Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-1229 (GCVE-0-2026-1229)
Vulnerability from cvelistv5 – Published: 2026-02-24 07:58 – Updated: 2026-02-24 15:10
VLAI
EPSS
Title
Incorrect calculation in CIRCL secp384r1 CombinedMult
Summary
The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas.
ECDH and ECDSA signing relying on this curve are not affected.
The bug was fixed in v1.6.3 https://github.com/cloudflare/circl/releases/tag/v1.6.3 .
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-682 - Incorrect Calculation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/cloudflare/circl |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cloudflare | CIRCL |
Affected:
CIRCL up to version 1.6.2 , < 1.6.3
(custom)
|
Credits
Guido Vranken
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1229",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-24T15:04:09.395394Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T15:10:21.738Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Go"
],
"product": "CIRCL",
"repo": "https://github.com/cloudflare/circl",
"vendor": "Cloudflare",
"versions": [
{
"lessThan": "1.6.3",
"status": "affected",
"version": "CIRCL up to version 1.6.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Guido Vranken"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eThe CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas.\u003cbr\u003eECDH and ECDSA signing relying on this curve are not affected.\u003c/p\u003e\u003cp\u003eThe bug was fixed in \u003cstrong\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/cloudflare/circl/releases/tag/v1.6.3\"\u003ev1.6.3\u003c/a\u003e\u003c/strong\u003e.\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas.\nECDH and ECDSA signing relying on this curve are not affected.\n\nThe bug was fixed in v1.6.3 https://github.com/cloudflare/circl/releases/tag/v1.6.3 ."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NEGLIGIBLE",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 2.9,
"baseSeverity": "LOW",
"exploitMaturity": "PROOF_OF_CONCEPT",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:P/S:N/AU:Y/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-682",
"description": "CWE-682 Incorrect Calculation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T07:58:54.406Z",
"orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"shortName": "cloudflare"
},
"references": [
{
"url": "https://github.com/cloudflare/circl"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Incorrect calculation in CIRCL secp384r1 CombinedMult",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"assignerShortName": "cloudflare",
"cveId": "CVE-2026-1229",
"datePublished": "2026-02-24T07:58:54.406Z",
"dateReserved": "2026-01-20T13:09:57.206Z",
"dateUpdated": "2026-02-24T15:10:21.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-1229",
"date": "2026-06-06",
"epss": "0.00026",
"percentile": "0.07685"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-1229\",\"sourceIdentifier\":\"cna@cloudflare.com\",\"published\":\"2026-02-24T08:16:28.407\",\"lastModified\":\"2026-03-03T00:29:54.160\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas.\\nECDH and ECDSA signing relying on this curve are not affected.\\n\\nThe bug was fixed in v1.6.3 https://github.com/cloudflare/circl/releases/tag/v1.6.3 .\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n CombinedMult en el paquete CIRCL ecc/p384 (curva secp384r1) produce un valor incorrecto para entradas espec\u00edficas. El problema se soluciona utilizando f\u00f3rmulas de adici\u00f3n completas. La firma ECDH y ECDSA que depende de esta curva no se ve afectada.\\n\\nEl error se corrigi\u00f3 en la v1.6.3 https://github.com/cloudflare/circl/releases/tag/v1.6.3.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@cloudflare.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:X/V:X/RE:X/U:Amber\",\"baseScore\":2.9,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"LOW\",\"subIntegrityImpact\":\"LOW\",\"subAvailabilityImpact\":\"LOW\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NEGLIGIBLE\",\"Automatable\":\"YES\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"AMBER\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"cna@cloudflare.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-682\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudflare:circl:*:*:*:*:*:go:*:*\",\"versionEndExcluding\":\"1.6.3\",\"matchCriteriaId\":\"36CDDD6E-5A8A-4017-9B85-4C65E93B8D7F\"}]}]}],\"references\":[{\"url\":\"https://github.com/cloudflare/circl\",\"source\":\"cna@cloudflare.com\",\"tags\":[\"Product\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-1229\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-24T15:04:09.395394Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-24T15:06:03.406Z\"}}], \"cna\": {\"title\": \"Incorrect calculation in CIRCL secp384r1 CombinedMult\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Guido Vranken\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NEGLIGIBLE\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 2.9, \"Automatable\": \"YES\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:P/S:N/AU:Y/U:Amber\", \"exploitMaturity\": \"PROOF_OF_CONCEPT\", \"providerUrgency\": \"AMBER\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"LOW\", \"subConfidentialityImpact\": \"LOW\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/cloudflare/circl\", \"vendor\": \"Cloudflare\", \"product\": \"CIRCL\", \"versions\": [{\"status\": \"affected\", \"version\": \"CIRCL up to version 1.6.2\", \"lessThan\": \"1.6.3\", \"versionType\": \"custom\"}], \"platforms\": [\"Go\"], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/cloudflare/circl\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.5.