE-2026-46598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46598"
}
],
"notes": [
{
"category": "general",
"text": "For certain crafted inputs, a \u0027ed25519.PrivateKey\u0027 was created by casting malformed wire bytes, leading to a panic when used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46598",
"url": "https://www.suse.com/security/cve/CVE-2026-46598"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46598",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-46598"
}
]
}
OPENSUSE-SU-2026:20762-1
Vulnerability from csaf_opensuse - Published: 2026-05-17 20:16 - Updated: 2026-05-17 20:16Summary
Security update for go1.26
Severity
Important
Notes
Title of the patch: Security update for go1.26
Description of the patch: This update for go1.26 fixes the following issues
Security issues:
- CVE-2026-33811: net: crash when handling long CNAME response (bsc#1264508).
- CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE (bsc#1264506).
- CVE-2026-39817: cmd/go: "go tool pack" does not sanitize output paths (bsc#1264505).
- CVE-2026-39819: cmd/go: "go bug" follows symlinks in predictable temporary filenames (bsc#1264504).
- CVE-2026-39820: net/mail: quadratic string concatentation in consumeComment (bsc#1264503).
- CVE-2026-39823: html/template: bypass of meta content URL escaping causes XSS (bsc#1264509).
- CVE-2026-39825: net/http/httputil: ReverseProxy forwards queries with more than urlmaxqueryparams parameters
(bsc#1264500).
- CVE-2026-39826: html/template: escaper bypass leads to XSS (bsc#1264507).
- CVE-2026-39836: net: panic in Dial and LookupPort when handling NUL byte on Windows (bsc#1264501).
- CVE-2026-42499: net/mail: quadratic string concatenation in consumePhrase (bsc#1264502).
- CVE-2026-42501: cmd/go: malicious module proxy can bypass checksum database (bsc#1264499).
Non security issues:
- Updated to go1.26.3 (bsc#1255111).
- Go packages miss binutils-gold dependency (bsc#1170826).
Patchnames: openSUSE-Leap-16.0-758
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
48 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.26",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.26 fixes the following issues\n\nSecurity issues:\n\n- CVE-2026-33811: net: crash when handling long CNAME response (bsc#1264508).\n- CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE (bsc#1264506).\n- CVE-2026-39817: cmd/go: \"go tool pack\" does not sanitize output paths (bsc#1264505).\n- CVE-2026-39819: cmd/go: \"go bug\" follows symlinks in predictable temporary filenames (bsc#1264504).\n- CVE-2026-39820: net/mail: quadratic string concatentation in consumeComment (bsc#1264503).\n- CVE-2026-39823: html/template: bypass of meta content URL escaping causes XSS (bsc#1264509).\n- CVE-2026-39825: net/http/httputil: ReverseProxy forwards queries with more than urlmaxqueryparams parameters\n (bsc#1264500).\n- CVE-2026-39826: html/template: escaper bypass leads to XSS (bsc#1264507).\n- CVE-2026-39836: net: panic in Dial and LookupPort when handling NUL byte on Windows (bsc#1264501).\n- CVE-2026-42499: net/mail: quadratic string concatenation in consumePhrase (bsc#1264502).\n- CVE-2026-42501: cmd/go: malicious module proxy can bypass checksum database (bsc#1264499).\n\nNon security issues:\n\n- Updated to go1.26.3 (bsc#1255111).\n- Go packages miss binutils-gold dependency (bsc#1170826).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-758",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20762-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1170826",
"url": "https://bugzilla.suse.com/1170826"
},
{
"category": "self",
"summary": "SUSE Bug 1255111",
"url": "https://bugzilla.suse.com/1255111"
},
{
"category": "self",
"summary": "SUSE Bug 1264499",
"url": "https://bugzilla.suse.com/1264499"
},
{
"category": "self",
"summary": "SUSE Bug 1264500",
"url": "https://bugzilla.suse.com/1264500"
},
{
"category": "self",
"summary": "SUSE Bug 1264501",
"url": "https://bugzilla.suse.com/1264501"
},
{
"category": "self",
"summary": "SUSE Bug 1264502",
"url": "https://bugzilla.suse.com/1264502"
},
{
"category": "self",
"summary": "SUSE Bug 1264503",
"url": "https://bugzilla.suse.com/1264503"
},
{
"category": "self",
"summary": "SUSE Bug 1264504",
"url": "https://bugzilla.suse.com/1264504"
},
{
"category": "self",
"summary": "SUSE Bug 1264505",
"url": "https://bugzilla.suse.com/1264505"
},
{
"category": "self",
"summary": "SUSE Bug 1264506",
"url": "https://bugzilla.suse.com/1264506"
},
{
"category": "self",
"summary": "SUSE Bug 1264507",
"url": "https://bugzilla.suse.com/1264507"
},
{
"category": "self",
"summary": "SUSE Bug 1264508",
"url": "https://bugzilla.suse.com/1264508"
},
{
"category": "self",
"summary": "SUSE Bug 1264509",
