Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-42506 (GCVE-0-2026-42506)
Vulnerability from cvelistv5 – Published: 2026-05-22 15:01 – Updated: 2026-05-22 17:45
VLAI
EPSS
Title
Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html
Summary
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| golang.org/x/net | golang.org/x/net/html |
Affected:
0 , < 0.55.0
(semver)
|
Credits
ensy
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-42506",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-22T17:45:29.886387Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T17:45:49.989Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "golang.org/x/net/html",
"product": "golang.org/x/net/html",
"programRoutines": [
{
"name": "parser.parse"
},
{
"name": "Parse"
},
{
"name": "ParseFragment"
},
{
"name": "ParseFragmentWithOptions"
},
{
"name": "ParseWithOptions"
}
],
"vendor": "golang.org/x/net",
"versions": [
{
"lessThan": "0.55.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ensy"
}
],
"descriptions": [
{
"lang": "en",
"value": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T15:01:21.056Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/issue/79571"
},
{
"url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8"
},
{
"url": "https://go.dev/cl/781700"
},
{
"url": "https://pkg.go.dev/vuln/GO-2026-5025"
}
],
"title": "Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2026-42506",
"datePublished": "2026-05-22T15:01:21.056Z",
"dateReserved": "2026-04-28T00:21:12.792Z",
"dateUpdated": "2026-05-22T17:45:49.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-42506",
"date": "2026-06-27",
"epss": "0.00188",
"percentile": "0.08636"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-42506\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2026-05-22T16:16:20.803\",\"lastModified\":\"2026-05-29T19:06:20.453\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:net:*:*:*:*:*:go:*:*\",\"versionEndExcluding\":\"0.55.0\",\"matchCriteriaId\":\"38C86E7B-A1CA-4670-B113-FC9585261F6F\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/781700\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://go.dev/issue/79571\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2026-5025\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-42506\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-22T17:45:29.886387Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-22T17:45:46.046Z\"}}], \"cna\": {\"title\": \"Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html\", \"credits\": [{\"lang\": \"en\", \"value\": \"ensy\"}], \"affected\": [{\"vendor\": \"golang.org/x/net\", \"product\": \"golang.org/x/net/html\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"0.55.0\", \"versionType\": \"semver\"}], \"packageName\": \"golang.org/x/net/html\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"parser.parse\"}, {\"name\": \"Parse\"}, {\"name\": \"ParseFragment\"}, {\"name\": \"ParseFragmentWithOptions\"}, {\"name\": \"ParseWithOptions\"}]}], \"references\": [{\"url\": \"https://go.dev/issue/79571\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8\"}, {\"url\": \"https://go.dev/cl/781700\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2026-5025\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2026-05-22T15:01:21.056Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-42506\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-22T17:45:49.989Z\", \"dateReserved\": \"2026-04-28T00:21:12.792Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2026-05-22T15:01:21.056Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-42506
Vulnerability from fkie_nvd - Published: 2026-05-22 16:16 - Updated: 2026-06-17 10:47
Severity
Summary
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.
References
| URL | Tags | ||
|---|---|---|---|
| security@golang.org | https://go.dev/cl/781700 | Issue Tracking | |
| security@golang.org | https://go.dev/issue/79571 | Issue Tracking | |
| security@golang.org | https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8 | Mailing List | |
| security@golang.org | https://pkg.go.dev/vuln/GO-2026-5025 | Vendor Advisory |
{
"affected": [
{
"affectedData": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "golang.org/x/net/html",
"product": "golang.org/x/net/html",
"programRoutines": [
{
"name": "parser.parse"
},
{
"name": "Parse"
},
{
"name": "ParseFragment"
},
{
"name": "ParseFragmentWithOptions"
},
{
"name": "ParseWithOptions"
}
],
"vendor": "golang.org/x/net",
"versions": [
{
"lessThan": "0.55.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"source": "security@golang.org"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:golang:net:*:*:*:*:*:go:*:*",
"matchCriteriaId": "38C86E7B-A1CA-4670-B113-FC9585261F6F",
"versionEndExcluding": "0.55.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering."
}
],
"id": "CVE-2026-42506",
"lastModified": "2026-06-17T10:47:56.993",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-42506",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-22T17:45:29.886387Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-05-22T16:16:20.803",
"references": [
{
"source": "security@golang.org",
"tags": [
"Issue Tracking"
],
"url": "https://go.dev/cl/781700"
},
{
"source": "security@golang.org",
"tags": [
"Issue Tracking"
],
"url": "https://go.dev/issue/79571"
},
{
"source": "security@golang.org",
"tags": [
"Mailing List"
],
"url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8"
},
{
"source": "security@golang.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pkg.go.dev/vuln/GO-2026-5025"
}
],
"sourceIdentifier": "security@golang.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-CG87-VWWH-XVGJ
Vulnerability from github – Published: 2026-05-26 13:30 – Updated: 2026-05-26 13:30
VLAI
Details
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.
Severity
6.1 (Medium)
{
"affected": [],
"aliases": [
"CVE-2026-42506"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-22T16:16:20Z",
"severity": "MODERATE"
},
"details": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"id": "GHSA-cg87-vwwh-xvgj",
"modified": "2026-05-26T13:30:18Z",
"published": "2026-05-26T13:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42506"
},
{
"type": "WEB",
"url": "https://go.dev/cl/781700"
},
{
"type": "WEB",
"url": "https://go.dev/issue/79571"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2026-5025"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
MSRC_CVE-2026-42506
Vulnerability from csaf_microsoft - Published: 2026-05-02 00:00 - Updated: 2026-06-04 01:45Summary
Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
6.1 (Medium)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 20981-17084 | — | ||
| Unresolved product id: 20984-17084 | — | ||
| Unresolved product id: 20985-17084 | — | ||
| Unresolved product id: 20986-17084 | — | ||
| Unresolved product id: 21358-17084 | — | ||
| Unresolved product id: 21319-17084 | — | ||
| Unresolved product id: 21276-17084 | — | ||
| Unresolved product id: 20991-17084 | — | ||
| Unresolved product id: 21359-17084 | — | ||
| Unresolved product id: 21271-17084 | — | ||
| Unresolved product id: 21272-17084 | — | ||
| Unresolved product id: 21278-17084 | — | ||
| Unresolved product id: 21281-17084 | — | ||
| Unresolved product id: 21007-17084 | — | ||
| Unresolved product id: 21008-17084 | — | ||
| Unresolved product id: 21256-17084 | — | ||
| Unresolved product id: 21299-17084 | — | ||
| Unresolved product id: 21013-17084 | — | ||
| Unresolved product id: 20966-17084 | — | ||
| Unresolved product id: 21015-17084 | — | ||
| Unresolved product id: 21020-17084 | — | ||
| Unresolved product id: 21258-17084 | — | ||
| Unresolved product id: 21378-17084 | — | ||
| Unresolved product id: 21414-17084 | — |
Known affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17084-23 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-21 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-20 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-4 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-5 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-9 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-19 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-11 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-10 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-7 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-18 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-17 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-13 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-6 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-16 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-15 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-2 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-1 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17084-26 | — | ||
| Unresolved product id: 17084-25 | — |
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2026/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2026/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-42506.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html",
"tracking": {
"current_release_date": "2026-06-04T01:45:02.000Z",
"generator": {
"date": "2026-06-04T07:14:30.706Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2026-42506",
"initial_release_date": "2026-05-02T00:00:00.000Z",
"revision_history": [
{
"date": "2026-05-27T01:05:02.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-05-27T14:42:47.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
},
{
"date": "2026-05-28T14:49:46.000Z",
"legacy_version": "3",
"number": "3",
"summary": "Information published."
},
{
"date": "2026-05-30T14:05:25.000Z",
"legacy_version": "4",
"number": "4",
"summary": "Information published."
},
{
"date": "2026-05-30T14:41:36.000Z",
"legacy_version": "5",
"number": "5",
"summary": "Information published."
},
{
"date": "2026-05-31T14:45:47.000Z",
"legacy_version": "6",
"number": "6",
"summary": "Information published."
},
{
"date": "2026-06-02T01:43:53.000Z",
"legacy_version": "7",
"number": "7",
"summary": "Information published."
},
{
"date": "2026-06-02T14:39:54.000Z",
"legacy_version": "8",
"number": "8",
"summary": "Information published."
},
{
"date": "2026-06-03T01:48:48.000Z",
"legacy_version": "9",
"number": "9",
"summary": "Information published."
},
{
"date": "2026-06-03T14:44:26.000Z",
"legacy_version": "1",
"number": "10",
"summary": "Information published."
},
{
"date": "2026-06-04T01:45:02.000Z",
"legacy_version": "11",
"number": "11",
"summary": "Information published."