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas.\\nECDH and ECDSA signing relying on this curve are not affected.\\n\\nThe bug was fixed in v1.6.3 https://github.com/cloudflare/circl/releases/tag/v1.6.3 .\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eThe CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas.\u003cbr\u003eECDH and ECDSA signing relying on this curve are not affected.\u003c/p\u003e\u003cp\u003eThe bug was fixed in \u003cstrong\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://github.com/cloudflare/circl/releases/tag/v1.6.3\\\"\u003ev1.6.3\u003c/a\u003e\u003c/strong\u003e.\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-682\", \"description\": \"CWE-682 Incorrect Calculation\"}]}], \"providerMetadata\": {\"orgId\": \"a22f1246-ba21-4bb4-a601-ad51614c1513\", \"shortName\": \"cloudflare\", \"dateUpdated\": \"2026-02-24T07:58:54.406Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-1229\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-24T15:10:21.738Z\", \"dateReserved\": \"2026-01-20T13:09:57.206Z\", \"assignerOrgId\": \"a22f1246-ba21-4bb4-a601-ad51614c1513\", \"datePublished\": \"2026-02-24T07:58:54.406Z\", \"assignerShortName\": \"cloudflare\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
cleanstart-2026-wb89098
Vulnerability from cleanstart
Published
2026-04-30 00:58
Modified
2026-04-29 07:53
Summary
During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions
Details
Multiple security vulnerabilities affect the openbao-fips package. During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions. See references for individual vulnerability details.
Severity
9.8 (Critical)
References
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "openbao-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.2-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the openbao-fips package. During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-WB89098",
"modified": "2026-04-29T07:53:17Z",
"published": "2026-04-30T00:58:56.861710Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-WB89098.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61727"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61729"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-68121"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-1229"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-25679"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-26958"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-27139"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-27142"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32280"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32281"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32282"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32283"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32289"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33186"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33810"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33816"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-34986"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39883"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-78h2-9frx-2jm8"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-hfvc-g4fc-pqhx"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j88v-2chj-qfwx"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61727"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1229"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26958"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27139"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27142"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32289"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33816"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39883"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions",
"upstream": [
"CVE-2025-61727",
"CVE-2025-61729",
"CVE-2025-68121",
"CVE-2026-1229",
"CVE-2026-25679",
"CVE-2026-26958",
"CVE-2026-27139",
"CVE-2026-27142",
"CVE-2026-32280",
"CVE-2026-32281",
"CVE-2026-32282",
"CVE-2026-32283",
"CVE-2026-32289",
"CVE-2026-33186",
"CVE-2026-33810",
"CVE-2026-33816",
"CVE-2026-34986",
"CVE-2026-39883",
"ghsa-78h2-9frx-2jm8",
"ghsa-hfvc-g4fc-pqhx",
"ghsa-j88v-2chj-qfwx"
]
}
cleanstart-2026-wg17155
Vulnerability from cleanstart
Published
2026-04-30 01:01
Modified
2026-04-29 07:20
Summary
CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs
Details
Multiple security vulnerabilities affect the atlantis package. The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. See references for individual vulnerability details.