"url": "https://bugzilla.suse.com/1264509"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33811 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33811/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39817 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39817/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39819 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39819/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39820 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39823 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39823/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39825 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39825/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39826 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39826/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39836 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39836/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42499 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42499/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42501 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42501/"
}
],
"title": "Security update for go1.26",
"tracking": {
"current_release_date": "2026-05-17T20:16:08Z",
"generator": {
"date": "2026-05-17T20:16:08Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20762-1",
"initial_release_date": "2026-05-17T20:16:08Z",
"revision_history": [
{
"date": "2026-05-17T20:16:08Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.26-1.26.3-160000.1.1.aarch64",
"product": {
"name": "go1.26-1.26.3-160000.1.1.aarch64",
"product_id": "go1.26-1.26.3-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.26-doc-1.26.3-160000.1.1.aarch64",
"product": {
"name": "go1.26-doc-1.26.3-160000.1.1.aarch64",
"product_id": "go1.26-doc-1.26.3-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.26-libstd-1.26.3-160000.1.1.aarch64",
"product": {
"name": "go1.26-libstd-1.26.3-160000.1.1.aarch64",
"product_id": "go1.26-libstd-1.26.3-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.26-race-1.26.3-160000.1.1.aarch64",
"product": {
"name": "go1.26-race-1.26.3-160000.1.1.aarch64",
"product_id": "go1.26-race-1.26.3-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.26-1.26.3-160000.1.1.ppc64le",
"product": {
"name": "go1.26-1.26.3-160000.1.1.ppc64le",
"product_id": "go1.26-1.26.3-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.26-doc-1.26.3-160000.1.1.ppc64le",
"product": {
"name": "go1.26-doc-1.26.3-160000.1.1.ppc64le",
"product_id": "go1.26-doc-1.26.3-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.26-race-1.26.3-160000.1.1.ppc64le",
"product": {
"name": "go1.26-race-1.26.3-160000.1.1.ppc64le",
"product_id": "go1.26-race-1.26.3-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.26-1.26.3-160000.1.1.s390x",
"product": {
"name": "go1.26-1.26.3-160000.1.1.s390x",
"product_id": "go1.26-1.26.3-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.26-doc-1.26.3-160000.1.1.s390x",
"product": {
"name": "go1.26-doc-1.26.3-160000.1.1.s390x",
"product_id": "go1.26-doc-1.26.3-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.26-race-1.26.3-160000.1.1.s390x",
"product": {
"name": "go1.26-race-1.26.3-160000.1.1.s390x",
"product_id": "go1.26-race-1.26.3-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.26-1.26.3-160000.1.1.x86_64",
"product": {
"name": "go1.26-1.26.3-160000.1.1.x86_64",
"product_id": "go1.26-1.26.3-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.26-doc-1.26.3-160000.1.1.x86_64",
"product": {
"name": "go1.26-doc-1.26.3-160000.1.1.x86_64",
"product_id": "go1.26-doc-1.26.3-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.26-libstd-1.26.3-160000.1.1.x86_64",
"product": {
"name": "go1.26-libstd-1.26.3-160000.1.1.x86_64",
"product_id": "go1.26-libstd-1.26.3-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.26-race-1.26.3-160000.1.1.x86_64",
"product": {
"name": "go1.26-race-1.26.3-160000.1.1.x86_64",
"product_id": "go1.26-race-1.26.3-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-1.26.3-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64"
},
"product_reference": "go1.26-1.26.3-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-1.26.3-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le"
},
"product_reference": "go1.26-1.26.3-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-1.26.3-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x"
},
"product_reference": "go1.26-1.26.3-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-1.26.3-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64"
},
"product_reference": "go1.26-1.26.3-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-doc-1.26.3-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64"
},
"product_reference": "go1.26-doc-1.26.3-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-doc-1.26.3-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le"
},
"product_reference": "go1.26-doc-1.26.3-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-doc-1.26.3-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x"
},