}
],
"status": "final",
"version": "11"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 application-gateway-kubernetes-ingress 0:1.7.7-3.azl3",
"product": {
"name": "\u003cazl3 application-gateway-kubernetes-ingress 0:1.7.7-3.azl3",
"product_id": "23"
}
},
{
"category": "product_version",
"name": "azl3 application-gateway-kubernetes-ingress 0:1.7.7-3.azl3",
"product": {
"name": "azl3 application-gateway-kubernetes-ingress 0:1.7.7-3.azl3",
"product_id": "20981"
}
}
],
"category": "product_name",
"name": "application-gateway-kubernetes-ingress"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 cert-manager 0:1.12.15-6.azl3",
"product": {
"name": "\u003cazl3 cert-manager 0:1.12.15-6.azl3",
"product_id": "22"
}
},
{
"category": "product_version",
"name": "azl3 cert-manager 0:1.12.15-6.azl3",
"product": {
"name": "azl3 cert-manager 0:1.12.15-6.azl3",
"product_id": "20984"
}
}
],
"category": "product_name",
"name": "cert-manager"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 cf-cli 0:8.7.11-5.azl3",
"product": {
"name": "\u003cazl3 cf-cli 0:8.7.11-5.azl3",
"product_id": "21"
}
},
{
"category": "product_version",
"name": "azl3 cf-cli 0:8.7.11-5.azl3",
"product": {
"name": "azl3 cf-cli 0:8.7.11-5.azl3",
"product_id": "20985"
}
}
],
"category": "product_name",
"name": "cf-cli"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 cloud-provider-kubevirt 0:0.5.1-3.azl3",
"product": {
"name": "\u003cazl3 cloud-provider-kubevirt 0:0.5.1-3.azl3",
"product_id": "20"
}
},
{
"category": "product_version",
"name": "azl3 cloud-provider-kubevirt 0:0.5.1-3.azl3",
"product": {
"name": "azl3 cloud-provider-kubevirt 0:0.5.1-3.azl3",
"product_id": "20986"
}
}
],
"category": "product_name",
"name": "cloud-provider-kubevirt"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 cni-plugins 0:1.4.0-5.azl3",
"product": {
"name": "\u003cazl3 cni-plugins 0:1.4.0-5.azl3",
"product_id": "4"
}
},
{
"category": "product_version",
"name": "azl3 cni-plugins 0:1.4.0-5.azl3",
"product": {
"name": "azl3 cni-plugins 0:1.4.0-5.azl3",
"product_id": "21358"
}
}
],
"category": "product_name",
"name": "cni-plugins"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 containerd2 0:2.1.6-2.azl3",
"product": {
"name": "\u003cazl3 containerd2 0:2.1.6-2.azl3",
"product_id": "5"
}
},
{
"category": "product_version",
"name": "azl3 containerd2 0:2.1.6-2.azl3",
"product": {
"name": "azl3 containerd2 0:2.1.6-2.azl3",
"product_id": "21319"
}
}
],
"category": "product_name",
"name": "containerd2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 containerized-data-importer 0:1.62.0-3.azl3",
"product": {
"name": "\u003cazl3 containerized-data-importer 0:1.62.0-3.azl3",
"product_id": "9"
}
},
{
"category": "product_version",
"name": "azl3 containerized-data-importer 0:1.62.0-3.azl3",
"product": {
"name": "azl3 containerized-data-importer 0:1.62.0-3.azl3",
"product_id": "21276"
}
}
],
"category": "product_name",
"name": "containerized-data-importer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 cri-tools 0:1.32.0-4.azl3",
"product": {
"name": "\u003cazl3 cri-tools 0:1.32.0-4.azl3",
"product_id": "19"
}
},
{
"category": "product_version",
"name": "azl3 cri-tools 0:1.32.0-4.azl3",
"product": {
"name": "azl3 cri-tools 0:1.32.0-4.azl3",
"product_id": "20991"
}
}
],
"category": "product_name",
"name": "cri-tools"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 dasel 0:2.8.1-3.azl3",
"product": {
"name": "\u003cazl3 dasel 0:2.8.1-3.azl3",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "azl3 dasel 0:2.8.1-3.azl3",
"product": {
"name": "azl3 dasel 0:2.8.1-3.azl3",
"product_id": "21359"
}
}
],
"category": "product_name",
"name": "dasel"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 docker-buildx 0:0.14.0-11.azl3",
"product": {
"name": "\u003cazl3 docker-buildx 0:0.14.0-11.azl3",
"product_id": "11"
}
},
{
"category": "product_version",
"name": "azl3 docker-buildx 0:0.14.0-11.azl3",
"product": {
"name": "azl3 docker-buildx 0:0.14.0-11.azl3",
"product_id": "21271"
}
}
],
"category": "product_name",
"name": "docker-buildx"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 docker-compose 0:2.27.0-9.azl3",
"product": {
"name": "\u003cazl3 docker-compose 0:2.27.0-9.azl3",
"product_id": "10"
}
},
{
"category": "product_version",
"name": "azl3 docker-compose 0:2.27.0-9.azl3",
"product": {
"name": "azl3 docker-compose 0:2.27.0-9.azl3",
"product_id": "21272"
}
}
],
"category": "product_name",
"name": "docker-compose"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 gh 0:2.62.0-15.azl3",
"product": {
"name": "\u003cazl3 gh 0:2.62.0-15.azl3",
"product_id": "8"
}
},
{
"category": "product_version",
"name": "azl3 gh 0:2.62.0-15.azl3",
"product": {
"name": "azl3 gh 0:2.62.0-15.azl3",
"product_id": "21278"
}
}
],
"category": "product_name",
"name": "gh"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 influxdb 0:2.7.5-15.azl3",
"product": {
"name": "\u003cazl3 influxdb 0:2.7.5-15.azl3",
"product_id": "7"
}
},
{
"category": "product_version",
"name": "azl3 influxdb 0:2.7.5-15.azl3",
"product": {
"name": "azl3 influxdb 0:2.7.5-15.azl3",
"product_id": "21281"
}
}
],
"category": "product_name",
"name": "influxdb"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 keda 0:2.14.1-11.azl3",
"product": {
"name": "\u003cazl3 keda 0:2.14.1-11.azl3",
"product_id": "18"
}
},
{
"category": "product_version",
"name": "azl3 keda 0:2.14.1-11.azl3",
"product": {
"name": "azl3 keda 0:2.14.1-11.azl3",
"product_id": "21007"
}
}
],
"category": "product_name",
"name": "keda"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 kube-vip-cloud-provider 0:0.0.10-5.azl3",
"product": {
"name": "\u003cazl3 kube-vip-cloud-provider 0:0.0.10-5.azl3",
"product_id": "17"
}
},
{
"category": "product_version",
"name": "azl3 kube-vip-cloud-provider 0:0.0.10-5.azl3",
"product": {
"name": "azl3 kube-vip-cloud-provider 0:0.0.10-5.azl3",
"product_id": "21008"
}
}
],
"category": "product_name",
"name": "kube-vip-cloud-provider"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 kubernetes 0:1.30.10-23.azl3",
"product": {
"name": "\u003cazl3 kubernetes 0:1.30.10-23.azl3",
"product_id": "13"
}
},
{
"category": "product_version",
"name": "azl3 kubernetes 0:1.30.10-23.azl3",
"product": {
"name": "azl3 kubernetes 0:1.30.10-23.azl3",
"product_id": "21256"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 kubernetes 0:1.30.10-25.azl3",
"product": {
"name": "\u003cazl3 kubernetes 0:1.30.10-25.azl3",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "azl3 kubernetes 0:1.30.10-25.azl3",
"product": {
"name": "azl3 kubernetes 0:1.30.10-25.azl3",
"product_id": "21378"
}
}
],
"category": "product_name",
"name": "kubernetes"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 kubevirt 0:1.7.1-2.azl3",
"product": {
"name": "\u003cazl3 kubevirt 0:1.7.1-2.azl3",
"product_id": "6"
}
},
{
"category": "product_version",
"name": "azl3 kubevirt 0:1.7.1-2.azl3",
"product": {
"name": "azl3 kubevirt 0:1.7.1-2.azl3",
"product_id": "21299"
}
}
],
"category": "product_name",
"name": "kubevirt"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 multus 0:4.0.2-7.azl3",
"product": {
"name": "\u003cazl3 multus 0:4.0.2-7.azl3",
"product_id": "16"
}
},
{
"category": "product_version",
"name": "azl3 multus 0:4.0.2-7.azl3",
"product": {
"name": "azl3 multus 0:4.0.2-7.azl3",
"product_id": "21013"
}
}
],
"category": "product_name",
"name": "multus"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 packer 0:1.9.5-13.azl3",
"product": {
"name": "\u003cazl3 packer 0:1.9.5-13.azl3",
"product_id": "24"
}
},
{
"category": "product_version",
"name": "azl3 packer 0:1.9.5-13.azl3",
"product": {
"name": "azl3 packer 0:1.9.5-13.azl3",
"product_id": "20966"
}
}
],
"category": "product_name",
"name": "packer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 prometheus-adapter 0:0.12.0-5.azl3",
"product": {
"name": "\u003cazl3 prometheus-adapter 0:0.12.0-5.azl3",
"product_id": "15"
}
},
{
"category": "product_version",
"name": "azl3 prometheus-adapter 0:0.12.0-5.azl3",
"product": {
"name": "azl3 prometheus-adapter 0:0.12.0-5.azl3",
"product_id": "21015"
}
}
],
"category": "product_name",
"name": "prometheus-adapter"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 sriov-network-device-plugin 0:3.7.0-5.azl3",
"product": {
"name": "\u003cazl3 sriov-network-device-plugin 0:3.7.0-5.azl3",
"product_id": "14"
}
},
{
"category": "product_version",
"name": "azl3 sriov-network-device-plugin 0:3.7.0-5.azl3",
"product": {
"name": "azl3 sriov-network-device-plugin 0:3.7.0-5.azl3",
"product_id": "21020"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 sriov-network-device-plugin 0:3.7.0-6.azl3",
"product": {
"name": "\u003cazl3 sriov-network-device-plugin 0:3.7.0-6.azl3",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "azl3 sriov-network-device-plugin 0:3.7.0-6.azl3",
"product": {
"name": "azl3 sriov-network-device-plugin 0:3.7.0-6.azl3",
"product_id": "21414"
}
}
],
"category": "product_name",
"name": "sriov-network-device-plugin"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 telegraf 0:1.31.0-19.azl3",
"product": {
"name": "\u003cazl3 telegraf 0:1.31.0-19.azl3",
"product_id": "12"
}
},
{
"category": "product_version",
"name": "azl3 telegraf 0:1.31.0-19.azl3",
"product": {
"name": "azl3 telegraf 0:1.31.0-19.azl3",
"product_id": "21258"
}
}
],
"category": "product_name",
"name": "telegraf"
},
{
"category": "product_name",
"name": "azl3 libcontainers-common 0:20240213-3.azl3",
"product": {
"name": "azl3 libcontainers-common 0:20240213-3.azl3",
"product_id": "26"
}
},
{
"category": "product_name",
"name": "azl3 nvidia-container-toolkit 0:1.17.8-2.azl3",
"product": {
"name": "azl3 nvidia-container-toolkit 0:1.17.8-2.azl3",
"product_id": "25"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 application-gateway-kubernetes-ingress 0:1.7.7-3.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-23"
},
"product_reference": "23",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 application-gateway-kubernetes-ingress 0:1.7.7-3.azl3 as a component of Azure Linux 3.0",
"product_id": "20981-17084"
},
"product_reference": "20981",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 cert-manager 0:1.12.15-6.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-22"
},
"product_reference": "22",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 cert-manager 0:1.12.15-6.azl3 as a component of Azure Linux 3.0",
"product_id": "20984-17084"
},
"product_reference": "20984",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 cf-cli 0:8.7.11-5.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-21"
},
"product_reference": "21",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 cf-cli 0:8.7.11-5.azl3 as a component of Azure Linux 3.0",
"product_id": "20985-17084"
},
"product_reference": "20985",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 cloud-provider-kubevirt 0:0.5.1-3.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-20"
},
"product_reference": "20",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 cloud-provider-kubevirt 0:0.5.1-3.azl3 as a component of Azure Linux 3.0",
"product_id": "20986-17084"
},
"product_reference": "20986",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 cni-plugins 0:1.4.0-5.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-4"
},
"product_reference": "4",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 cni-plugins 0:1.4.0-5.azl3 as a component of Azure Linux 3.0",
"product_id": "21358-17084"
},
"product_reference": "21358",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 containerd2 0:2.1.6-2.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-5"
},
"product_reference": "5",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 containerd2 0:2.1.6-2.azl3 as a component of Azure Linux 3.0",
"product_id": "21319-17084"
},
"product_reference": "21319",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 containerized-data-importer 0:1.62.0-3.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-9"
},
"product_reference": "9",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 containerized-data-importer 0:1.62.0-3.azl3 as a component of Azure Linux 3.0",
"product_id": "21276-17084"
},
"product_reference": "21276",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 cri-tools 0:1.32.0-4.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-19"
},
"product_reference": "19",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 cri-tools 0:1.32.0-4.azl3 as a component of Azure Linux 3.0",
"product_id": "20991-17084"
},
"product_reference": "20991",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 dasel 0:2.8.1-3.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-3"
},
"product_reference": "3",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 dasel 0:2.8.1-3.azl3 as a component of Azure Linux 3.0",
"product_id": "21359-17084"
},
"product_reference": "21359",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 docker-buildx 0:0.14.0-11.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-11"
},
"product_reference": "11",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 docker-buildx 0:0.14.0-11.azl3 as a component of Azure Linux 3.0",
"product_id": "21271-17084"
},
"product_reference": "21271",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 docker-compose 0:2.27.0-9.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-10"
},
"product_reference": "10",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 docker-compose 0:2.27.0-9.azl3 as a component of Azure Linux 3.0",
"product_id": "21272-17084"
},
"product_reference": "21272",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 gh 0:2.62.0-15.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-8"
},
"product_reference": "8",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 gh 0:2.62.0-15.azl3 as a component of Azure Linux 3.0",
"product_id": "21278-17084"
},
"product_reference": "21278",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 influxdb 0:2.7.5-15.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-7"
},
"product_reference": "7",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 influxdb 0:2.7.5-15.azl3 as a component of Azure Linux 3.0",
"product_id": "21281-17084"
},
"product_reference": "21281",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 keda 0:2.14.1-11.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-18"
},
"product_reference": "18",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 keda 0:2.14.1-11.azl3 as a component of Azure Linux 3.0",
"product_id": "21007-17084"
},
"product_reference": "21007",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 kube-vip-cloud-provider 0:0.0.10-5.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-17"
},
"product_reference": "17",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 kube-vip-cloud-provider 0:0.0.10-5.azl3 as a component of Azure Linux 3.0",
"product_id": "21008-17084"
},
"product_reference": "21008",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 kubernetes 0:1.30.10-23.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-13"
},
"product_reference": "13",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 kubernetes 0:1.30.10-23.azl3 as a component of Azure Linux 3.0",
"product_id": "21256-17084"
},
"product_reference": "21256",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 kubevirt 0:1.7.1-2.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-6"
},
"product_reference": "6",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 kubevirt 0:1.7.1-2.azl3 as a component of Azure Linux 3.0",
"product_id": "21299-17084"
},
"product_reference": "21299",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 libcontainers-common 0:20240213-3.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-26"
},
"product_reference": "26",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 multus 0:4.0.2-7.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-16"
},
"product_reference": "16",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 multus 0:4.0.2-7.azl3 as a component of Azure Linux 3.0",
"product_id": "21013-17084"
},
"product_reference": "21013",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 nvidia-container-toolkit 0:1.17.8-2.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-25"
},
"product_reference": "25",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 packer 0:1.9.5-13.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-24"
},
"product_reference": "24",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 packer 0:1.9.5-13.azl3 as a component of Azure Linux 3.0",
"product_id": "20966-17084"
},
"product_reference": "20966",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 prometheus-adapter 0:0.12.0-5.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-15"
},
"product_reference": "15",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 prometheus-adapter 0:0.12.0-5.azl3 as a component of Azure Linux 3.0",
"product_id": "21015-17084"
},
"product_reference": "21015",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 sriov-network-device-plugin 0:3.7.0-5.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-14"
},
"product_reference": "14",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 sriov-network-device-plugin 0:3.7.0-5.azl3 as a component of Azure Linux 3.0",
"product_id": "21020-17084"
},
"product_reference": "21020",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 telegraf 0:1.31.0-19.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-12"
},
"product_reference": "12",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 telegraf 0:1.31.0-19.azl3 as a component of Azure Linux 3.0",
"product_id": "21258-17084"
},
"product_reference": "21258",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 kubernetes 0:1.30.10-25.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-2"
},
"product_reference": "2",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 kubernetes 0:1.30.10-25.azl3 as a component of Azure Linux 3.0",
"product_id": "21378-17084"
},
"product_reference": "21378",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 sriov-network-device-plugin 0:3.7.0-6.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 sriov-network-device-plugin 0:3.7.0-6.azl3 as a component of Azure Linux 3.0",
"product_id": "21414-17084"
},
"product_reference": "21414",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-42506",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"17084-26"
]
},
{
"label": "vulnerable_code_not_in_execute_path",
"product_ids": [
"17084-25"
]
}
],
"notes": [
{
