SUSE-SU-2026:21952-1 Security update for helm

This update for helm fixes the following issues Security issues: - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265758. - CVE-2026-41888: github.com/distribution/distribution/v3: tag deletion bypasses the storage.delete.enabled...

OPENSUSE-SU-2026:20860-1 Security update for helm

This update for helm fixes the following issues Security issues: - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265758. - CVE-2026-41888: github.com/distribution/distribution/v3: tag deletion bypasses the storage.delete.enabled...

SUSE SLES15 Security Update : helm (SUSE-SU-2026:2049-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2049-1 advisory. This update for helm fixes the following issues Security issues: - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2...

SUSE-SU-2026:2049-1 Security update for helm

This update for helm fixes the following issues Security issues: - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265758. - CVE-2026-41888: github.com/distribution/distribution/v3: tag deletion bypasses the storage.delete.enabled...

SUSE-SU-2026:21635-1 Security update for helm

This update for helm fixes the following issues Security issues: - CVE-2025-55199: crafted JSON Schema can lead to out of memory OOM termination bsc1248093. - CVE-2026-35206: github.com/helm/helm: Helm: Files written to unexpected directory via specially crafted Chart bsc1261938. Non security...

SUSE-SU-2026:21628-1 Security update for helm

This update for helm fixes the following issues Security issues: - CVE-2025-55199: crafted JSON Schema can lead to out of memory OOM termination bsc1248093. - CVE-2026-35206: github.com/helm/helm: Helm: Files written to unexpected directory via specially crafted Chart bsc1261938. Non security...

openSUSE 16 Security Update : v2ray-core (openSUSE-SU-2026:20584-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20584-1 advisory. Changes in v2ray-core: - Update version to 5.47.0 Add sticky choice option for leastping Add support for enrollment links in tlsmirror Add Wireguard...

MAL-2026-2508 Malicious code in @fairwords/websocket (npm)

The @fairwords/websocket package was compromised as part of the TeamPCP/CanisterWorm campaign. A postinstall hook executes node scripts/check-env.js || true which performs multi-stage credential harvesting, encrypted exfiltration, and self-propagation. The payload harvests 40+ environment variabl...

PT-2026-22773

Name of the Vulnerable Software and Affected Versions HomeBox versions prior to 0.24.0-rc.1 Description HomeBox is a home inventory and organization system. A stored cross-site scripting XSS issue exists in the item attachment upload functionality. The application does not properly validate or...

CLSA-2026-1768861951 Update of gnutls

Backport CVE fixes - Bump version to solve conflict with community package...

CLSA-2026-1767617422 Update of vim

Bump version...

CLSA-2025-1765545248 Update of ImageMagick

Bump release to 6.9.10.68-7.0.3.tuxcare.els1...

CLSA-2025-1763059190 Update of gnutls

Bump the version...

Malicious code in yuda-24 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a8344478dd73acd6806529eadcb22a8323ac6ad0dd1ac9b71a9f6d3208a8539 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145359 Malicious code in neptune-eridanus-jabbah-wolf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector daf8e91c6a667fe241fd67d4152b461ba2a0c007607acea3a94c86dcbddc4247 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in wibowo-saguer77-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4bb011856af81d079928eb98f0f220ff817cbd0346bf2e2038df666c911c4b94 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-74177 Malicious code in lisa-kue38-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a98f5b47e562064a3ddee9bd88b71a86c84af1dead750f203c0b8324f01e361e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-62542 Malicious code in dian-nasi56-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c54a7164e488998a7bc70ccd0a6b219d1743c610659d20b84a5e733f69c474a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Fedora 43 : cri-o1.31 (2025-20a9e0e990)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-20a9e0e990 advisory. - Update to release v1.31.13 - Resolves: rhbz2333357, rhbz2398406, rhbz2398661, rhbz2399063, rhbz2399337 - Upstream fix Tenable has extracted the...

CLSA-2025-1760704001 Update of sudo

Bump version to 1.8.23-10.0.1.3...