43 matches found
Security update for enc (important)
openSUSE Security Update: Security update for enc Announcement ID: openSUSE-SU-2026:0245-1 Rating: important References: 1265533 Cross-References: CVE-2026-1229 CVSS scores: CVE-2026-1229 SUSE: 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N Affected Products: openSUSE Backpor...
SUSE-SU-2026:22554-1 Security update for rust-keylime
This update for rust-keylime fixes the following issues: Update to version 0.2.9+49. Security issues fixed: - CVE-2026-41676: openssl: Deriver:derive and PkeyCtxRef:derive can overflow short buffers on OpenSSL 1.1.1 bsc1270174. - CVE-2026-41677: openssl: out-of-bounds read in PEM password callbac...
SUSE SLES12 Security Update : google-cloud-sap-agent (SUSE-SU-2026:2683-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2683-1 advisory. - CVE-2026-39821: Update golang.org/x/net dependency bsc1266604. Tenable has extracted the preceding description block directly from the SUS...
SUSE SLES15 Security Update : google-cloud-sap-agent (SUSE-SU-2026:2682-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2682-1 advisory. - CVE-2026-39821: Update golang.org/x/net dependency bsc1266604. Tenable has extracted the preceding description block directly from the SUS...
Security update for helm (important)
openSUSE security update: security update for helm ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20994-1 Rating: important References: bsc1266598 Cross-References: CVE-2026-39821 CVSS scores: CVE-2026-39821 SUSE : 7.4...
SUSE-SU-2026:2665-1 Security update for google-osconfig-agent
This update for google-osconfig-agent fixes the following issues: - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260264. - CVE-2026-39821: Update golang.org/x/net/idna dependency bsc1266603. - CVE-2026-39827: Update...
openSUSE 16 Security Update : enc (openSUSE-SU-2026:20948-1)
The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20948-1 advisory. Changes in enc: - CVE-2026-1229: Fix incorrect value bsc1265533 Bump circl to 1.6.3 - Update to 1.1.5: Update dependencies 10 - Update to 1.1.4: Update...
SUSE-SU-2026:22133-1 Security update for google-guest-agent
This update for google-guest-agent fixes the following issues: Update to version 20260430.00: Update dependencies and go version to 1.26.2 607 bsc1265762, CVE-2026-33814 Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 604 bsc1260264, CVE-2026-33186 Backport oslogin changes for sles16 to...
SUSE-SU-2026:22066-1 Security update for elemental-operator
This update for elemental-operator fixes the following issue - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo- header bsc1260277. Changes for elemental-operator: - Fix substitution - Fix reference in labels - Adapt labels to pass...
Security update for gosec (moderate)
openSUSE Security Update: Security update for gosec Announcement ID: openSUSE-SU-2026:0167-1 Rating: moderate References: Cross-References: CVE-2025-22891 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available. Description: This update for gosec...
Fedora 44 : fido-device-onboard (2026-9e223ca14f)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-9e223ca14f advisory. Automatic update for fido-device-onboard-0.5.5-8.fc44. Changelog for fido-device-onboard Wed Apr 01 2026 Peter Robinson - 0.5.5-8 - Rebuild for...
com.c0x12c:module-ai-image (>=0.12.0 <=0.13.13), com.c0x12c:module-ai-module-impl (>=0.5.0 <=0.13.13) +361 more potentially affected by CVE-2026-33013 via io.micronaut:micronaut-json-core (>=4.0.0-M1 <=4.10.15)
io.micronaut:micronaut-json-core MAVEN version =4.0.0-M1, =0.12.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.10.0, =0.8.0, =0.5.0, =0.2.15, =1.15.0.516, =0.0.41, =3.2.0, =3.5.0 and more Source cves: CVE-2026-33013 Source advisory: SNYK:JAVA-IOMICRONAUT-15682607...
GHSA-8FH9-C4JQ-94H4 idunno.Bluesky, idunno.AtProto and idunno.AtProto.OAuthCallback Denial of Service Vulnerability
idunno.Bluesky, idunno.AtProto and idunno.AtProto.OAuthCallback Denial of Service Vulnerability Impact The Microsoft.Bcl.Memory package, a transitive dependency of idunno.AtProto and idunno.AtProto.OAuthCallback had a Denial of Service security vulnerability, CVE-2026-26127 Patches v1.7.0 updates...
Security update for rust-keylime
This update for rust-keylime fixes the following issues: Update to version 0.2.8+116. Security issues fixed: CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257908. Other updates and bugfixes: Update vendored crates time to version...
openSUSE 16 Security Update : sbctl (openSUSE-SU-2026:20105-1)
The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20105-1 advisory. Changes in sbctl: - Upgrade the embedded golang.org/x/net to 0.46.0 Fixes: bsc1251399, CVE-2025-47911: various algorithms with quadratic...
SUSE-SU-2025:21150-1 Security update for libvirt
This update for libvirt fixes the following issues: - CVE-2025-13193: Fixed Information disclosure via world-readable VM snapshots bsc1253703 - CVE-2025-12748: Fixed Denial of service in XML parsing bsc1253278 Other fixes: - spec: Adjust dbus dependency bsc1253642 - qemu: Add support for Intel TD...
SUSE-SU-2025:3783-1 Security update for afterburn
This update for afterburn fixes the following issues: Update to version 5.9.0.git21.a73f509. Security issues fixed: - CVE-2022-24713: regex: no proper complexity limitation when parsing untrusted regular expressions with large repetitions on empty sub-expressions can lead to excessive resource...
Security update for rust-keylime
This update for rust-keylime fixes the following issues: Update vendored crate slab to version 0.4.11 CVE-2025-55159: Fixed incorrect bounds check in getdisjointmut function leading to undefined behavior or potential crash due to out-of-bounds access bsc1248006 Update to version 0.2.8+12:...
SUSE SLES15 / openSUSE 15 Security Update : amber-cli (SUSE-SU-2025:02769-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:02769-1 advisory. - Update to version 1.13.1+git20250329.c2e3bb8: CVE-2025-30204: Fixed jwt-go excessive memory allocation during header parsin...
BIT-HELM-2025-53547 Helm Chart Dependency Updating With Malicious Chart.yaml Content And Symlink Can Lead To Code Execution
Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when...