"category": "general",
"text": "Go",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"20981-17084",
"20984-17084",
"20985-17084",
"20986-17084",
"21358-17084",
"21319-17084",
"21276-17084",
"20991-17084",
"21359-17084",
"21271-17084",
"21272-17084",
"21278-17084",
"21281-17084",
"21007-17084",
"21008-17084",
"21256-17084",
"21299-17084",
"21013-17084",
"20966-17084",
"21015-17084",
"21020-17084",
"21258-17084",
"21378-17084",
"21414-17084"
],
"known_affected": [
"17084-23",
"17084-22",
"17084-21",
"17084-20",
"17084-4",
"17084-5",
"17084-9",
"17084-19",
"17084-3",
"17084-11",
"17084-10",
"17084-8",
"17084-7",
"17084-18",
"17084-17",
"17084-13",
"17084-6",
"17084-16",
"17084-24",
"17084-15",
"17084-14",
"17084-12",
"17084-2",
"17084-1"
],
"known_not_affected": [
"17084-26",
"17084-25"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-42506.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-27T01:05:02.000Z",
"details": "0:1.7.7-4.azl3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-23"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2026-05-27T01:05:02.000Z",
"details": "0:1.12.15-8.azl3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-22"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2026-05-27T01:05:02.000Z",
"details": "0:8.7.11-6.azl3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-21"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2026-05-27T01:05:02.000Z",
"details": "0:0.5.1-4.azl3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-20"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2026-05-27T01:05:02.000Z",
"details": "0:1.4.0-6.azl3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-4"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2026-05-27T01:05:02.000Z",
"details": "0:2.1.6-3.azl3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-5"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2026-05-27T01:05:02.000Z",
"details": "0:1.62.0-5.azl3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-9"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2026-05-27T01:05:02.000Z",
"details": "0:1.32.0-6.azl3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-19"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2026-05-27T01:05:02.000Z",
"details": "0:2.8.1-4.azl3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-3"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2026-05-27T01:05:02.000Z",
"details": "0:0.14.0-13.azl3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-11"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2026-05-27T01:05:02.000Z",
"details": "0:2.27.0-11.azl3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-10"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2026-05-27T01:05:02.000Z",
"details": "0:2.62.0-16.azl3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-8"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2026-05-27T01:05:02.000Z",
"details": "0:2.7.5-17.azl3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-7"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2026-05-27T01:05:02.000Z",
"details": "0:2.14.1-13.azl3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-18"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2026-05-27T01:05:02.000Z",
"details": "0:0.0.10-6.azl3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-17"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2026-05-27T01:05:02.000Z",
"details": "0:1.30.10-25.azl3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-13",
"17084-2"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2026-05-27T01:05:02.000Z",
"details": "0:1.7.1-5.azl3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-6"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2026-05-27T01:05:02.000Z",
"details": "0:4.0.2-8.azl3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-16"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2026-05-27T01:05:02.000Z",
"details": "0:1.9.5-14.azl3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-24"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2026-05-27T01:05:02.000Z",
"details": "0:0.12.0-6.azl3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-15"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2026-05-27T01:05:02.000Z",
"details": "0:3.7.0-6.azl3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-14",
"17084-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2026-05-27T01:05:02.000Z",
"details": "0:1.31.0-21.azl3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-12"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalsScore": 0.0,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 6.1,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"17084-23",
"17084-22",
"17084-21",
"17084-20",
"17084-4",
"17084-5",
"17084-9",
"17084-19",
"17084-3",
"17084-11",
"17084-10",
"17084-8",
"17084-7",
"17084-18",
"17084-17",
"17084-13",
"17084-6",
"17084-16",
"17084-24",
"17084-15",
"17084-14",
"17084-12",
"17084-2",
"17084-1"
]
}
],
"title": "Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html"
}
]
}
OPENSUSE-SU-2026:10856-1
Vulnerability from csaf_opensuse - Published: 2026-05-24 00:00 - Updated: 2026-05-24 00:00Summary
rclone-1.74.2-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: rclone-1.74.2-1.1 on GA media
Description of the patch: These are all security issues fixed in the rclone-1.74.2-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10856
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.4 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.7 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.1 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.1 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
62 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "rclone-1.74.2-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the rclone-1.74.2-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10856",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10856-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25680 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25681 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27136 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33809 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33809/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39821 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39824 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39824/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39827 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39828 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39829 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39830 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39831 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39832 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39833 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39834 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39835 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42500 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42500/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42502 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42502/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42506 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42508 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42508/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-44740 page",
"url": "https://www.suse.com/security/cve/CVE-2026-44740/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46595 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46595/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46597 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46598 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46598/"
}
],
"title": "rclone-1.74.2-1.1 on GA media",
"tracking": {
"current_release_date": "2026-05-24T00:00:00Z",
"generator": {
"date": "2026-05-24T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10856-1",
"initial_release_date": "2026-05-24T00:00:00Z",
"revision_history": [
{
"date": "2026-05-24T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rclone-1.74.2-1.1.aarch64",
"product": {
"name": "rclone-1.74.2-1.1.aarch64",
"product_id": "rclone-1.74.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "rclone-bash-completion-1.74.2-1.1.aarch64",
"product": {
"name": "rclone-bash-completion-1.74.2-1.1.aarch64",
"product_id": "rclone-bash-completion-1.74.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "rclone-zsh-completion-1.74.2-1.1.aarch64",
"product": {
"name": "rclone-zsh-completion-1.74.2-1.1.aarch64",
"product_id": "rclone-zsh-completion-1.74.2-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rclone-1.74.2-1.1.ppc64le",
"product": {
"name": "rclone-1.74.2-1.1.ppc64le",
"product_id": "rclone-1.74.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rclone-bash-completion-1.74.2-1.1.ppc64le",
"product": {
"name": "rclone-bash-completion-1.74.2-1.1.ppc64le",
"product_id": "rclone-bash-completion-1.74.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rclone-zsh-completion-1.74.2-1.1.ppc64le",
"product": {
"name": "rclone-zsh-completion-1.74.2-1.1.ppc64le",
"product_id": "rclone-zsh-completion-1.74.2-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rclone-1.74.2-1.1.s390x",
"product": {
"name": "rclone-1.74.2-1.1.s390x",
"product_id": "rclone-1.74.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "rclone-bash-completion-1.74.2-1.1.s390x",
"product": {
"name": "rclone-bash-completion-1.74.2-1.1.s390x",
"product_id": "rclone-bash-completion-1.74.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "rclone-zsh-completion-1.74.2-1.1.s390x",
"product": {
"name": "rclone-zsh-completion-1.74.2-1.1.s390x",
"product_id": "rclone-zsh-completion-1.74.2-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rclone-1.74.2-1.1.x86_64",
"product": {
"name": "rclone-1.74.2-1.1.x86_64",
"product_id": "rclone-1.74.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "rclone-bash-completion-1.74.2-1.1.x86_64",
"product": {
"name": "rclone-bash-completion-1.74.2-1.1.x86_64",
"product_id": "rclone-bash-completion-1.74.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "rclone-zsh-completion-1.74.2-1.1.x86_64",
"product": {
"name": "rclone-zsh-completion-1.74.2-1.1.x86_64",
"product_id": "rclone-zsh-completion-1.74.2-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-1.74.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64"
},
"product_reference": "rclone-1.74.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-1.74.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le"
},
"product_reference": "rclone-1.74.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-1.74.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x"
},
"product_reference": "rclone-1.74.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-1.74.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64"
},
"product_reference": "rclone-1.74.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-bash-completion-1.74.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64"
},
"product_reference": "rclone-bash-completion-1.74.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-bash-completion-1.74.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le"
},
"product_reference": "rclone-bash-completion-1.74.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-bash-completion-1.74.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x"
},
"product_reference": "rclone-bash-completion-1.74.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-bash-completion-1.74.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64"
},
"product_reference": "rclone-bash-completion-1.74.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-zsh-completion-1.74.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64"
},
"product_reference": "rclone-zsh-completion-1.74.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-zsh-completion-1.74.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le"
},
"product_reference": "rclone-zsh-completion-1.74.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-zsh-completion-1.74.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x"
},
"product_reference": "rclone-zsh-completion-1.74.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-zsh-completion-1.74.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
},
"product_reference": "rclone-zsh-completion-1.74.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25680"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25680",
"url": "https://www.suse.com/security/cve/CVE-2026-25680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-25680"
},
{
"cve": "CVE-2026-25681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25681"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25681",
"url": "https://www.suse.com/security/cve/CVE-2026-25681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-25681"
},
{
"cve": "CVE-2026-27136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27136"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27136",
"url": "https://www.suse.com/security/cve/CVE-2026-27136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-27136"
},
{
"cve": "CVE-2026-33809",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33809"
}
],
"notes": [
{
"category": "general",
"text": "A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33809",
"url": "https://www.suse.com/security/cve/CVE-2026-33809"
},
{
"category": "external",
"summary": "SUSE Bug 1260692 for CVE-2026-33809",
"url": "https://bugzilla.suse.com/1260692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-33809"
},
{
"cve": "CVE-2026-39821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39821"
}
],
"notes": [
{
"category": "general",
"text": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39821",
"url": "https://www.suse.com/security/cve/CVE-2026-39821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-39821"
},
{
"cve": "CVE-2026-39824",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39824"
}
],
"notes": [
{
"category": "general",
"text": "NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString (a 16-bit number of bytes), it returns a truncated string rather than an error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39824",
"url": "https://www.suse.com/security/cve/CVE-2026-39824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-39824"
},
{
"cve": "CVE-2026-39827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39827"
}
],
"notes": [
{
"category": "general",
"text": "An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection\u0027s internal state and released for garbage collection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39827",
"url": "https://www.suse.com/security/cve/CVE-2026-39827"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39827",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39827"
},
{
"cve": "CVE-2026-39828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39828"
}
],
"notes": [
{
"category": "general",
"text": "When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39828",
"url": "https://www.suse.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39828",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39828"
},
{
"cve": "CVE-2026-39829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39829"
}
],
"notes": [
{
"category": "general",
"text": "The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39829",
"url": "https://www.suse.com/security/cve/CVE-2026-39829"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39829",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39829"
},
{
"cve": "CVE-2026-39830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39830"
}
],
"notes": [
{
"category": "general",
"text": "A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection\u0027s read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39830",
"url": "https://www.suse.com/security/cve/CVE-2026-39830"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39830",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39830"
},
{
"cve": "CVE-2026-39831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39831"
}
],
"notes": [
{
"category": "general",
"text": "The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior, return a \"no-touch-required\" extension in Permissions.Extensions from PublicKeyCallback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39831",
"url": "https://www.suse.com/security/cve/CVE-2026-39831"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39831",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39831"
},
{
"cve": "CVE-2026-39832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39832"
}
],
"notes": [
{
"category": "general",
"text": "When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39832",
"url": "https://www.suse.com/security/cve/CVE-2026-39832"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39832",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39832"
},
{
"cve": "CVE-2026-39833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39833"
}
],
"notes": [
{
"category": "general",
"text": "The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring() now returns an error when unsupported constraints are requested.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39833",
"url": "https://www.suse.com/security/cve/CVE-2026-39833"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39833",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39833"
},
{
"cve": "CVE-2026-39834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39834"
}
],
"notes": [
{
"category": "general",
"text": "When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39834",
"url": "https://www.suse.com/security/cve/CVE-2026-39834"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39834",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39834"
},
{
"cve": "CVE-2026-39835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39835"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39835",
"url": "https://www.suse.com/security/cve/CVE-2026-39835"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39835",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39835"
},
{
"cve": "CVE-2026-42500",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42500"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42500",
"url": "https://www.suse.com/security/cve/CVE-2026-42500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-42500"
},
{
"cve": "CVE-2026-42502",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42502"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42502",
