AZL-75548 CVE-2025-11065 affecting package skopeo 1.14.4-7

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...

MiracleLinux 9 : skopeo-1.16.1-2.el9_5 (AXSA:2024-9497:07)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9497:07 advisory. encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156...

CVE-2025-58183 affecting package skopeo for versions less than 1.14.4-7

CVE-2025-58183 affecting package skopeo for versions less than 1.14.4-7. A patched version of the package is available...

AZL-66762 CVE-2025-58058 affecting package skopeo for versions less than 1.14.4-6

xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...

AZL-57186 CVE-2025-27144 affecting package skopeo for versions less than 1.14.2-10

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...