Severity
9.8 (Critical)
References
| URL | Type | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "atlantis"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.38.0-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the atlantis package. The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-WG17155",
"modified": "2026-04-29T07:20:13Z",
"published": "2026-04-30T01:01:29.221801Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-WG17155.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-1229"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-f6x5-jh6r-wrfv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j5w8-q4qc-rx2x"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-q9hv-hpm4-hj6x"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-wjrx-6529-hcj3"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1229"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs",
"upstream": [
"CVE-2026-1229",
"ghsa-f6x5-jh6r-wrfv",
"ghsa-j5w8-q4qc-rx2x",
"ghsa-q9hv-hpm4-hj6x",
"ghsa-wjrx-6529-hcj3"
]
}
cleanstart-2026-wh33500
Vulnerability from cleanstart
Published
2026-04-30 01:01
Modified
2026-04-29 07:18
Summary
CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs
Details
Multiple security vulnerabilities affect the atlantis-fips package. The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. See references for individual vulnerability details.
Severity
9.8 (Critical)
References
| URL | Type | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "atlantis-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.40.0-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the atlantis-fips package. The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-WH33500",
"modified": "2026-04-29T07:18:47Z",
"published": "2026-04-30T01:01:30.620494Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-WH33500.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-1229"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-f6x5-jh6r-wrfv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j5w8-q4qc-rx2x"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-q9hv-hpm4-hj6x"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-wjrx-6529-hcj3"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1229"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs",
"upstream": [
"CVE-2026-1229",
"ghsa-f6x5-jh6r-wrfv",
"ghsa-j5w8-q4qc-rx2x",
"ghsa-q9hv-hpm4-hj6x",
"ghsa-wjrx-6529-hcj3"
]
}
cleanstart-2026-wn01990
Vulnerability from cleanstart
Published
2026-04-01 09:11
Modified
2026-03-28 10:05
Summary
Security fixes for CVE-2025-15558, CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-1229, CVE-2026-22703, CVE-2026-22772, CVE-2026-23831, CVE-2026-23991, CVE-2026-23992, CVE-2026-24051, CVE-2026-24117, CVE-2026-24137, CVE-2026-24686, CVE-2026-25679, CVE-2026-25934, CVE-2026-27139, CVE-2026-27141, CVE-2026-27142, CVE-2026-33186, CVE-2026-33481, ghsa-273p-m2cw-6833, ghsa-37cx-329c-33x3, ghsa-38pp-6gcp-rqvm, ghsa-4c4x-jm2x-pf9j, ghsa-59jp-pj84-45mr, ghsa-846p-jg2w-w324, ghsa-9h8m-3fm2-qjrq, ghsa-fcv2-xgw5-pqxf, ghsa-fphv-w9fq-2525, ghsa-jqc5-w2xx-5vq4, ghsa-mqqf-5wvp-8fh8, ghsa-p436-gjf2-799p, ghsa-p77j-4mvh-x3m3, ghsa-q9hv-hpm4-hj6x, ghsa-rjcw-vg7j-m9rc, ghsa-whqx-f9j3-ch6m applied in versions: 3.0.47-r0, 3.0.47-r1
Details
Multiple security vulnerabilities affect the kubescape package. These issues are resolved in later releases. See references for individual vulnerability details.