"product_reference": "go1.26-doc-1.26.3-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-doc-1.26.3-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64"
},
"product_reference": "go1.26-doc-1.26.3-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-libstd-1.26.3-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64"
},
"product_reference": "go1.26-libstd-1.26.3-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-libstd-1.26.3-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64"
},
"product_reference": "go1.26-libstd-1.26.3-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-race-1.26.3-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64"
},
"product_reference": "go1.26-race-1.26.3-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-race-1.26.3-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le"
},
"product_reference": "go1.26-race-1.26.3-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-race-1.26.3-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x"
},
"product_reference": "go1.26-race-1.26.3-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-race-1.26.3-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
},
"product_reference": "go1.26-race-1.26.3-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33811",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33811"
}
],
"notes": [
{
"category": "general",
"text": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33811",
"url": "https://www.suse.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "SUSE Bug 1264508 for CVE-2026-33811",
"url": "https://bugzilla.suse.com/1264508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-17T20:16:08Z",
"details": "important"
}
],
"title": "CVE-2026-33811"
},
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-17T20:16:08Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-39817",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39817"
}
],
"notes": [
{
"category": "general",
"text": "The \"go tool pack\" subcommand (usually used only by the compiler as an internal tool with known-good inputs) does not sanitize output filenames. Extracting a malicious archive file with the \"pack\" subcommand can write files to arbitrary locations on the filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39817",
"url": "https://www.suse.com/security/cve/CVE-2026-39817"
},
{
"category": "external",
"summary": "SUSE Bug 1264505 for CVE-2026-39817",
"url": "https://bugzilla.suse.com/1264505"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-17T20:16:08Z",
"details": "moderate"
}
],
"title": "CVE-2026-39817"
},
{
"cve": "CVE-2026-39819",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39819"
}
],
"notes": [
{
"category": "general",
"text": "The \"go bug\" command writes to two files with predictable names in the system temporary directory (for example, \"/tmp\"). An attacker with access to the temporary directory can create a symlink in one of these names, causing \"go bug\" to overwrite the target of the symlink.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39819",
"url": "https://www.suse.com/security/cve/CVE-2026-39819"
},
{
"category": "external",
"summary": "SUSE Bug 1264504 for CVE-2026-39819",
"url": "https://bugzilla.suse.com/1264504"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-17T20:16:08Z",
"details": "moderate"
}
],
"title": "CVE-2026-39819"
},
{
"cve": "CVE-2026-39820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39820"
}
],
"notes": [
{
"category": "general",
"text": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39820",
"url": "https://www.suse.com/security/cve/CVE-2026-39820"
},
{
"category": "external",
"summary": "SUSE Bug 1264503 for CVE-2026-39820",
"url": "https://bugzilla.suse.com/1264503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-17T20:16:08Z",
"details": "important"
}
],
"title": "CVE-2026-39820"
},
{
"cve": "CVE-2026-39823",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39823"
}
],
"notes": [
{
"category": "general",
"text": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag\u0027s \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the \u0027=\u0027 rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39823",
"url": "https://www.suse.com/security/cve/CVE-2026-39823"
},
{
"category": "external",
"summary": "SUSE Bug 1264509 for CVE-2026-39823",
"url": "https://bugzilla.suse.com/1264509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-17T20:16:08Z",
"details": "moderate"
}
],
"title": "CVE-2026-39823"
},
{
"cve": "CVE-2026-39825",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39825"
}
],
"notes": [
{
"category": "general",
"text": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery\u0027s limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy\u0027s Rewrite function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39825",
"url": "https://www.suse.com/security/cve/CVE-2026-39825"
},
{
"category": "external",
"summary": "SUSE Bug 1264500 for CVE-2026-39825",