"url": "https://www.suse.com/security/cve/CVE-2026-42502"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-42502"
},
{
"cve": "CVE-2026-42506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42506"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42506",
"url": "https://www.suse.com/security/cve/CVE-2026-42506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-42506"
},
{
"cve": "CVE-2026-42508",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42508"
}
],
"notes": [
{
"category": "general",
"text": "Previously, a revoked \u0027SignatureKey\u0027 belonging to a CA was not correctly checked for revocation. Now, both the \u0027key\u0027 and \u0027key.SignatureKey\u0027 are checked for @revoked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42508",
"url": "https://www.suse.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-42508",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42508"
},
{
"cve": "CVE-2026-44740",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-44740"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-44740",
"url": "https://www.suse.com/security/cve/CVE-2026-44740"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-44740"
},
{
"cve": "CVE-2026-46595",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46595"
}
],
"notes": [
{
"category": "general",
"text": "Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46595",
"url": "https://www.suse.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46595",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-46595"
},
{
"cve": "CVE-2026-46597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46597"
}
],
"notes": [
{
"category": "general",
"text": "An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46597",
"url": "https://www.suse.com/security/cve/CVE-2026-46597"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46597",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-46597"
},
{
"cve": "CVE-2026-46598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46598"
}
],
"notes": [
{
"category": "general",
"text": "For certain crafted inputs, a \u0027ed25519.PrivateKey\u0027 was created by casting malformed wire bytes, leading to a panic when used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46598",
"url": "https://www.suse.com/security/cve/CVE-2026-46598"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46598",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rclone-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-24T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-46598"
}
]
}
OPENSUSE-SU-2026:10941-1
Vulnerability from csaf_opensuse - Published: 2026-06-02 00:00 - Updated: 2026-06-02 00:00Summary
trivy-0.71.0-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: trivy-0.71.0-1.1 on GA media
Description of the patch: These are all security issues fixed in the trivy-0.71.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10941
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
20 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "trivy-0.71.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the trivy-0.71.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10941",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10941-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25680 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25681 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27136 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42502 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42502/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42506 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-44740 page",
"url": "https://www.suse.com/security/cve/CVE-2026-44740/"
}
],
"title": "trivy-0.71.0-1.1 on GA media",
"tracking": {
"current_release_date": "2026-06-02T00:00:00Z",
"generator": {
"date": "2026-06-02T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10941-1",
"initial_release_date": "2026-06-02T00:00:00Z",
"revision_history": [
{
"date": "2026-06-02T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.71.0-1.1.aarch64",
"product": {
"name": "trivy-0.71.0-1.1.aarch64",
"product_id": "trivy-0.71.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.71.0-1.1.ppc64le",
"product": {
"name": "trivy-0.71.0-1.1.ppc64le",
"product_id": "trivy-0.71.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.71.0-1.1.s390x",
"product": {
"name": "trivy-0.71.0-1.1.s390x",
"product_id": "trivy-0.71.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.71.0-1.1.x86_64",
"product": {
"name": "trivy-0.71.0-1.1.x86_64",
"product_id": "trivy-0.71.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.71.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64"
},
"product_reference": "trivy-0.71.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.71.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le"
},
"product_reference": "trivy-0.71.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.71.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x"
},
"product_reference": "trivy-0.71.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.71.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64"
},
"product_reference": "trivy-0.71.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25680"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25680",
"url": "https://www.suse.com/security/cve/CVE-2026-25680"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-25680",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-02T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-25680"
},
{
"cve": "CVE-2026-25681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25681"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25681",
"url": "https://www.suse.com/security/cve/CVE-2026-25681"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-25681",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-02T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-25681"
},
{
"cve": "CVE-2026-27136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27136"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27136",
"url": "https://www.suse.com/security/cve/CVE-2026-27136"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-27136",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-02T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-27136"
},
{
"cve": "CVE-2026-42502",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42502"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42502",
"url": "https://www.suse.com/security/cve/CVE-2026-42502"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-42502",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-02T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42502"
},
{
"cve": "CVE-2026-42506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42506"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42506",
"url": "https://www.suse.com/security/cve/CVE-2026-42506"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-42506",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-02T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42506"
},
{
"cve": "CVE-2026-44740",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-44740"
}
],
"notes": [
{
"category": "general",
"text": "Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficient validation and missing safety mechanisms such as cycle detection, recursion limits, or defensive handling of unexpected states when processing untrusted repository data and filesystem structures. This issue has been patched in versions 5.9.0 and 6.0.0-alpha.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-44740",
"url": "https://www.suse.com/security/cve/CVE-2026-44740"
},
{
"category": "external",
"summary": "SUSE Bug 1267264 for CVE-2026-44740",
"url": "https://bugzilla.suse.com/1267264"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:trivy-0.71.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-02T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-44740"
}
]
}
OPENSUSE-SU-2026:11126-1
Vulnerability from csaf_opensuse - Published: 2026-06-25 00:00 - Updated: 2026-06-25 00:00Summary
velociraptor-0.7.0.4.git185.a5708584-2.1 on GA media
Severity
Moderate
Notes
Title of the patch: velociraptor-0.7.0.4.git185.a5708584-2.1 on GA media
Description of the patch: These are all security issues fixed in the velociraptor-0.7.0.4.git185.a5708584-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-11126
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.2 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.4 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5.4 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.4 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.7 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
155 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "velociraptor-0.7.0.4.git185.a5708584-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the velociraptor-0.7.0.4.git185.a5708584-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-11126",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_11126-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45288 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45288/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45339 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45339/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-13465 page",
"url": "https://www.suse.com/security/cve/CVE-2025-13465/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22868 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22868/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22872 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-24358 page",
"url": "https://www.suse.com/security/cve/CVE-2025-24358/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47911 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58058 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58190 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58190/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5889 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-64718 page",
"url": "https://www.suse.com/security/cve/CVE-2025-64718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-6545 page",
"url": "https://www.suse.com/security/cve/CVE-2025-6545/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-6547 page",
"url": "https://www.suse.com/security/cve/CVE-2025-6547/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-7783 page",
"url": "https://www.suse.com/security/cve/CVE-2025-7783/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-1229 page",
"url": "https://www.suse.com/security/cve/CVE-2026-1229/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25128 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25128/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25680 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25681 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-26278 page",
"url": "https://www.suse.com/security/cve/CVE-2026-26278/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-26996 page",
"url": "https://www.suse.com/security/cve/CVE-2026-26996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27136 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-2739 page",
"url": "https://www.suse.com/security/cve/CVE-2026-2739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27606 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27606/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27904 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27904/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33036 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33036/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33186 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33487 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33487/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-34986 page",
"url": "https://www.suse.com/security/cve/CVE-2026-34986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39821 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39827 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39828 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39829 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39830 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39831 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39832 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39833 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39834 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39835 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42039 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42039/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42502 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42502/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42506 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42508 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42508/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46595 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46595/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46597 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46598 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46598/"
}
],
"title": "velociraptor-0.7.0.4.git185.a5708584-2.1 on GA media",
"tracking": {
"current_release_date": "2026-06-25T00:00:00Z",
"generator": {
"date": "2026-06-25T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:11126-1",
"initial_release_date": "2026-06-25T00:00:00Z",
"revision_history": [
{
"date": "2026-06-25T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"product": {
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"product_id": "velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"product": {
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"product_id": "velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"product": {
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"product_id": "velociraptor-0.7.0.4.git185.a5708584-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64",
"product": {
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64",
"product_id": "velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64"
},
"product_reference": "velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le"
},
"product_reference": "velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x"
},
"product_reference": "velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
},
"product_reference": "velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45288"
}
],
"notes": [
{
"category": "general",
"text": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request\u0027s headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45288",
"url": "https://www.suse.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "SUSE Bug 1221400 for CVE-2023-45288",
"url": "https://bugzilla.suse.com/1221400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-45288"
},
{
"cve": "CVE-2024-45339",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45339"
}
],
"notes": [
{
"category": "general",
"text": "When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process\u0027s log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that sensitive file. To fix that, glog now causes the program to exit (with status code 2) when it finds that the configured log file already exists.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45339",
"url": "https://www.suse.com/security/cve/CVE-2024-45339"
},
{
"category": "external",
"summary": "SUSE Bug 1236541 for CVE-2024-45339",
"url": "https://bugzilla.suse.com/1236541"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-45339"
},
{
"cve": "CVE-2025-13465",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-13465"
}
],
"notes": [
{
"category": "general",
"text": "Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes.\n\nThe issue permits deletion of properties but does not allow overwriting their original behavior.\n\nThis issue is patched on 4.17.23",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-13465",
"url": "https://www.suse.com/security/cve/CVE-2025-13465"
},
{
"category": "external",
"summary": "SUSE Bug 1257321 for CVE-2025-13465",
"url": "https://bugzilla.suse.com/1257321"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-13465"
},
{
"cve": "CVE-2025-22868",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22868"
}
],
"notes": [
{
"category": "general",
"text": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22868",
"url": "https://www.suse.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "SUSE Bug 1239185 for CVE-2025-22868",
"url": "https://bugzilla.suse.com/1239185"
},
{
"category": "external",
"summary": "SUSE Bug 1239186 for CVE-2025-22868",
"url": "https://bugzilla.suse.com/1239186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-22868"
},
{
"cve": "CVE-2025-22869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22869"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22869",
"url": "https://www.suse.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "SUSE Bug 1239322 for CVE-2025-22869",
"url": "https://bugzilla.suse.com/1239322"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-22869"
},
{
"cve": "CVE-2025-22870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22870"
}
],
"notes": [
{
"category": "general",
"text": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22870",
"url": "https://www.suse.com/security/cve/CVE-2025-22870"
},
{
"category": "external",
"summary": "SUSE Bug 1238572 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238572"
},
{
"category": "external",
"summary": "SUSE Bug 1238611 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-22870"
},
{
"cve": "CVE-2025-22872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22872"
}
],
"notes": [
{
"category": "general",
"text": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22872",
"url": "https://www.suse.com/security/cve/CVE-2025-22872"
},
{
"category": "external",
"summary": "SUSE Bug 1241710 for CVE-2025-22872",
"url": "https://bugzilla.suse.com/1241710"
},
{
"category": "external",
"summary": "SUSE Bug 1265255 for CVE-2025-22872",
"url": "https://bugzilla.suse.com/1265255"
},
{
"category": "external",
"summary": "SUSE Bug 1265256 for CVE-2025-22872",
"url": "https://bugzilla.suse.com/1265256"
},
{
"category": "external",
"summary": "SUSE Bug 1265259 for CVE-2025-22872",
"url": "https://bugzilla.suse.com/1265259"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-22872"
},
{
