56 matches found
Exploring the SECURITY.Md in the Dependency Chain: Preliminary Analysis of the PyPI Ecosystem
Security policies, such as SECURITY.md files, are now common in open-source projects. They help guide responsible vulnerability reporting and build trust among users and contributors. Despite their growing use, it is still unclear how these policies influence the structure and evolution of softwa...
SUSE-RU-2025:20961-1 Recommended update for afterburn
This update for afterburn fixes the following issues: - Update to version 5.9.0.git21.a73f509: docs/release-notes: update for release 5.10.0 cargo: update dependencies microsoft/azure: Add XML attribute alias for serde-xml-rs Fedora compat docs/release-notes: Add entry for Azure SharedConfig XML...
SUSE-SU-2025:3784-1 Security update for afterburn
This update for afterburn fixes the following issues: Update to version 5.9.0.git21.a73f509. Security issues fixed: - CVE-2022-24713: regex: no proper complexity limitation when parsing untrusted regular expressions with large repetitions on empty sub-expressions can lead to excessive resource...
Security update for afterburn (important)
openSUSE Security Update: Security update for afterburn Announcement ID: openSUSE-SU-2025:0386-1 Rating: important References: 1244675 1250471 Cross-References: CVE-2025-5791 CVSS scores: CVE-2025-5791 SUSE: 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N Affected Products:...
ROS-20250822-15
Package manager vulnerability for Helm is related to local code execution when updating dependencies. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...
Helm Chart Dependency Updating With Malicious Chart.yaml Content And Symlink Can Lead To Code Execution
...
SUSE CVE-2025-53547
Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when...
Local Code Execution (LCE)
helm.sh/helm/v3 is vulnerable to Local Code Execution LCE. The vulnerability is due to insufficient validation and sanitization of the Chart.yaml and Chart.lock files during dependency updates, allowing a maliciously crafted file to trigger local code execution...
Arbitrary Code Injection
Overview helm.sh/helm/v3/pkg/downloader is a Package downloader provides a library for downloading charts. Affected versions of this package are vulnerable to Arbitrary Code Injection via the writeLock function. An attacker can execute arbitrary code by supplying crafted chart templates containin...
SUSE-SU-2025:20278-1 Security update for helm
This update for helm fixes the following issues: - Update to version 3.17.2 bsc1238688, CVE-2025-22870: Updating to 0.37.0 for x/net builddeps: bump the k8s-io group with 7 updates - Update to version 3.17.1: merge null child chart objects builddeps: bump the k8s-io group with 7 updates fix: chec...
SUSE-SU-2025:1143-1 Security update for google-guest-agent
This update for google-guest-agent fixes the following issues: - CVE-2024-45337: golang.org/x/crypto/ssh: Fixed misuse of ServerConfig.PublicKeyCallback leading to authorization bypass bsc1234563. Other fixes: - Updated to version 20250327.01 bsc1239763, bsc1239866 Remove error messages from...
OPENSUSE-SU-2025:0103-1 Security update for cadvisor
This update for cadvisor fixes the following issues: - update to 0.52.1: Make resctrl optional/pluggable - update to 0.52.0: bump containerd related deps: api v1.8.0; errdefs v1.0.0; ttrpc v1.2.6 chore: Update Prometheus libraries bump runc to v1.2.4 Add Pressure Stall Information Metrics Switch ...
SUSE-SU-2025:20019-1 Security update for skopeo
This update for skopeo fixes the following issues: - Update to version 1.14.4: CVE-2024-3727: digest type does not guarantee valid type bsc1224123 Packit: update packit targets Bump gopkg.in/go-jose to v2.6.3 Bump ocicrypt and go-jose CVE-2024-28180 Freeze the fedora-minimal image reference at...
openSUSE 15 Security Update : etcd (openSUSE-SU-2025:0003-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025:0003-1 advisory. Update to version 3.5.12: Bump golang.org/x/crypto to v0.17+ to address CVE-2023-48795 test: fix TestHashKVWhenCompacting: ensure all goroutine...
Security update for SUSE Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: Security fixes on Python 3.11 interpreter: CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes bsc1229873, bsc1230059 CVE-2024-8088: Prevent malformed payload to cause infinite loops in zipfile.Path...
Security update for libreoffice
This update for libreofficefixes the following issues: libreoffice was updated to version 24.8.1.2 jscPED-10362: Release notes: https://wiki.documentfoundation.org/Releases/24.8.0/RC1 and https://wiki.documentfoundation.org/Releases/24.8.0/RC2 and...
OPENSUSE-SU-2024:0231-1 Security update for python-notebook
This update for python-notebook fixes the following issues: - Update to 5.7.11 sanitizer fix CVE-2021-32798 boo1227583 - Update to 5.7.10 no upstream changelog - Update to 5.7.9 Update JQuery dependency to version 3.4.1 to fix security vulnerability CVE-2019-11358 Update from preact to React...
openSUSE Security Advisory (SUSE-SU-2024:2542-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
pcs security update
0.10.18-2.0.1 - Replace HAM-logo.png with a generic one 0.10.18-2 - Fixed CVE-2024-25126, CVE-2024-26141, CVE-2024-26146 in bundled dependency rack Resolves: RHEL-26445, RHEL-26447, RHEL-26449 0.10.18-1 - Rebased to the latest sources see CHANGELOG.md Resolves: RHEL-7741 0.10.17-6 - Rebased to th...
SUSE-SU-2024:1497-1 Security update for skopeo
This update for skopeo fixes the following issues: - Update to version 1.14.2: release-1.14 Bump Skopeo to v1.14.2 release-1.14 Bump c/image to v5.29.2, c/common to v0.57.3 fixes bsc1219563 - Update to version 1.14.1: Bump to v1.14.1 fixdeps: update module github.com/containers/common to v0.57.2...