"url": "https://bugzilla.suse.com/1264500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-17T20:16:08Z",
"details": "moderate"
}
],
"title": "CVE-2026-39825"
},
{
"cve": "CVE-2026-39826",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39826"
}
],
"notes": [
{
"category": "general",
"text": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty \u0027type\u0027 attribute or a \u0027type\u0027 attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39826",
"url": "https://www.suse.com/security/cve/CVE-2026-39826"
},
{
"category": "external",
"summary": "SUSE Bug 1264507 for CVE-2026-39826",
"url": "https://bugzilla.suse.com/1264507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-17T20:16:08Z",
"details": "moderate"
}
],
"title": "CVE-2026-39826"
},
{
"cve": "CVE-2026-39836",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39836"
}
],
"notes": [
{
"category": "general",
"text": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39836",
"url": "https://www.suse.com/security/cve/CVE-2026-39836"
},
{
"category": "external",
"summary": "SUSE Bug 1264501 for CVE-2026-39836",
"url": "https://bugzilla.suse.com/1264501"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-17T20:16:08Z",
"details": "important"
}
],
"title": "CVE-2026-39836"
},
{
"cve": "CVE-2026-42499",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42499"
}
],
"notes": [
{
"category": "general",
"text": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42499",
"url": "https://www.suse.com/security/cve/CVE-2026-42499"
},
{
"category": "external",
"summary": "SUSE Bug 1264502 for CVE-2026-42499",
"url": "https://bugzilla.suse.com/1264502"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-17T20:16:08Z",
"details": "important"
}
],
"title": "CVE-2026-42499"
},
{
"cve": "CVE-2026-42501",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42501"
}
],
"notes": [
{
"category": "general",
"text": "A malicious module proxy can exploit a flaw in the go command\u0027s validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module proxy (GOMODPROXY) or checksum database (GOSUMDB). A malicious module proxy can serve altered versions of the Go toolchain. When selecting a different version of the Go toolchain than the currently installed toolchain (due to the GOTOOLCHAIN environment variable, or a go.work or go.mod with a toolchain line), the go command will download and execute a toolchain provided by the module proxy. A malicious module proxy can bypass checksum database validation for this downloaded toolchain. Since this vulnerability affects the security of toolchain downloads, setting GOTOOLCHAIN to a fixed version is not sufficient. You must upgrade your base Go toolchain. The go tool always validates the hash of a toolchain before executing it, so fixed versions will refuse to execute any cached, altered versions of the toolchain. The go tool trusts go.sum files to contain accurate hashes of the current module\u0027s dependencies. A malicious proxy exploiting this vulnerability to serve an altered module will have caused an incorrect hash to be recorded in the go.sum. Users who have configured a non-trusted GOPROXY can determine if they have been affected by running \"rm go.sum ; go mod tidy ; go mod verify\", which will revalidate all dependencies of the current module. The specific flaw in more detail: The go command consults the checksum database to validate downloaded modules, when a module is not listed in the go.sum file. It verifies that the module hash reported by the checksum database matches the hash of the downloaded module. If, however, the checksum database returns a successful response that contains no entry for the module, the go command incorrectly permitted validation to succeed. A module proxy may mirror or proxy the checksum database, in which case the go command will not connect to the checksum database directly. Checksums reported by the checksum database are cryptographically signed, so a malicious proxy cannot alter the reported checksum for a module. However, a proxy which returns an empty checksum response, or a checksum response for an unrelated module, could cause the go command to proceed as if a downloaded module has been validated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42501",
"url": "https://www.suse.com/security/cve/CVE-2026-42501"
},
{
"category": "external",
"summary": "SUSE Bug 1264499 for CVE-2026-42501",
"url": "https://bugzilla.suse.com/1264499"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-17T20:16:08Z",
"details": "important"
}
],
"title": "CVE-2026-42501"
}
]
}
OPENSUSE-SU-2026:20763-1
Vulnerability from csaf_opensuse - Published: 2026-05-18 00:17 - Updated: 2026-05-18 00:17Summary
Security update for go1.25
Severity
Important
Notes
Title of the patch: Security update for go1.25
Description of the patch: This update for go1.25 fixes the following issues
Security issues:
- CVE-2026-33811: net: crash when handling long CNAME response (bsc#1264508).
- CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE (bsc#1264506).
- CVE-2026-39817: cmd/go: "go tool pack" does not sanitize output paths (bsc#1264505).
- CVE-2026-39819: cmd/go: "go bug" follows symlinks in predictable temporary filenames (bsc#1264504).
- CVE-2026-39820: net/mail: quadratic string concatentation in consumeComment (bsc#1264503).
- CVE-2026-39823: html/template: bypass of meta content URL escaping causes XSS (bsc#1264509).
- CVE-2026-39825: net/http/httputil: ReverseProxy forwards queries with more than urlmaxqueryparams parameters
(bsc#1264500).
- CVE-2026-39826: html/template: escaper bypass leads to XSS (bsc#1264507).
- CVE-2026-39836: net: panic in Dial and LookupPort when handling NUL byte on Windows (bsc#1264501).
- CVE-2026-42499: net/mail: quadratic string concatenation in consumePhrase (bsc#1264502).
- CVE-2026-42501: cmd/go: malicious module proxy can bypass checksum database (bsc#1264499).
Non security issues:
- Updated to go1.25.10 (bsc#1244485).
- Go packages miss binutils-gold dependency (bsc#1170826).
Patchnames: openSUSE-Leap-16.0-760
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
48 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.25",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.25 fixes the following issues\n\nSecurity issues:\n\n- CVE-2026-33811: net: crash when handling long CNAME response (bsc#1264508).\n- CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE (bsc#1264506).\n- CVE-2026-39817: cmd/go: \"go tool pack\" does not sanitize output paths (bsc#1264505).\n- CVE-2026-39819: cmd/go: \"go bug\" follows symlinks in predictable temporary filenames (bsc#1264504).\n- CVE-2026-39820: net/mail: quadratic string concatentation in consumeComment (bsc#1264503).\n- CVE-2026-39823: html/template: bypass of meta content URL escaping causes XSS (bsc#1264509).\n- CVE-2026-39825: net/http/httputil: ReverseProxy forwards queries with more than urlmaxqueryparams parameters\n (bsc#1264500).\n- CVE-2026-39826: html/template: escaper bypass leads to XSS (bsc#1264507).\n- CVE-2026-39836: net: panic in Dial and LookupPort when handling NUL byte on Windows (bsc#1264501).\n- CVE-2026-42499: net/mail: quadratic string concatenation in consumePhrase (bsc#1264502).\n- CVE-2026-42501: cmd/go: malicious module proxy can bypass checksum database (bsc#1264499).\n\nNon security issues:\n\n- Updated to go1.25.10 (bsc#1244485).\n- Go packages miss binutils-gold dependency (bsc#1170826).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-760",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20763-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1170826",
"url": "https://bugzilla.suse.com/1170826"
},
{
"category": "self",
"summary": "SUSE Bug 1244485",
"url": "https://bugzilla.suse.com/1244485"
},
{
"category": "self",
"summary": "SUSE Bug 1264499",
"url": "https://bugzilla.suse.com/1264499"
},
{
"category": "self",
"summary": "SUSE Bug 1264500",
"url": "https://bugzilla.suse.com/1264500"
},
{
"category": "self",
"summary": "SUSE Bug 1264501",
"url": "https://bugzilla.suse.com/1264501"
},
{
"category": "self",
"summary": "SUSE Bug 1264502",
"url": "https://bugzilla.suse.com/1264502"
},
{
"category": "self",
"summary": "SUSE Bug 1264503",
"url": "https://bugzilla.suse.com/1264503"
},
{
"category": "self",
"summary": "SUSE Bug 1264504",
"url": "https://bugzilla.suse.com/1264504"
},
{
"category": "self",
"summary": "SUSE Bug 1264505",
"url": "https://bugzilla.suse.com/1264505"
},
{
"category": "self",
"summary": "SUSE Bug 1264506",
"url": "https://bugzilla.suse.com/1264506"
},
{
"category": "self",
"summary": "SUSE Bug 1264507",
"url": "https://bugzilla.suse.com/1264507"
},
{
"category": "self",
"summary": "SUSE Bug 1264508",
"url": "https://bugzilla.suse.com/1264508"
},
{
"category": "self",
"summary": "SUSE Bug 1264509",
"url": "https://bugzilla.suse.com/1264509"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33811 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33811/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39817 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39817/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39819 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39819/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39820 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39823 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39823/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39825 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39825/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39826 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39826/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39836 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39836/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42499 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42499/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42501 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42501/"