"cve": "CVE-2025-24358",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-24358"
}
],
"notes": [
{
"category": "general",
"text": "gorilla/csrf provides Cross Site Request Forgery (CSRF) prevention middleware for Go web applications \u0026 services. Prior to 1.7.2, gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Referer header for cross-origin requests only when it believes the request is being served over TLS. It determines this by inspecting the r.URL.Scheme value. However, this value is never populated for \"server\" requests per the Go spec, and so this check does not run in practice. This vulnerability allows an attacker who has gained XSS on a subdomain or top level domain to perform authenticated form submissions against gorilla/csrf protected targets that share the same top level domain. This vulnerability is fixed in 1.7.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-24358",
"url": "https://www.suse.com/security/cve/CVE-2025-24358"
},
{
"category": "external",
"summary": "SUSE Bug 1241233 for CVE-2025-24358",
"url": "https://bugzilla.suse.com/1241233"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-24358"
},
{
"cve": "CVE-2025-47911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47911"
}
],
"notes": [
{
"category": "general",
"text": "The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47911",
"url": "https://www.suse.com/security/cve/CVE-2025-47911"
},
{
"category": "external",
"summary": "SUSE Bug 1251308 for CVE-2025-47911",
"url": "https://bugzilla.suse.com/1251308"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-47911"
},
{
"cve": "CVE-2025-58058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58058"
}
],
"notes": [
{
"category": "general",
"text": "xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current implementation allocates the full decoding buffer directly after reading the header. The LZMA header doesn\u0027t include a magic number or has a checksum to detect such an issue according to the specification. Note that the code recognizes the issue later while reading the stream, but at this time the memory allocation has already been done. This issue has been patched in version 0.5.14.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58058",
"url": "https://www.suse.com/security/cve/CVE-2025-58058"
},
{
"category": "external",
"summary": "SUSE Bug 1248889 for CVE-2025-58058",
"url": "https://bugzilla.suse.com/1248889"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-58058"
},
{
"cve": "CVE-2025-58181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58181"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58181",
"url": "https://www.suse.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "SUSE Bug 1253784 for CVE-2025-58181",
"url": "https://bugzilla.suse.com/1253784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-58181"
},
{
"cve": "CVE-2025-58190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58190"
}
],
"notes": [
{
"category": "general",
"text": "The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58190",
"url": "https://www.suse.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "SUSE Bug 1251309 for CVE-2025-58190",
"url": "https://bugzilla.suse.com/1251309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-58190"
},
{
"cve": "CVE-2025-5889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5889"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.1.12, 2.0.2, 3.0.1 and 4.0.1 is able to address this issue. The name of the patch is a5b98a4f30d7813266b221435e1eaaf25a1b0ac5. It is recommended to upgrade the affected component.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5889",
"url": "https://www.suse.com/security/cve/CVE-2025-5889"
},
{
"category": "external",
"summary": "SUSE Bug 1244340 for CVE-2025-5889",
"url": "https://bugzilla.suse.com/1244340"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2025-5889"
},
{
"cve": "CVE-2025-64718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-64718"
}
],
"notes": [
{
"category": "general",
"text": "js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it\u0027s possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. The problem is patched in js-yaml 4.1.1 and 3.14.2. Users can protect against this kind of attack on the server by using `node --disable-proto=delete` or `deno` (in Deno, pollution protection is on by default).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-64718",
"url": "https://www.suse.com/security/cve/CVE-2025-64718"
},
{
"category": "external",
"summary": "SUSE Bug 1255407 for CVE-2025-64718",
"url": "https://bugzilla.suse.com/1255407"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-64718"
},
{
"cve": "CVE-2025-6545",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-6545"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js.\n\nThis issue affects pbkdf2: from 3.0.10 through 3.1.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-6545",
"url": "https://www.suse.com/security/cve/CVE-2025-6545"
},
{
"category": "external",
"summary": "SUSE Bug 1245273 for CVE-2025-6545",
"url": "https://bugzilla.suse.com/1245273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-6545"
},
{
"cve": "CVE-2025-6547",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-6547"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation.This issue affects pbkdf2: \u003c=3.1.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-6547",
"url": "https://www.suse.com/security/cve/CVE-2025-6547"
},
{
"category": "external",
"summary": "SUSE Bug 1245271 for CVE-2025-6547",
"url": "https://bugzilla.suse.com/1245271"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-6547"
},
{
"cve": "CVE-2025-7783",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-7783"
}
],
"notes": [
{
"category": "general",
"text": "Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js.\n\nThis issue affects form-data: \u003c 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-7783",
"url": "https://www.suse.com/security/cve/CVE-2025-7783"
},
{
"category": "external",
"summary": "SUSE Bug 1246810 for CVE-2025-7783",
"url": "https://bugzilla.suse.com/1246810"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-7783"
},
{
"cve": "CVE-2026-1229",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-1229"
}
],
"notes": [
{
"category": "general",
"text": "The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas.\nECDH and ECDSA signing relying on this curve are not affected.\n\nThe bug was fixed in v1.6.3 https://github.com/cloudflare/circl/releases/tag/v1.6.3 .",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-1229",
"url": "https://www.suse.com/security/cve/CVE-2026-1229"
},
{
"category": "external",
"summary": "SUSE Bug 1265416 for CVE-2026-1229",
"url": "https://bugzilla.suse.com/1265416"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-1229"
},
{
"cve": "CVE-2026-25128",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25128"
}
],
"notes": [
{
"category": "general",
"text": "fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 5.0.9 through 5.3.3, a RangeError vulnerability exists in the numeric entity processing of fast-xml-parser when parsing XML with out-of-range entity code points (e.g., `\u0026#9999999;` or `\u0026#xFFFFFF;`). This causes the parser to throw an uncaught exception, crashing any application that processes untrusted XML input. Version 5.3.4 fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25128",
"url": "https://www.suse.com/security/cve/CVE-2026-25128"
},
{
"category": "external",
"summary": "SUSE Bug 1257518 for CVE-2026-25128",
"url": "https://bugzilla.suse.com/1257518"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-25128"
},
{
"cve": "CVE-2026-25680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25680"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25680",
"url": "https://www.suse.com/security/cve/CVE-2026-25680"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-25680",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-25680"
},
{
"cve": "CVE-2026-25681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25681"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25681",
"url": "https://www.suse.com/security/cve/CVE-2026-25681"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-25681",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-25681"
},
{
"cve": "CVE-2026-26278",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-26278"
}
],
"notes": [
{
"category": "general",
"text": "fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML input, it\u0027s possible to make the parser spend seconds or even minutes processing a single request, effectively freezing the application. Version 5.3.6 fixes the issue. As a workaround, avoid using DOCTYPE parsing by `processEntities: false` option.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-26278",
"url": "https://www.suse.com/security/cve/CVE-2026-26278"
},
{
"category": "external",
"summary": "SUSE Bug 1258547 for CVE-2026-26278",
"url": "https://bugzilla.suse.com/1258547"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-26278"
},
{
"cve": "CVE-2026-26996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-26996"
}
],
"notes": [
{
"category": "general",
"text": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn\u0027t appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8\u0027s regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-26996",
"url": "https://www.suse.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "SUSE Bug 1258621 for CVE-2026-26996",
"url": "https://bugzilla.suse.com/1258621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-26996"
},
{
"cve": "CVE-2026-27136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27136"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27136",
"url": "https://www.suse.com/security/cve/CVE-2026-27136"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-27136",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-27136"
},
{
"cve": "CVE-2026-2739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-2739"
}
],
"notes": [
{
"category": "general",
"text": "This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-2739",
"url": "https://www.suse.com/security/cve/CVE-2026-2739"
},
{
"category": "external",
"summary": "SUSE Bug 1258647 for CVE-2026-2739",
"url": "https://bugzilla.suse.com/1258647"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-2739"
},
{
"cve": "CVE-2026-27606",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27606"
}
],
"notes": [
{
"category": "general",
"text": "Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler (specifically v4.x and present in current source) is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker to control output filenames (e.g., via CLI named inputs, manual chunk aliases, or malicious plugins) and use traversal sequences (`../`) to overwrite files anywhere on the host filesystem that the build process has permissions for. This can lead to persistent Remote Code Execution (RCE) by overwriting critical system or user configuration files. Versions 2.80.0, 3.30.0, and 4.59.0 contain a patch for the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27606",
"url": "https://www.suse.com/security/cve/CVE-2026-27606"
},
{
"category": "external",
"summary": "SUSE Bug 1258846 for CVE-2026-27606",
"url": "https://bugzilla.suse.com/1258846"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-27606"
},
{
"cve": "CVE-2026-27904",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27904"
}
],
"notes": [
{
"category": "general",
"text": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtracking in V8. With a 12-byte pattern `*(*(*(a|b)))` and an 18-byte non-matching input, `minimatch()` stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes this to minutes. This is the most severe finding: it is triggered by the default `minimatch()` API with no special options, and the minimum viable pattern is only 12 bytes. The same issue affects `+()` extglobs equally. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27904",
"url": "https://www.suse.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "SUSE Bug 1258994 for CVE-2026-27904",
"url": "https://bugzilla.suse.com/1258994"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-27904"
},
{
"cve": "CVE-2026-33036",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33036"
}
],
"notes": [
{
"category": "general",
"text": "fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Versions 4.0.0-beta.3 through 5.5.5 contain a bypass vulnerability where numeric character references (\u0026#NNN;, \u0026#xHH;) and standard XML entities completely evade the entity expansion limits (e.g., maxTotalExpansions, maxExpandedLength) added to fix CVE-2026-26278, enabling XML entity expansion Denial of Service. The root cause is that replaceEntitiesValue() in OrderedObjParser.js only enforces expansion counting on DOCTYPE-defined entities while the lastEntities loop handling numeric/standard entities performs no counting at all. An attacker supplying 1M numeric entity references like \u0026#65; can force ~147MB of memory allocation and heavy CPU usage, potentially crashing the process-even when developers have configured strict limits. This issue has been fixed in version 5.5.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33036",
"url": "https://www.suse.com/security/cve/CVE-2026-33036"
},
{
"category": "external",
"summary": "SUSE Bug 1259974 for CVE-2026-33036",
"url": "https://bugzilla.suse.com/1259974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33036"
},
{
"cve": "CVE-2026-33186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33186"
}
],
"notes": [
{
"category": "general",
"text": "gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33186",
"url": "https://www.suse.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "SUSE Bug 1260085 for CVE-2026-33186",
"url": "https://bugzilla.suse.com/1260085"
},
{
"category": "external",
"summary": "SUSE Bug 1268676 for CVE-2026-33186",
"url": "https://bugzilla.suse.com/1268676"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33186"
},
{
"cve": "CVE-2026-33487",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33487"
}
],
"notes": [
{
"category": "general",
"text": "goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the `validateSignature` function in `validate.go` goes through the references in the `SignedInfo` block to find one that matches the signed element\u0027s ID. In Go versions before 1.22, or when `go.mod` uses an older version, there is a loop variable capture issue. The code takes the address of the loop variable `_ref` instead of its value. As a result, if more than one reference matches the ID or if the loop logic is incorrect, the `ref` pointer will always end up pointing to the last element in the `SignedInfo.References` slice after the loop. goxmlsig version 1.6.0 contains a patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33487",
"url": "https://www.suse.com/security/cve/CVE-2026-33487"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33487"
},
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
},
{
"category": "external",
"summary": "SUSE Bug 1268758 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1268758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-34986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-34986"
}
],
"notes": [
{
"category": "general",
"text": "Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JWE) object will panic if the alg field indicates a key wrapping algorithm (one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW) and the encrypted_key field is empty. The panic happens when cipher.KeyUnwrap() in key_wrap.go attempts to allocate a slice with a zero or negative length based on the length of the encrypted_key. This code path is reachable from ParseEncrypted() / ParseEncryptedJSON() / ParseEncryptedCompact() followed by Decrypt() on the resulting object. Note that the parse functions take a list of accepted key algorithms. If the accepted key algorithms do not include any key wrapping algorithms, parsing will fail and the application will be unaffected. This panic is also reachable by calling cipher.KeyUnwrap() directly with any ciphertext parameter less than 16 bytes long, but calling this function directly is less common. Panics can lead to denial of service. This vulnerability is fixed in 4.1.4 and 3.0.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-34986",
"url": "https://www.suse.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "SUSE Bug 1262805 for CVE-2026-34986",
"url": "https://bugzilla.suse.com/1262805"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-34986"
},
{
"cve": "CVE-2026-39821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39821"
}
],
"notes": [
{
"category": "general",
"text": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39821",
"url": "https://www.suse.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "SUSE Bug 1266474 for CVE-2026-39821",
"url": "https://bugzilla.suse.com/1266474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39821"
},
{
"cve": "CVE-2026-39827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39827"
}
],
"notes": [
{
"category": "general",
"text": "An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection\u0027s internal state and released for garbage collection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39827",
"url": "https://www.suse.com/security/cve/CVE-2026-39827"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39827",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39827"
},
{
"cve": "CVE-2026-39828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39828"
}
],
"notes": [
{
"category": "general",
"text": "When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39828",
"url": "https://www.suse.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39828",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39828"
},
{
"cve": "CVE-2026-39829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39829"
}
],
"notes": [
{
"category": "general",
"text": "The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39829",
"url": "https://www.suse.com/security/cve/CVE-2026-39829"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39829",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39829"
},
{
"cve": "CVE-2026-39830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39830"
}
],
"notes": [
{
"category": "general",
"text": "A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection\u0027s read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39830",
