openSUSE 16 Security Update : trivy (openSUSE-SU-2026:20833-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20833-1 advisory. Changes in trivy: - update x/crypto to 0.52.0 bsc1266075, CVE-2026-39827, CVE-2026-39834,CVE-2026-39828,CVE-2026-39829,CVE-2026-39831,...

OPENSUSE-SU-2026:20838-1 Security update for hauler

This update for hauler fixes the following issues: Changes in hauler: - update x/crypto to 0.52.0 bsc1266167, CVE-2026-39827, CVE-2026-39834,CVE-2026-39828,CVE-2026-39829,CVE-2026-39831, CVE-2026-42508,CVE-2026-39833,CVE-2026-39830,CVE-2026-39832,...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to the NewKeyring function not enforcing the ConfirmBeforeUse constraint. An attacker can perform unauthorized signing operations by adding keys with constraints that are silently ignored. Remediation Upgrade...

Allocation of Resources Without Limits or Throttling

Overview golang.org/x/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the public key parsers. An attacker can exhaust CPU resources by submitting crafted RSA or DSA public keys with excessively larg...

Integer Overflow or Wraparound

Overview golang.org/x/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the payload size calculation within the Write process. An attacker can cause the process to enter an infinite loop and exhaust system resources by...

Integer Overflow or Wraparound

Overview github.com/golang/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the payload size calculation within the Write process. An attacker can cause the process to enter an infinite loop and exhaust system resources by...

Improper Authentication

Overview github.com/golang/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Improper Authentication due to the Verify method not checking the User Presence flag in FIDO/U2F security key types. An attacker can perform unauthorized authentication by generati...

Improper Authentication

Overview golang.org/x/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Improper Authentication due to the Verify method not checking the User Presence flag in FIDO/U2F security key types. An attacker can perform unauthorized authentication by generating...

Missing Release of Resource after Effective Lifetime

Overview golang.org/x/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime through the handling of unsolicited global request responses, which can fill an internal buffer and block the connection's read loop...

Incorrect Type Conversion or Cast

Overview github.com/golang/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast due to an incorrectly placed cast from bytes to int in the AES-GCM packet decoder process. An attacker can cause a server-side panic by sending...

Incorrect Authorization

Overview github.com/golang/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Incorrect Authorization due to improper enforcement of permissions in the VerifiedPublicKeyCallback process. An attacker can bypass source-address validation by passing a callback...

Incorrect Type Conversion or Cast

Overview Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast due to the improper handling of crafted input data in the ed25519.PrivateKey component. An attacker can cause the client to panic by supplying malformed wire bytes. Remediation Upgrade...

Improper Check for Certificate Revocation

Overview Affected versions of this package are vulnerable to Improper Check for Certificate Revocation in the SignatureKey verification process. An attacker can bypass revocation enforcement by presenting a certificate with a revoked SignatureKey, potentially allowing unauthorized access or trust...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection when operating in Restricted Mode, which is enabled for untrusted workspaces. Remediation Upgrade github.com/golang/vscode-go/extension to version 0.52.0-rc.1 or higher. References - GitHub ChangeLog - GitHub...

CVE-2022-24856

FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery SSRF when FlyteConsole is open to the general internet. An attacker can exploit any user of a vulnerable instance to access the internal metadata server...

CVE-2024-32963

Navidrome is an open source web-based music collection server and streamer. In affected versions of Navidrome are subject to a parameter tampering vulnerability where an attacker has the ability to manipulate parameter values in the HTTP requests. The attacker is able to change the parameter valu...

CVE-2024-32963 Parameter Tampering vulnerability in Navidrome

Navidrome is an open source web-based music collection server and streamer. In affected versions of Navidrome are subject to a parameter tampering vulnerability where an attacker has the ability to manipulate parameter values in the HTTP requests. The attacker is able to change the parameter valu...

CVE-2024-32963

Navidrome exposes a parameter tampering vulnerability in HTTP requests that allows an attacker to mutate request body parameters and impersonate other users. The flaw enables actions such as creating playlists, adding songs, posting comments, changing a playlist to public, and assigning the admin...

CVE-2024-32963 Parameter Tampering vulnerability in Navidrome

Navidrome is an open source web-based music collection server and streamer. In affected versions of Navidrome are subject to a parameter tampering vulnerability where an attacker has the ability to manipulate parameter values in the HTTP requests. The attacker is able to change the parameter valu...