}
],
"title": "Security update for go1.25",
"tracking": {
"current_release_date": "2026-05-18T00:17:42Z",
"generator": {
"date": "2026-05-18T00:17:42Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20763-1",
"initial_release_date": "2026-05-18T00:17:42Z",
"revision_history": [
{
"date": "2026-05-18T00:17:42Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.25-1.25.10-160000.1.1.aarch64",
"product": {
"name": "go1.25-1.25.10-160000.1.1.aarch64",
"product_id": "go1.25-1.25.10-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.25-doc-1.25.10-160000.1.1.aarch64",
"product": {
"name": "go1.25-doc-1.25.10-160000.1.1.aarch64",
"product_id": "go1.25-doc-1.25.10-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.25-libstd-1.25.10-160000.1.1.aarch64",
"product": {
"name": "go1.25-libstd-1.25.10-160000.1.1.aarch64",
"product_id": "go1.25-libstd-1.25.10-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.25-race-1.25.10-160000.1.1.aarch64",
"product": {
"name": "go1.25-race-1.25.10-160000.1.1.aarch64",
"product_id": "go1.25-race-1.25.10-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.25-1.25.10-160000.1.1.ppc64le",
"product": {
"name": "go1.25-1.25.10-160000.1.1.ppc64le",
"product_id": "go1.25-1.25.10-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.25-doc-1.25.10-160000.1.1.ppc64le",
"product": {
"name": "go1.25-doc-1.25.10-160000.1.1.ppc64le",
"product_id": "go1.25-doc-1.25.10-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.25-race-1.25.10-160000.1.1.ppc64le",
"product": {
"name": "go1.25-race-1.25.10-160000.1.1.ppc64le",
"product_id": "go1.25-race-1.25.10-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.25-1.25.10-160000.1.1.s390x",
"product": {
"name": "go1.25-1.25.10-160000.1.1.s390x",
"product_id": "go1.25-1.25.10-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.25-doc-1.25.10-160000.1.1.s390x",
"product": {
"name": "go1.25-doc-1.25.10-160000.1.1.s390x",
"product_id": "go1.25-doc-1.25.10-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.25-race-1.25.10-160000.1.1.s390x",
"product": {
"name": "go1.25-race-1.25.10-160000.1.1.s390x",
"product_id": "go1.25-race-1.25.10-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.25-1.25.10-160000.1.1.x86_64",
"product": {
"name": "go1.25-1.25.10-160000.1.1.x86_64",
"product_id": "go1.25-1.25.10-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.25-doc-1.25.10-160000.1.1.x86_64",
"product": {
"name": "go1.25-doc-1.25.10-160000.1.1.x86_64",
"product_id": "go1.25-doc-1.25.10-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.25-libstd-1.25.10-160000.1.1.x86_64",
"product": {
"name": "go1.25-libstd-1.25.10-160000.1.1.x86_64",
"product_id": "go1.25-libstd-1.25.10-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.25-race-1.25.10-160000.1.1.x86_64",
"product": {
"name": "go1.25-race-1.25.10-160000.1.1.x86_64",
"product_id": "go1.25-race-1.25.10-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-1.25.10-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64"
},
"product_reference": "go1.25-1.25.10-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-1.25.10-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le"
},
"product_reference": "go1.25-1.25.10-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-1.25.10-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x"
},
"product_reference": "go1.25-1.25.10-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-1.25.10-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64"
},
"product_reference": "go1.25-1.25.10-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-doc-1.25.10-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64"
},
"product_reference": "go1.25-doc-1.25.10-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-doc-1.25.10-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le"
},
"product_reference": "go1.25-doc-1.25.10-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-doc-1.25.10-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x"
},
"product_reference": "go1.25-doc-1.25.10-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-doc-1.25.10-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64"
},
"product_reference": "go1.25-doc-1.25.10-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-libstd-1.25.10-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64"