"url": "https://www.suse.com/security/cve/CVE-2026-39830"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39830",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39830"
},
{
"cve": "CVE-2026-39831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39831"
}
],
"notes": [
{
"category": "general",
"text": "The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior, return a \"no-touch-required\" extension in Permissions.Extensions from PublicKeyCallback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39831",
"url": "https://www.suse.com/security/cve/CVE-2026-39831"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39831",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39831"
},
{
"cve": "CVE-2026-39832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39832"
}
],
"notes": [
{
"category": "general",
"text": "When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39832",
"url": "https://www.suse.com/security/cve/CVE-2026-39832"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39832",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39832"
},
{
"cve": "CVE-2026-39833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39833"
}
],
"notes": [
{
"category": "general",
"text": "The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring() now returns an error when unsupported constraints are requested.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39833",
"url": "https://www.suse.com/security/cve/CVE-2026-39833"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39833",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39833"
},
{
"cve": "CVE-2026-39834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39834"
}
],
"notes": [
{
"category": "general",
"text": "When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39834",
"url": "https://www.suse.com/security/cve/CVE-2026-39834"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39834",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39834"
},
{
"cve": "CVE-2026-39835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39835"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39835",
"url": "https://www.suse.com/security/cve/CVE-2026-39835"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39835",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39835"
},
{
"cve": "CVE-2026-42039",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42039"
}
],
"notes": [
{
"category": "general",
"text": "Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, toFormData recursively walks nested objects with no depth limit, so a deeply nested value passed as request data crashes the Node.js process with a RangeError. This vulnerability is fixed in 1.15.1 and 0.31.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42039",
"url": "https://www.suse.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "SUSE Bug 1267406 for CVE-2026-42039",
"url": "https://bugzilla.suse.com/1267406"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42039"
},
{
"cve": "CVE-2026-42502",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42502"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42502",
"url": "https://www.suse.com/security/cve/CVE-2026-42502"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-42502",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42502"
},
{
"cve": "CVE-2026-42506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42506"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42506",
"url": "https://www.suse.com/security/cve/CVE-2026-42506"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-42506",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42506"
},
{
"cve": "CVE-2026-42508",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42508"
}
],
"notes": [
{
"category": "general",
"text": "Previously, a revoked \u0027SignatureKey\u0027 belonging to a CA was not correctly checked for revocation. Now, both the \u0027key\u0027 and \u0027key.SignatureKey\u0027 are checked for @revoked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42508",
"url": "https://www.suse.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-42508",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42508"
},
{
"cve": "CVE-2026-46595",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46595"
}
],
"notes": [
{
"category": "general",
"text": "Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46595",
"url": "https://www.suse.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46595",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-46595"
},
{
"cve": "CVE-2026-46597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46597"
}
],
"notes": [
{
"category": "general",
"text": "An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46597",
"url": "https://www.suse.com/security/cve/CVE-2026-46597"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46597",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-46597"
},
{
"cve": "CVE-2026-46598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46598"
}
],
"notes": [
{
"category": "general",
"text": "For certain crafted inputs, a \u0027ed25519.PrivateKey\u0027 was created by casting malformed wire bytes, leading to a panic when used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46598",
"url": "https://www.suse.com/security/cve/CVE-2026-46598"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46598",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-46598"
}
]
}
SUSE-SU-2026:22065-1
Vulnerability from csaf_suse - Published: 2026-06-10 08:12 - Updated: 2026-06-10 08:12Summary
Security update for elemental-toolkit
Severity
Important
Notes
Title of the patch: Security update for elemental-toolkit
Description of the patch: This update for elemental-toolkit fixes the following issue
- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-
header (bsc#1260277).
Changes for elemental-toolkit:
- Update to version 2.1.6:
* Bump golang.org/x/net to v0.55.0 (bsc#1267168)
* Bump golang.org/x/crypto to v0.52.0 (bsc#1266187)
* Update orange flavor
* Install hugo from the OS repositories
* Bump actions/upload-artifact to v7
* Bump actions/cache to v5
* Bump golangci/golangci-lint-action to v9
* Bump github.com/spf13/cobra library
* Bump github.com/jaypipes/ghw library
* Bump github.com/bramvdbogaerde/go-scp library
* Bump google.golang.org/grpc library (bsc#1260277 CVE-2026-33186)
* Bump github.com/ulikunitz/xz library
* Do not clean cache on PRs from forks
Patchnames: SUSE-SLE-Micro-6.0-749
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.4 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.7 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
64 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for elemental-toolkit",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for elemental-toolkit fixes the following issue\n\n- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-\n header (bsc#1260277).\n\nChanges for elemental-toolkit:\n\n- Update to version 2.1.6:\n * Bump golang.org/x/net to v0.55.0 (bsc#1267168)\n * Bump golang.org/x/crypto to v0.52.0 (bsc#1266187)\n * Update orange flavor\n * Install hugo from the OS repositories\n * Bump actions/upload-artifact to v7\n * Bump actions/cache to v5\n * Bump golangci/golangci-lint-action to v9\n * Bump github.com/spf13/cobra library\n * Bump github.com/jaypipes/ghw library\n * Bump github.com/bramvdbogaerde/go-scp library\n * Bump google.golang.org/grpc library (bsc#1260277 CVE-2026-33186)\n * Bump github.com/ulikunitz/xz library\n * Do not clean cache on PRs from forks\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-749",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22065-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22065-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622065-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22065-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026725.html"
},
{
"category": "self",
"summary": "SUSE Bug 1260277",
"url": "https://bugzilla.suse.com/1260277"
},
{
"category": "self",
"summary": "SUSE Bug 1266187",
"url": "https://bugzilla.suse.com/1266187"
},
{
"category": "self",
"summary": "SUSE Bug 1267168",
"url": "https://bugzilla.suse.com/1267168"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25680 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25681 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27136 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33186 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39827 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39828 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39829 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39830 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39831 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39832 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39833 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39834 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39835 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42502 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42502/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42506 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42508 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42508/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46595 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46595/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46597 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46598 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46598/"
}
],
"title": "Security update for elemental-toolkit",
"tracking": {
"current_release_date": "2026-06-10T08:12:23Z",
"generator": {
"date": "2026-06-10T08:12:23Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22065-1",
"initial_release_date": "2026-06-10T08:12:23Z",
"revision_history": [
{
"date": "2026-06-10T08:12:23Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "elemental-toolkit-2.1.6-1.1.aarch64",
"product": {
"name": "elemental-toolkit-2.1.6-1.1.aarch64",
"product_id": "elemental-toolkit-2.1.6-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "elemental-toolkit-2.1.6-1.1.x86_64",
"product": {
"name": "elemental-toolkit-2.1.6-1.1.x86_64",
"product_id": "elemental-toolkit-2.1.6-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-toolkit-2.1.6-1.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64"
},
"product_reference": "elemental-toolkit-2.1.6-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-toolkit-2.1.6-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
},
"product_reference": "elemental-toolkit-2.1.6-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25680"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25680",
"url": "https://www.suse.com/security/cve/CVE-2026-25680"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-25680",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-25680"
},
{
"cve": "CVE-2026-25681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25681"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25681",
"url": "https://www.suse.com/security/cve/CVE-2026-25681"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-25681",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-25681"
},
{
"cve": "CVE-2026-27136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27136"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27136",
"url": "https://www.suse.com/security/cve/CVE-2026-27136"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-27136",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-27136"
},
{
"cve": "CVE-2026-33186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33186"
}
],
"notes": [
{
"category": "general",
"text": "gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33186",
"url": "https://www.suse.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "SUSE Bug 1260085 for CVE-2026-33186",
"url": "https://bugzilla.suse.com/1260085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-33186"
},
{
"cve": "CVE-2026-39827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39827"
}
],
"notes": [
{
"category": "general",
"text": "An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection\u0027s internal state and released for garbage collection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39827",
"url": "https://www.suse.com/security/cve/CVE-2026-39827"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39827",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-39827"
},
{
"cve": "CVE-2026-39828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39828"
}
],
"notes": [
{
"category": "general",
"text": "When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39828",
"url": "https://www.suse.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39828",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-39828"
},
{
"cve": "CVE-2026-39829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39829"
}
],
"notes": [
{
"category": "general",
"text": "The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39829",
"url": "https://www.suse.com/security/cve/CVE-2026-39829"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39829",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-39829"
},
{
"cve": "CVE-2026-39830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39830"
}
],
"notes": [
{
"category": "general",
"text": "A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection\u0027s read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39830",
"url": "https://www.suse.com/security/cve/CVE-2026-39830"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39830",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-39830"
},
{
"cve": "CVE-2026-39831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39831"
}
],
"notes": [
{
"category": "general",
"text": "The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior, return a \"no-touch-required\" extension in Permissions.Extensions from PublicKeyCallback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39831",
"url": "https://www.suse.com/security/cve/CVE-2026-39831"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39831",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-39831"
},
{
"cve": "CVE-2026-39832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39832"
}
],
"notes": [
{
"category": "general",
"text": "When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39832",
"url": "https://www.suse.com/security/cve/CVE-2026-39832"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39832",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-39832"
},
{
"cve": "CVE-2026-39833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39833"
}
],
"notes": [
{
"category": "general",
"text": "The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring() now returns an error when unsupported constraints are requested.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39833",
"url": "https://www.suse.com/security/cve/CVE-2026-39833"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39833",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-39833"
},
{
"cve": "CVE-2026-39834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39834"
}
],
"notes": [
{
"category": "general",
"text": "When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39834",
"url": "https://www.suse.com/security/cve/CVE-2026-39834"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39834",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-39834"
},
{
"cve": "CVE-2026-39835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39835"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39835",
"url": "https://www.suse.com/security/cve/CVE-2026-39835"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39835",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-39835"
},
{
"cve": "CVE-2026-42502",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42502"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42502",
"url": "https://www.suse.com/security/cve/CVE-2026-42502"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-42502",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-42502"
},
{
"cve": "CVE-2026-42506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42506"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42506",
"url": "https://www.suse.com/security/cve/CVE-2026-42506"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-42506",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-42506"
},
{
"cve": "CVE-2026-42508",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42508"
}
],
"notes": [
{
"category": "general",
"text": "Previously, a revoked \u0027SignatureKey\u0027 belonging to a CA was not correctly checked for revocation. Now, both the \u0027key\u0027 and \u0027key.SignatureKey\u0027 are checked for @revoked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42508",
"url": "https://www.suse.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-42508",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-42508"
},
{
"cve": "CVE-2026-46595",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46595"
}
],
"notes": [
{
"category": "general",
"text": "Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46595",
"url": "https://www.suse.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46595",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-46595"
},
{
"cve": "CVE-2026-46597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46597"
}
],
"notes": [
{
"category": "general",
"text": "An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46597",
"url": "https://www.suse.com/security/cve/CVE-2026-46597"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46597",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-46597"
},
{
"cve": "CVE-2026-46598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46598"
}
],
"notes": [
{
"category": "general",
"text": "For certain crafted inputs, a \u0027ed25519.PrivateKey\u0027 was created by casting malformed wire bytes, leading to a panic when used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46598",
"url": "https://www.suse.com/security/cve/CVE-2026-46598"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46598",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-46598"
}
]
}
SUSE-SU-2026:22066-1
Vulnerability from csaf_suse - Published: 2026-06-10 08:12 - Updated: 2026-06-10 08:12Summary
Security update for elemental-operator
Severity
Important
Notes
Title of the patch: Security update for elemental-operator
Description of the patch: This update for elemental-operator fixes the following issue
- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-
header (bsc#1260277).