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "kubescape"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.47-r1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the kubescape package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-WN01990",
"modified": "2026-03-28T10:05:13Z",
"published": "2026-04-01T09:11:39.930179Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-WN01990.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-15558"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61726"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61728"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61730"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61732"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-68119"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-68121"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-1229"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-22703"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-22772"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-23831"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-23991"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-23992"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-24051"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-24117"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-24137"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-24686"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-25679"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-25934"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-27139"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-27141"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-27142"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33186"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33481"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-273p-m2cw-6833"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-37cx-329c-33x3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-38pp-6gcp-rqvm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-4c4x-jm2x-pf9j"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-59jp-pj84-45mr"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-846p-jg2w-w324"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-9h8m-3fm2-qjrq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-fcv2-xgw5-pqxf"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-fphv-w9fq-2525"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-jqc5-w2xx-5vq4"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mqqf-5wvp-8fh8"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-p436-gjf2-799p"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-p77j-4mvh-x3m3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-q9hv-hpm4-hj6x"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-rjcw-vg7j-m9rc"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-whqx-f9j3-ch6m"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15558"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61730"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61732"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68119"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1229"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22703"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22772"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23831"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23991"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23992"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24051"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24117"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24137"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24686"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25934"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27139"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27141"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27142"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33481"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2025-15558, CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-1229, CVE-2026-22703, CVE-2026-22772, CVE-2026-23831, CVE-2026-23991, CVE-2026-23992, CVE-2026-24051, CVE-2026-24117, CVE-2026-24137, CVE-2026-24686, CVE-2026-25679, CVE-2026-25934, CVE-2026-27139, CVE-2026-27141, CVE-2026-27142, CVE-2026-33186, CVE-2026-33481, ghsa-273p-m2cw-6833, ghsa-37cx-329c-33x3, ghsa-38pp-6gcp-rqvm, ghsa-4c4x-jm2x-pf9j, ghsa-59jp-pj84-45mr, ghsa-846p-jg2w-w324, ghsa-9h8m-3fm2-qjrq, ghsa-fcv2-xgw5-pqxf, ghsa-fphv-w9fq-2525, ghsa-jqc5-w2xx-5vq4, ghsa-mqqf-5wvp-8fh8, ghsa-p436-gjf2-799p, ghsa-p77j-4mvh-x3m3, ghsa-q9hv-hpm4-hj6x, ghsa-rjcw-vg7j-m9rc, ghsa-whqx-f9j3-ch6m applied in versions: 3.0.47-r0, 3.0.47-r1",
"upstream": [
"CVE-2025-15558",
"CVE-2025-61726",
"CVE-2025-61728",
"CVE-2025-61730",
"CVE-2025-61732",
"CVE-2025-68119",
"CVE-2025-68121",
"CVE-2026-1229",
"CVE-2026-22703",
"CVE-2026-22772",
"CVE-2026-23831",
"CVE-2026-23991",
"CVE-2026-23992",
"CVE-2026-24051",
"CVE-2026-24117",
"CVE-2026-24137",
"CVE-2026-24686",
"CVE-2026-25679",
"CVE-2026-25934",
"CVE-2026-27139",
"CVE-2026-27141",
"CVE-2026-27142",
"CVE-2026-33186",
"CVE-2026-33481",
"ghsa-273p-m2cw-6833",
"ghsa-37cx-329c-33x3",
"ghsa-38pp-6gcp-rqvm",
"ghsa-4c4x-jm2x-pf9j",
"ghsa-59jp-pj84-45mr",
"ghsa-846p-jg2w-w324",
"ghsa-9h8m-3fm2-qjrq",
"ghsa-fcv2-xgw5-pqxf",
"ghsa-fphv-w9fq-2525",
"ghsa-jqc5-w2xx-5vq4",
"ghsa-mqqf-5wvp-8fh8",