},
"product_reference": "go1.25-libstd-1.25.10-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-libstd-1.25.10-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64"
},
"product_reference": "go1.25-libstd-1.25.10-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-race-1.25.10-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64"
},
"product_reference": "go1.25-race-1.25.10-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-race-1.25.10-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le"
},
"product_reference": "go1.25-race-1.25.10-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-race-1.25.10-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x"
},
"product_reference": "go1.25-race-1.25.10-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-race-1.25.10-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
},
"product_reference": "go1.25-race-1.25.10-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33811",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33811"
}
],
"notes": [
{
"category": "general",
"text": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33811",
"url": "https://www.suse.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "SUSE Bug 1264508 for CVE-2026-33811",
"url": "https://bugzilla.suse.com/1264508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T00:17:42Z",
"details": "important"
}
],
"title": "CVE-2026-33811"
},
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T00:17:42Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-39817",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39817"
}
],
"notes": [
{
"category": "general",
"text": "The \"go tool pack\" subcommand (usually used only by the compiler as an internal tool with known-good inputs) does not sanitize output filenames. Extracting a malicious archive file with the \"pack\" subcommand can write files to arbitrary locations on the filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39817",
"url": "https://www.suse.com/security/cve/CVE-2026-39817"
},
{
"category": "external",
"summary": "SUSE Bug 1264505 for CVE-2026-39817",
"url": "https://bugzilla.suse.com/1264505"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T00:17:42Z",
"details": "moderate"
}
],
"title": "CVE-2026-39817"
},
{
"cve": "CVE-2026-39819",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39819"
}
],
"notes": [
{
"category": "general",
"text": "The \"go bug\" command writes to two files with predictable names in the system temporary directory (for example, \"/tmp\"). An attacker with access to the temporary directory can create a symlink in one of these names, causing \"go bug\" to overwrite the target of the symlink.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39819",
"url": "https://www.suse.com/security/cve/CVE-2026-39819"
},
{
"category": "external",
"summary": "SUSE Bug 1264504 for CVE-2026-39819",
"url": "https://bugzilla.suse.com/1264504"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T00:17:42Z",
"details": "moderate"
}
],
"title": "CVE-2026-39819"
},
{
"cve": "CVE-2026-39820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39820"
}
],
"notes": [
{
"category": "general",
"text": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39820",
"url": "https://www.suse.com/security/cve/CVE-2026-39820"
},
{
"category": "external",
"summary": "SUSE Bug 1264503 for CVE-2026-39820",
"url": "https://bugzilla.suse.com/1264503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T00:17:42Z",
"details": "important"
}
],
"title": "CVE-2026-39820"
},
{
"cve": "CVE-2026-39823",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39823"
}
],
"notes": [
{
"category": "general",
"text": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag\u0027s \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the \u0027=\u0027 rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39823",
"url": "https://www.suse.com/security/cve/CVE-2026-39823"
},
{
"category": "external",
"summary": "SUSE Bug 1264509 for CVE-2026-39823",
"url": "https://bugzilla.suse.com/1264509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T00:17:42Z",
"details": "moderate"
}
],
"title": "CVE-2026-39823"
},
{
"cve": "CVE-2026-39825",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39825"
}
],
"notes": [
{
"category": "general",
"text": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery\u0027s limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy\u0027s Rewrite function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39825",
"url": "https://www.suse.com/security/cve/CVE-2026-39825"
},
{
"category": "external",
"summary": "SUSE Bug 1264500 for CVE-2026-39825",