Changes for elemental-operator:
- Fix substitution
- Fix reference in labels
- Adapt labels to pass OBS container checks
- Update to version 1.6.11:
* Bump unit test environment artifacts
* Bump test environment tools in Makefile
* Bump actions
* Refresh auto-generated code (make run)
* Bump controller generator to version 0.19
* Bump golangci/golangci-lint-action
* Bump google.golang.org/grpc library (bsc#1260277 CVE-2026-33186)
* Update spec and Dockerfiles to use go1.25
* Bump golang.org/x/net to v0.55.0, includes fixes for:
- bsc#1266789 bsc#1265921 bsc#1267197 bsc#1267168 bsc#1251679
* Update year in header
* Remove labeler workflow
Patchnames: SUSE-SLE-Micro-6.0-750
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
37 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for elemental-operator",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for elemental-operator fixes the following issue\n\n- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-\n header (bsc#1260277).\n\nChanges for elemental-operator:\n\n- Fix substitution\n- Fix reference in labels\n- Adapt labels to pass OBS container checks\n- Update to version 1.6.11:\n * Bump unit test environment artifacts\n * Bump test environment tools in Makefile\n * Bump actions\n * Refresh auto-generated code (make run)\n * Bump controller generator to version 0.19\n * Bump golangci/golangci-lint-action\n * Bump google.golang.org/grpc library (bsc#1260277 CVE-2026-33186)\n * Update spec and Dockerfiles to use go1.25\n * Bump golang.org/x/net to v0.55.0, includes fixes for:\n - bsc#1266789 bsc#1265921 bsc#1267197 bsc#1267168 bsc#1251679\n * Update year in header\n * Remove labeler workflow\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-750",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22066-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22066-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622066-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22066-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026727.html"
},
{
"category": "self",
"summary": "SUSE Bug 1251679",
"url": "https://bugzilla.suse.com/1251679"
},
{
"category": "self",
"summary": "SUSE Bug 1260277",
"url": "https://bugzilla.suse.com/1260277"
},
{
"category": "self",
"summary": "SUSE Bug 1265921",
"url": "https://bugzilla.suse.com/1265921"
},
{
"category": "self",
"summary": "SUSE Bug 1266789",
"url": "https://bugzilla.suse.com/1266789"
},
{
"category": "self",
"summary": "SUSE Bug 1267168",
"url": "https://bugzilla.suse.com/1267168"
},
{
"category": "self",
"summary": "SUSE Bug 1267197",
"url": "https://bugzilla.suse.com/1267197"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58190 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58190/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25680 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25681 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27136 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33186 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39821 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42502 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42502/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42506 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42506/"
}
],
"title": "Security update for elemental-operator",
"tracking": {
"current_release_date": "2026-06-10T08:12:23Z",
"generator": {
"date": "2026-06-10T08:12:23Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22066-1",
"initial_release_date": "2026-06-10T08:12:23Z",
"revision_history": [
{
"date": "2026-06-10T08:12:23Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "elemental-register-1.6.11-1.1.aarch64",
"product": {
"name": "elemental-register-1.6.11-1.1.aarch64",
"product_id": "elemental-register-1.6.11-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "elemental-support-1.6.11-1.1.aarch64",
"product": {
"name": "elemental-support-1.6.11-1.1.aarch64",
"product_id": "elemental-support-1.6.11-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "elemental-register-1.6.11-1.1.x86_64",
"product": {
"name": "elemental-register-1.6.11-1.1.x86_64",
"product_id": "elemental-register-1.6.11-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "elemental-support-1.6.11-1.1.x86_64",
"product": {
"name": "elemental-support-1.6.11-1.1.x86_64",
"product_id": "elemental-support-1.6.11-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-register-1.6.11-1.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.aarch64"
},
"product_reference": "elemental-register-1.6.11-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-register-1.6.11-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.x86_64"
},
"product_reference": "elemental-register-1.6.11-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-support-1.6.11-1.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.aarch64"
},
"product_reference": "elemental-support-1.6.11-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-support-1.6.11-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.x86_64"
},
"product_reference": "elemental-support-1.6.11-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-58190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58190"
}
],
"notes": [
{
"category": "general",
"text": "The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58190",
"url": "https://www.suse.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "SUSE Bug 1251309 for CVE-2025-58190",
"url": "https://bugzilla.suse.com/1251309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-58190"
},
{
"cve": "CVE-2026-25680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25680"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25680",
"url": "https://www.suse.com/security/cve/CVE-2026-25680"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-25680",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-25680"
},
{
"cve": "CVE-2026-25681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25681"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25681",
"url": "https://www.suse.com/security/cve/CVE-2026-25681"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-25681",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-25681"
},
{
"cve": "CVE-2026-27136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27136"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27136",
"url": "https://www.suse.com/security/cve/CVE-2026-27136"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-27136",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-27136"
},
{
"cve": "CVE-2026-33186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33186"
}
],
"notes": [
{
"category": "general",
"text": "gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33186",
"url": "https://www.suse.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "SUSE Bug 1260085 for CVE-2026-33186",
"url": "https://bugzilla.suse.com/1260085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-33186"
},
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-39821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39821"
}
],
"notes": [
{
"category": "general",
"text": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39821",
"url": "https://www.suse.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "SUSE Bug 1266474 for CVE-2026-39821",
"url": "https://bugzilla.suse.com/1266474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-39821"
},
{
"cve": "CVE-2026-42502",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42502"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42502",
"url": "https://www.suse.com/security/cve/CVE-2026-42502"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-42502",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-42502"
},
{
"cve": "CVE-2026-42506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42506"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42506",
"url": "https://www.suse.com/security/cve/CVE-2026-42506"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-42506",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.11-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:12:23Z",
"details": "important"
}
],
"title": "CVE-2026-42506"
}
]
}
SUSE-SU-2026:22074-1
Vulnerability from csaf_suse - Published: 2026-06-10 07:44 - Updated: 2026-06-10 07:44Summary
Security update for elemental-toolkit
Severity
Important
Notes
Title of the patch: Security update for elemental-toolkit
Description of the patch: This update for elemental-toolkit fixes the following issue
- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-
header (bsc#1260277).
Changes for elemental-toolkit:
- Update to v2.2.9:
* 0e33b2bc Bump golang.org/x/net to v0.55.0 (bsc#1267168)
* 4f5423b9 Bump golang.org/x/crypto to v0.52.0 (bsc#1266187)
- Update to v2.2.8:
* 3f38ae3e Avoid pulling binaries with curl
* ef3f97a0 Bump golangci/golangci-lint-action to v9
* 34f9ed84 Bump github.com/spf13/cobra library
* dff54d9a Bump github.com/jaypipes/ghw library
* 7b7ba7ac github.com/bramvdbogaerde/go-scp libary
* ac19e71c Bump google.golang.org/grpc library (bsc#1260277 CVE-2026-33186)
* 55761782 Bump github.com/ulikunitz/xz library
* d04e480d Update headers to 2026
* bb7974f4 Switch from TW to Leap 16.0 for green flavor
Patchnames: SUSE-SLE-Micro-6.1-570
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.4 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.7 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
64 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for elemental-toolkit",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for elemental-toolkit fixes the following issue\n\n- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-\n header (bsc#1260277).\n\nChanges for elemental-toolkit:\n\n- Update to v2.2.9:\n * 0e33b2bc Bump golang.org/x/net to v0.55.0 (bsc#1267168)\n * 4f5423b9 Bump golang.org/x/crypto to v0.52.0 (bsc#1266187)\n- Update to v2.2.8:\n * 3f38ae3e Avoid pulling binaries with curl\n * ef3f97a0 Bump golangci/golangci-lint-action to v9\n * 34f9ed84 Bump github.com/spf13/cobra library\n * dff54d9a Bump github.com/jaypipes/ghw library\n * 7b7ba7ac github.com/bramvdbogaerde/go-scp libary\n * ac19e71c Bump google.golang.org/grpc library (bsc#1260277 CVE-2026-33186)\n * 55761782 Bump github.com/ulikunitz/xz library\n * d04e480d Update headers to 2026\n * bb7974f4 Switch from TW to Leap 16.0 for green flavor\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-570",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22074-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22074-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622074-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22074-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-June/047276.html"
},
{
"category": "self",
"summary": "SUSE Bug 1260277",
"url": "https://bugzilla.suse.com/1260277"
},
{
"category": "self",
"summary": "SUSE Bug 1266187",
"url": "https://bugzilla.suse.com/1266187"
},
{
"category": "self",
"summary": "SUSE Bug 1267168",
"url": "https://bugzilla.suse.com/1267168"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25680 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25681 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27136 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33186 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39827 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39828 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39829 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39830 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39831 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39832 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39833 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39834 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39835 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42502 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42502/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42506 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42508 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42508/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46595 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46595/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46597 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46598 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46598/"
}
],
"title": "Security update for elemental-toolkit",
"tracking": {
"current_release_date": "2026-06-10T07:44:30Z",
"generator": {
"date": "2026-06-10T07:44:30Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22074-1",
"initial_release_date": "2026-06-10T07:44:30Z",
"revision_history": [
{
"date": "2026-06-10T07:44:30Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"product": {
"name": "elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"product_id": "elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64",
"product": {
"name": "elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64",
"product_id": "elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64"
},
"product_reference": "elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
},
"product_reference": "elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25680"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25680",
"url": "https://www.suse.com/security/cve/CVE-2026-25680"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-25680",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:44:30Z",
"details": "important"
}
],
"title": "CVE-2026-25680"
},
{
"cve": "CVE-2026-25681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25681"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25681",
"url": "https://www.suse.com/security/cve/CVE-2026-25681"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-25681",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:44:30Z",
"details": "important"
}
],
"title": "CVE-2026-25681"
},
{
"cve": "CVE-2026-27136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27136"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27136",
"url": "https://www.suse.com/security/cve/CVE-2026-27136"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-27136",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:44:30Z",
"details": "important"
}
],
"title": "CVE-2026-27136"
},
{
"cve": "CVE-2026-33186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33186"
}
],
"notes": [
{
"category": "general",
"text": "gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33186",
"url": "https://www.suse.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "SUSE Bug 1260085 for CVE-2026-33186",
"url": "https://bugzilla.suse.com/1260085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:44:30Z",
"details": "important"
}
],
"title": "CVE-2026-33186"
},
{
"cve": "CVE-2026-39827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39827"
}
],
"notes": [
{
"category": "general",
"text": "An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection\u0027s internal state and released for garbage collection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39827",
"url": "https://www.suse.com/security/cve/CVE-2026-39827"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39827",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:44:30Z",
"details": "important"
}
],
"title": "CVE-2026-39827"
},
{
"cve": "CVE-2026-39828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39828"
}
],
"notes": [
{
"category": "general",
"text": "When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39828",
"url": "https://www.suse.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39828",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:44:30Z",
