SUSE SLES15 / openSUSE 15 Security Update : terraform-provider-local, terraform-provider-random, terraform-provider-tls (SUSE-SU-2026:1411-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1411-1 advisory. This update for terraform-provider-local, terraform-provider-random, terraform-provider-tls fixes the following issue...

Security update for terraform-provider-local, terraform-provider-random, terraform-provider-tls

This update for terraform-provider-local, terraform-provider-random, terraform-provider-tls fixes the following issue: CVE-2026-25934: github.com/go-git/go-git/v5: improper verification of data integrity values for .pack and .idx files can lead to the consumption of corrupted files bsc1258097...

SUSE-SU-2026:1411-1 Security update for terraform-provider-local, terraform-provider-random, terraform-provider-tls

This update for terraform-provider-local, terraform-provider-random, terraform-provider-tls fixes the following issue: - CVE-2026-25934: github.com/go-git/go-git/v5: improper verification of data integrity values for .pack and .idx files that can lead to the consumption of corrupted files...

GHSA-7MR4-XJXG-34G6 vulnerabilities

Vulnerabilities for packages: grafana-rollout-operator, wave, buildah, mattermost, kaf, kyverno-policy-reporter-ui, spire-controller-manager, terraform, rclone, prometheus-blackbox-exporter, mcp-grafana, xeol, certificate-transparency, cloud-sql-proxy, kubernetes-csi-external-resizer,...

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: grafana-rollout-operator, gostatsd, git-credential-oauth, kaf, spire-controller-manager, rclone, ctop, nri-f5, postgres-operator, harbor-scanner-trivy, gatekeeper, cluster-api-ipam-provider-in-cluster, gitaly, telegraf, kafka-proxy, apache-exporter, cert-exporter,...

CVE-2026-27140 vulnerabilities

Vulnerabilities for packages: grafana-rollout-operator, gostatsd, git-credential-oauth, kaf, spire-controller-manager, rclone, ctop, nri-f5, postgres-operator, harbor-scanner-trivy, gatekeeper, cluster-api-ipam-provider-in-cluster, gitaly, telegraf, elvish, gotestsum, kafka-proxy, xcaddy,...

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: grafana-rollout-operator, gostatsd, git-credential-oauth, kaf, spire-controller-manager, rclone, ctop, nri-f5, postgres-operator, harbor-scanner-trivy, gatekeeper, cluster-api-ipam-provider-in-cluster, gitaly, telegraf, kafka-proxy, apache-exporter, cert-exporter,...

GHSA-GJVH-7JH8-7XHM vulnerabilities

Vulnerabilities for packages: cluster-api-aws-controller-fips, kubevirt-cdi-operator, crane, kcp, kube-bench, trivy, gitlab-kas, nfpm, crossplane-provider-aws-acm-fips, kepler, s5cmd-fips, yace-fips, postgres-operator-fips, longhorn-share-manager, aws-application-networking-k8s-fips,...

GHSA-5W89-2C2X-6X66 vulnerabilities

Vulnerabilities for packages: kubevirt-cdi-operator, crane, gitlab-kas, yace-fips, amazon-cloudwatch-agent, kor, gitlab-operator-fips, kyverno-policy-reporter-fips, prometheus-mongodb-exporter-fips, openbao-k8s, custom-pod-autoscaler-operator, xeol-fips, linkerd2, opensearch-k8s-operator,...

CVE-2026-32280 vulnerabilities

Vulnerabilities for packages: cluster-api-aws-controller-fips, kubevirt-cdi-operator, crane, kcp, kube-bench, trivy, gitlab-kas, nfpm, crossplane-provider-aws-acm-fips, kepler, s5cmd-fips, yace-fips, postgres-operator-fips, longhorn-share-manager, aws-application-networking-k8s-fips,...

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: cluster-api-aws-controller-fips, kubevirt-cdi-operator, crane, kcp, kube-bench, trivy, gitlab-kas, nfpm, crossplane-provider-aws-acm-fips, kepler, s5cmd-fips, yace-fips, postgres-operator-fips, longhorn-share-manager, aws-application-networking-k8s-fips,...

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: cluster-api-aws-controller-fips, kubevirt-cdi-operator, crane, kcp, kube-bench, trivy, gitlab-kas, nfpm, crossplane-provider-aws-acm-fips, kepler, s5cmd-fips, yace-fips, postgres-operator-fips, longhorn-share-manager, aws-application-networking-k8s-fips,...

GHSA-HFVC-G4FC-PQHX vulnerabilities

Vulnerabilities for packages: grafana-rollout-operator, podinfo, traefik, grafana-alloy, k8sgateway, kubo, tekton-chains, grafana-image-renderer, jaeger-operator, mcp-grafana, xeol, kubernetes-csi-external-resizer, ferretdb, buildkitd, gatekeeper, cluster-api-ipam-provider-in-cluster, cerbos,...

GO-2026-4737 Terraform Provider for ArgoCD has possible exposure to GO-2026-4337 / CVE-2025-68121 in github.com/argoproj-labs/terraform-provider-argocd

Terraform Provider for ArgoCD has possible exposure to GO-2026-4337 / CVE-2025-68121 in github.com/argoproj-labs/terraform-provider-argocd...

GHSA-594F-3595-C47V Terraform Provider for ArgoCD has possible exposure to GO-2026-4337 / CVE-2025-68121

Summary The terraform-provider-argocd might have been vulnerable to GO-2026-4337 / CVE-2025-68121 "Unexpected session resumption in crypto/tls". Details See https://pkg.go.dev/vuln/GO-2026-4337 for the upstream vulnerability. Provider versions starting with v7.15.1 are using go 1.25.8 for buildin...

Terraform Provider for ArgoCD has possible exposure to GO-2026-4337 / CVE-2025-68121

Summary The terraform-provider-argocd might have been vulnerable to GO-2026-4337 / CVE-2025-68121 "Unexpected session resumption in crypto/tls". Details See https://pkg.go.dev/vuln/GO-2026-4337 for the upstream vulnerability. Provider versions starting with v7.15.1 are using go 1.25.8 for buildin...

GO-2026-4673 Terraform Provider for SendGrid: TLS Session Resumption Bypasses Certificate Authority Trust Store Modifications in Go in github.com/arslanbekov/terraform-provider-sendgrid

Terraform Provider for SendGrid: TLS Session Resumption Bypasses Certificate Authority Trust Store Modifications in Go in github.com/arslanbekov/terraform-provider-sendgrid...

Terraform Provider for SendGrid: TLS Session Resumption Bypasses Certificate Authority Trust Store Modifications in Go

Summary A critical vulnerability has been identified at https://security.snyk.io/package/linux/chainguard:latest/terraform-provider-sendgrid, associated with the underlying Go version. If the server's TLS configuration is mutated between connections — for example, a CA is removed from the trusted...

azion-terraform-generator

azion-terraform...

GHSA-8FJ7-8H3W-XWFM vulnerabilities

Vulnerabilities for packages: mattermost, traefik, grafana-alloy, kubo, crossplane-provider-family-aws, cloud-sql-proxy, crossplane-provider-aws-cloudformation, terraform-provider-aws, crossplane-provider-aws-kms, telegraf, tekton-pipelines, crossplane-provider-aws-cloudfront,...