"url": "https://bugzilla.suse.com/1264500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T00:17:42Z",
"details": "moderate"
}
],
"title": "CVE-2026-39825"
},
{
"cve": "CVE-2026-39826",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39826"
}
],
"notes": [
{
"category": "general",
"text": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty \u0027type\u0027 attribute or a \u0027type\u0027 attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39826",
"url": "https://www.suse.com/security/cve/CVE-2026-39826"
},
{
"category": "external",
"summary": "SUSE Bug 1264507 for CVE-2026-39826",
"url": "https://bugzilla.suse.com/1264507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T00:17:42Z",
"details": "moderate"
}
],
"title": "CVE-2026-39826"
},
{
"cve": "CVE-2026-39836",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39836"
}
],
"notes": [
{
"category": "general",
"text": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39836",
"url": "https://www.suse.com/security/cve/CVE-2026-39836"
},
{
"category": "external",
"summary": "SUSE Bug 1264501 for CVE-2026-39836",
"url": "https://bugzilla.suse.com/1264501"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T00:17:42Z",
"details": "important"
}
],
"title": "CVE-2026-39836"
},
{
"cve": "CVE-2026-42499",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42499"
}
],
"notes": [
{
"category": "general",
"text": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42499",
"url": "https://www.suse.com/security/cve/CVE-2026-42499"
},
{
"category": "external",
"summary": "SUSE Bug 1264502 for CVE-2026-42499",
"url": "https://bugzilla.suse.com/1264502"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T00:17:42Z",
"details": "important"
}
],
"title": "CVE-2026-42499"
},
{
"cve": "CVE-2026-42501",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42501"
}
],
"notes": [
{
"category": "general",
"text": "A malicious module proxy can exploit a flaw in the go command\u0027s validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module proxy (GOMODPROXY) or checksum database (GOSUMDB). A malicious module proxy can serve altered versions of the Go toolchain. When selecting a different version of the Go toolchain than the currently installed toolchain (due to the GOTOOLCHAIN environment variable, or a go.work or go.mod with a toolchain line), the go command will download and execute a toolchain provided by the module proxy. A malicious module proxy can bypass checksum database validation for this downloaded toolchain. Since this vulnerability affects the security of toolchain downloads, setting GOTOOLCHAIN to a fixed version is not sufficient. You must upgrade your base Go toolchain. The go tool always validates the hash of a toolchain before executing it, so fixed versions will refuse to execute any cached, altered versions of the toolchain. The go tool trusts go.sum files to contain accurate hashes of the current module\u0027s dependencies. A malicious proxy exploiting this vulnerability to serve an altered module will have caused an incorrect hash to be recorded in the go.sum. Users who have configured a non-trusted GOPROXY can determine if they have been affected by running \"rm go.sum ; go mod tidy ; go mod verify\", which will revalidate all dependencies of the current module. The specific flaw in more detail: The go command consults the checksum database to validate downloaded modules, when a module is not listed in the go.sum file. It verifies that the module hash reported by the checksum database matches the hash of the downloaded module. If, however, the checksum database returns a successful response that contains no entry for the module, the go command incorrectly permitted validation to succeed. A module proxy may mirror or proxy the checksum database, in which case the go command will not connect to the checksum database directly. Checksums reported by the checksum database are cryptographically signed, so a malicious proxy cannot alter the reported checksum for a module. However, a proxy which returns an empty checksum response, or a checksum response for an unrelated module, could cause the go command to proceed as if a downloaded module has been validated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42501",
"url": "https://www.suse.com/security/cve/CVE-2026-42501"
},
{
"category": "external",
"summary": "SUSE Bug 1264499 for CVE-2026-42501",
"url": "https://bugzilla.suse.com/1264499"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T00:17:42Z",
"details": "important"
}
],
"title": "CVE-2026-42501"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…