"details": "important"
}
],
"title": "CVE-2026-39828"
},
{
"cve": "CVE-2026-39829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39829"
}
],
"notes": [
{
"category": "general",
"text": "The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39829",
"url": "https://www.suse.com/security/cve/CVE-2026-39829"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39829",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:44:30Z",
"details": "important"
}
],
"title": "CVE-2026-39829"
},
{
"cve": "CVE-2026-39830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39830"
}
],
"notes": [
{
"category": "general",
"text": "A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection\u0027s read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39830",
"url": "https://www.suse.com/security/cve/CVE-2026-39830"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39830",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:44:30Z",
"details": "important"
}
],
"title": "CVE-2026-39830"
},
{
"cve": "CVE-2026-39831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39831"
}
],
"notes": [
{
"category": "general",
"text": "The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior, return a \"no-touch-required\" extension in Permissions.Extensions from PublicKeyCallback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39831",
"url": "https://www.suse.com/security/cve/CVE-2026-39831"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39831",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:44:30Z",
"details": "important"
}
],
"title": "CVE-2026-39831"
},
{
"cve": "CVE-2026-39832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39832"
}
],
"notes": [
{
"category": "general",
"text": "When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39832",
"url": "https://www.suse.com/security/cve/CVE-2026-39832"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39832",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:44:30Z",
"details": "important"
}
],
"title": "CVE-2026-39832"
},
{
"cve": "CVE-2026-39833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39833"
}
],
"notes": [
{
"category": "general",
"text": "The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring() now returns an error when unsupported constraints are requested.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39833",
"url": "https://www.suse.com/security/cve/CVE-2026-39833"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39833",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:44:30Z",
"details": "important"
}
],
"title": "CVE-2026-39833"
},
{
"cve": "CVE-2026-39834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39834"
}
],
"notes": [
{
"category": "general",
"text": "When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39834",
"url": "https://www.suse.com/security/cve/CVE-2026-39834"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39834",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:44:30Z",
"details": "important"
}
],
"title": "CVE-2026-39834"
},
{
"cve": "CVE-2026-39835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39835"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39835",
"url": "https://www.suse.com/security/cve/CVE-2026-39835"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39835",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:44:30Z",
"details": "important"
}
],
"title": "CVE-2026-39835"
},
{
"cve": "CVE-2026-42502",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42502"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42502",
"url": "https://www.suse.com/security/cve/CVE-2026-42502"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-42502",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:44:30Z",
"details": "important"
}
],
"title": "CVE-2026-42502"
},
{
"cve": "CVE-2026-42506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42506"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42506",
"url": "https://www.suse.com/security/cve/CVE-2026-42506"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-42506",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:44:30Z",
"details": "important"
}
],
"title": "CVE-2026-42506"
},
{
"cve": "CVE-2026-42508",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42508"
}
],
"notes": [
{
"category": "general",
"text": "Previously, a revoked \u0027SignatureKey\u0027 belonging to a CA was not correctly checked for revocation. Now, both the \u0027key\u0027 and \u0027key.SignatureKey\u0027 are checked for @revoked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42508",
"url": "https://www.suse.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-42508",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:44:30Z",
"details": "important"
}
],
"title": "CVE-2026-42508"
},
{
"cve": "CVE-2026-46595",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46595"
}
],
"notes": [
{
"category": "general",
"text": "Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46595",
"url": "https://www.suse.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46595",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:44:30Z",
"details": "important"
}
],
"title": "CVE-2026-46595"
},
{
"cve": "CVE-2026-46597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46597"
}
],
"notes": [
{
"category": "general",
"text": "An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46597",
"url": "https://www.suse.com/security/cve/CVE-2026-46597"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46597",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:44:30Z",
"details": "important"
}
],
"title": "CVE-2026-46597"
},
{
"cve": "CVE-2026-46598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46598"
}
],
"notes": [
{
"category": "general",
"text": "For certain crafted inputs, a \u0027ed25519.PrivateKey\u0027 was created by casting malformed wire bytes, leading to a panic when used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46598",
"url": "https://www.suse.com/security/cve/CVE-2026-46598"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46598",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.9-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:44:30Z",
"details": "important"
}
],
"title": "CVE-2026-46598"
}
]
}
SUSE-SU-2026:22075-1
Vulnerability from csaf_suse - Published: 2026-06-10 07:45 - Updated: 2026-06-10 07:45Summary
Security update for elemental-operator
Severity
Important
Notes
Title of the patch: Security update for elemental-operator
Description of the patch: This update for elemental-operator fixes the following issue
- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-
header (bsc#1260277).
Changes for elemental-operator:
- Changes on top of v1.7.5:
* 41f54076 Fix reference in labels
* 3bdb9321 Adapt labels to pass OBS container checks
- Update to v1.7.5:
* ecfa8d9c Bump unit test environment artifacts
* 03803c72 Bump test environment tools in Makefile
* bc886323 Update auto-generated code (make generate)
* f4d26385 Bump controller generator to version 0.19
* a7fe515d Bump golangci/golangci-lint-action
* b45c5e56 Bump to Dockerfiles and spec to go1.25
* a7d78295 Bump google.golang.org/grpc library (bsc#1260277 CVE-2026-33186)
* 2c012c2e Bump golang.org/x/net to v0.55.0, includes fixes for:
- bsc#1266789 bsc#1265921 bsc#1267197 bsc#1267168 bsc#1251679
* 46e7c635 Update headers to 2026
Patchnames: SUSE-SLE-Micro-6.1-571
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
37 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for elemental-operator",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for elemental-operator fixes the following issue\n\n- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-\n header (bsc#1260277).\n\nChanges for elemental-operator:\n\n- Changes on top of v1.7.5:\n * 41f54076 Fix reference in labels\n * 3bdb9321 Adapt labels to pass OBS container checks\n- Update to v1.7.5:\n * ecfa8d9c Bump unit test environment artifacts\n * 03803c72 Bump test environment tools in Makefile\n * bc886323 Update auto-generated code (make generate)\n * f4d26385 Bump controller generator to version 0.19\n * a7fe515d Bump golangci/golangci-lint-action\n * b45c5e56 Bump to Dockerfiles and spec to go1.25\n * a7d78295 Bump google.golang.org/grpc library (bsc#1260277 CVE-2026-33186)\n * 2c012c2e Bump golang.org/x/net to v0.55.0, includes fixes for:\n - bsc#1266789 bsc#1265921 bsc#1267197 bsc#1267168 bsc#1251679\n * 46e7c635 Update headers to 2026\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-571",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22075-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22075-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622075-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22075-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-June/047285.html"
},
{
"category": "self",
"summary": "SUSE Bug 1251679",
"url": "https://bugzilla.suse.com/1251679"
},
{
"category": "self",
"summary": "SUSE Bug 1260277",
"url": "https://bugzilla.suse.com/1260277"
},
{
"category": "self",
"summary": "SUSE Bug 1265921",
"url": "https://bugzilla.suse.com/1265921"
},
{
"category": "self",
"summary": "SUSE Bug 1266789",
"url": "https://bugzilla.suse.com/1266789"
},
{
"category": "self",
"summary": "SUSE Bug 1267168",
"url": "https://bugzilla.suse.com/1267168"
},
{
"category": "self",
"summary": "SUSE Bug 1267197",
"url": "https://bugzilla.suse.com/1267197"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58190 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58190/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25680 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25681 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27136 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33186 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39821 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42502 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42502/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42506 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42506/"
}
],
"title": "Security update for elemental-operator",
"tracking": {
"current_release_date": "2026-06-10T07:45:47Z",
"generator": {
"date": "2026-06-10T07:45:47Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22075-1",
"initial_release_date": "2026-06-10T07:45:47Z",
"revision_history": [
{
"date": "2026-06-10T07:45:47Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "elemental-register-1.7.5-slfo.1.1_1.1.aarch64",
"product": {
"name": "elemental-register-1.7.5-slfo.1.1_1.1.aarch64",
"product_id": "elemental-register-1.7.5-slfo.1.1_1.1.aarch64"
}
},
{
"category": "product_version",
"name": "elemental-support-1.7.5-slfo.1.1_1.1.aarch64",
"product": {
"name": "elemental-support-1.7.5-slfo.1.1_1.1.aarch64",
"product_id": "elemental-support-1.7.5-slfo.1.1_1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "elemental-register-1.7.5-slfo.1.1_1.1.x86_64",
"product": {
"name": "elemental-register-1.7.5-slfo.1.1_1.1.x86_64",
"product_id": "elemental-register-1.7.5-slfo.1.1_1.1.x86_64"
}
},
{
"category": "product_version",
"name": "elemental-support-1.7.5-slfo.1.1_1.1.x86_64",
"product": {
"name": "elemental-support-1.7.5-slfo.1.1_1.1.x86_64",
"product_id": "elemental-support-1.7.5-slfo.1.1_1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-register-1.7.5-slfo.1.1_1.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.aarch64"
},
"product_reference": "elemental-register-1.7.5-slfo.1.1_1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-register-1.7.5-slfo.1.1_1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.x86_64"
},
"product_reference": "elemental-register-1.7.5-slfo.1.1_1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-support-1.7.5-slfo.1.1_1.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.aarch64"
},
"product_reference": "elemental-support-1.7.5-slfo.1.1_1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-support-1.7.5-slfo.1.1_1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.x86_64"
},
"product_reference": "elemental-support-1.7.5-slfo.1.1_1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-58190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58190"
}
],
"notes": [
{
"category": "general",
"text": "The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58190",
"url": "https://www.suse.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "SUSE Bug 1251309 for CVE-2025-58190",
"url": "https://bugzilla.suse.com/1251309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:45:47Z",
"details": "moderate"
}
],
"title": "CVE-2025-58190"
},
{
"cve": "CVE-2026-25680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25680"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25680",
"url": "https://www.suse.com/security/cve/CVE-2026-25680"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-25680",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:45:47Z",
"details": "important"
}
],
"title": "CVE-2026-25680"
},
{
"cve": "CVE-2026-25681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25681"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25681",
"url": "https://www.suse.com/security/cve/CVE-2026-25681"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-25681",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:45:47Z",
"details": "important"
}
],
"title": "CVE-2026-25681"
},
{
"cve": "CVE-2026-27136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27136"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27136",
"url": "https://www.suse.com/security/cve/CVE-2026-27136"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-27136",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:45:47Z",
"details": "important"
}
],
"title": "CVE-2026-27136"
},
{
"cve": "CVE-2026-33186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33186"
}
],
"notes": [
{
"category": "general",
"text": "gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33186",
"url": "https://www.suse.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "SUSE Bug 1260085 for CVE-2026-33186",
"url": "https://bugzilla.suse.com/1260085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:45:47Z",
"details": "important"
}
],
"title": "CVE-2026-33186"
},
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:45:47Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-39821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39821"
}
],
"notes": [
{
"category": "general",
"text": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39821",
"url": "https://www.suse.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "SUSE Bug 1266474 for CVE-2026-39821",
"url": "https://bugzilla.suse.com/1266474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:45:47Z",
"details": "important"
}
],
"title": "CVE-2026-39821"
},
{
"cve": "CVE-2026-42502",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42502"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42502",
"url": "https://www.suse.com/security/cve/CVE-2026-42502"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-42502",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:45:47Z",
"details": "important"
}
],
"title": "CVE-2026-42502"
},
{
"cve": "CVE-2026-42506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42506"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42506",
"url": "https://www.suse.com/security/cve/CVE-2026-42506"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-42506",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.5-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T07:45:47Z",
"details": "important"
}
],
"title": "CVE-2026-42506"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…