Security update for cockpit (important)

openSUSE security update: security update for cockpit ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20504-1 Rating: important References: bsc1257836 bsc1258641 Cross-References: CVE-2026-25547 CVE-2026-26996 CVSS scores: CVE-2026-25547 SUSE : 7.5...

Security update for cockpit-subscriptions (important)

openSUSE security update: security update for cockpit-subscriptions ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20532-1 Rating: important References: bsc1258637 Cross-References: CVE-2026-26996 CVSS scores: CVE-2026-26996 SUSE : 7.5...

SUSE-SU-2026:21245-1 Security update for cockpit-tukit

This update for cockpit-tukit fixes the following issues: - CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive resource consumption and crash a Node.js process bsc1257836. - CVE-2026-26996: minimatch: processing of glob pattern containing repeated wildcards...

SUSE-SU-2026:21256-1 Security update for cockpit-podman

This update for cockpit-podman fixes the following issues: - CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive resource consumption and crash a Node.js process bsc1257836. - CVE-2026-26996: minimatch: processing of glob pattern containing repeated wildcards...

CVE-2026-40319 Giskard has a Regular Expression Denial of Service (ReDoS) in RegexMatching Check

Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search without any timeout or complexity guard. A crafted regex pattern can trigger catastrophic backtracking,...

SUSE-SU-2026:21241-1 Security update for cockpit

This update for cockpit fixes the following issues: - CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive resource consumption and crash a Node.js process bsc1257836. - CVE-2026-26996: minimatch: processing of glob pattern containing repeated wildcards followed ...

SUSE-SU-2026:21191-1 Security update for cockpit-subscriptions

This update for cockpit-subscriptions fixes the following issue: - CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string bsc1258637...

SUSE-SU-2026:21111-1 Security update for cockpit-subscriptions

This update for cockpit-subscriptions fixes the following issue: - CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string bsc1258637...

OPENSUSE-SU-2026:20532-1 Security update for cockpit-subscriptions

This update for cockpit-subscriptions fixes the following issue: - CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string bsc1258637...

RockyLinux 8 : ruby:2.5 (RLSA-2023:7025)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:7025 advisory. ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: Buffer overrun in String-to-Float conversion CVE-2022-28739 ruby: ReDoS vulnerability i...

SUSE-SU-2026:21024-1 Security update for cockpit-machines

This update for cockpit-machines fixes the following issues: - CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive resource consumption and crash a Node.js process bsc1257836. - CVE-2026-26996: minimatch: processing of glob pattern containing repeated wildcards...

SUSE-SU-2026:21022-1 Security update for cockpit

This update for cockpit fixes the following issues: - CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive resource consumption and crash a Node.js process bsc1257836. - CVE-2026-26996: minimatch: processing of glob pattern containing repeated wildcards followed ...

Security update for cockpit-machines

This update for cockpit-machines fixes the following issues: CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and may crash a Node.js process bsc1257836. CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive...

OPENSUSE-SU-2026:20502-1 Security update for cockpit-podman

This update for cockpit-podman fixes the following issues: - CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and may crash a Node.js process bsc1257836. - CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive...

Zod jsVideoUrlParser vulnerable to ReDoS in util.js

A weakness has been identified in Zod jsVideoUrlParser up to 0.5.1. The impacted element is the function getTime in the library lib/util.js. This manipulation of the argument timestamp causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit ha...

openSUSE 16 Security Update : cockpit-packages (openSUSE-SU-2026:20469-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20469-1 advisory. This update for cockpit-packages fixes the following issue: Update cockpit-packages to version 4: - CVE-2026-26996: minimatch: ReDoS when glob pattern...

Atlassian Jira Service Management Data Center and Server 5.17.2 < 10.3.17 / 10.4.x < 11.3.0 (JSDSERVER-16515)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16515 advisory. - Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are...

SUSE SLES16 Security Update : cockpit-repos (SUSE-SU-2026:20997-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:20997-1 advisory. This update for cockpit-repos fixes the following issue: - CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive...

CVE-2026-5986

CVE-2026-5986 affects the Zod jsVideoUrlParser, specifically the getTime function in lib/util.js. The issue arises from manipulating the timestamp argument, causing inefficient regular-expression complexity (redos) that can be triggered remotely. Public exploit code exists (proof-of-concept level...

Security Bulletin: Multiple Vulnerabilities in IBM watsonx Code Assistant On Prem

Summary Multiple vulnerabilities were addressed in IBM watsonx Code Assistant On Prem V5.3.1 Patch 1 Vulnerability Details CVEID:CVE-2024-58340 DESCRIPTION: LangChain versions up to and including 0.3.1 contain a regular expression denial-of-service ReDoS vulnerability in the MRKLOutputParser.pars...