"ghsa-p436-gjf2-799p",
"ghsa-p77j-4mvh-x3m3",
"ghsa-q9hv-hpm4-hj6x",
"ghsa-rjcw-vg7j-m9rc",
"ghsa-whqx-f9j3-ch6m"
]
}
cleanstart-2026-wo87803
Vulnerability from cleanstart
Published
2026-04-01 09:21
Modified
2026-03-25 11:12
Summary
Security fixes for CVE-2025-15558, CVE-2025-47907, CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68119, CVE-2026-1229, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-273p-m2cw-6833, ghsa-2x5j-vhc8-9cwm, ghsa-4c4x-jm2x-pf9j, ghsa-4qg8-fj49-pxjh, ghsa-59jp-pj84-45mr, ghsa-6m8w-jc87-6cr7, ghsa-846p-jg2w-w324, ghsa-f83f-xpx7-ffpw, ghsa-fcv2-xgw5-pqxf, ghsa-fphv-w9fq-2525, ghsa-jqc5-w2xx-5vq4, ghsa-vvgc-356p-c3xw, ghsa-whqx-f9j3-ch6m applied in versions: 1.14.4-r1, 1.14.4-r2, 1.16.1-r2, 1.16.1-r3
Details
Multiple security vulnerabilities affect the kyverno-fips package. These issues are resolved in later releases. See references for individual vulnerability details.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "kyverno-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.16.1-r3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the kyverno-fips package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-WO87803",
"modified": "2026-03-25T11:12:09Z",
"published": "2026-04-01T09:21:04.385167Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-WO87803.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-15558"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-47907"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61726"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61728"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61730"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-68119"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-1229"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-24051"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-25679"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-27139"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-27142"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33186"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-273p-m2cw-6833"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2x5j-vhc8-9cwm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-4c4x-jm2x-pf9j"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-4qg8-fj49-pxjh"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-59jp-pj84-45mr"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-6m8w-jc87-6cr7"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-846p-jg2w-w324"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-f83f-xpx7-ffpw"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-fcv2-xgw5-pqxf"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-fphv-w9fq-2525"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-jqc5-w2xx-5vq4"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-vvgc-356p-c3xw"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-whqx-f9j3-ch6m"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15558"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61730"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68119"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1229"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24051"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27139"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27142"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2025-15558, CVE-2025-47907, CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68119, CVE-2026-1229, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-273p-m2cw-6833, ghsa-2x5j-vhc8-9cwm, ghsa-4c4x-jm2x-pf9j, ghsa-4qg8-fj49-pxjh, ghsa-59jp-pj84-45mr, ghsa-6m8w-jc87-6cr7, ghsa-846p-jg2w-w324, ghsa-f83f-xpx7-ffpw, ghsa-fcv2-xgw5-pqxf, ghsa-fphv-w9fq-2525, ghsa-jqc5-w2xx-5vq4, ghsa-vvgc-356p-c3xw, ghsa-whqx-f9j3-ch6m applied in versions: 1.14.4-r1, 1.14.4-r2, 1.16.1-r2, 1.16.1-r3",
"upstream": [
"CVE-2025-15558",
"CVE-2025-47907",
"CVE-2025-61726",
"CVE-2025-61728",
"CVE-2025-61730",
"CVE-2025-68119",
"CVE-2026-1229",
"CVE-2026-24051",
"CVE-2026-25679",
"CVE-2026-27139",
"CVE-2026-27142",
"CVE-2026-33186",
"ghsa-273p-m2cw-6833",
"ghsa-2x5j-vhc8-9cwm",
"ghsa-4c4x-jm2x-pf9j",
"ghsa-4qg8-fj49-pxjh",
"ghsa-59jp-pj84-45mr",
"ghsa-6m8w-jc87-6cr7",
"ghsa-846p-jg2w-w324",
"ghsa-f83f-xpx7-ffpw",
"ghsa-fcv2-xgw5-pqxf",
"ghsa-fphv-w9fq-2525",
"ghsa-jqc5-w2xx-5vq4",
"ghsa-vvgc-356p-c3xw",
"ghsa-whqx-f9j3-ch6m"
]
}
FKIE_CVE-2026-1229
Vulnerability from fkie_nvd - Published: 2026-02-24 08:16 - Updated: 2026-03-03 00:29
Severity
Summary
The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas.
ECDH and ECDSA signing relying on this curve are not affected.
The bug was fixed in v1.6.3 https://github.com/cloudflare/circl/releases/tag/v1.6.3 .
References
| URL | Tags | ||
|---|---|---|---|
| cna@cloudflare.com | https://github.com/cloudflare/circl | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cloudflare | circl | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudflare:circl:*:*:*:*:*:go:*:*",
"matchCriteriaId": "36CDDD6E-5A8A-4017-9B85-4C65E93B8D7F",
"versionEndExcluding": "1.6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas.\nECDH and ECDSA signing relying on this curve are not affected.\n\nThe bug was fixed in v1.6.3 https://github.com/cloudflare/circl/releases/tag/v1.6.3 ."
},
{
"lang": "es",
"value": "La funci\u00f3n CombinedMult en el paquete CIRCL ecc/p384 (curva secp384r1) produce un valor incorrecto para entradas espec\u00edficas. El problema se soluciona utilizando f\u00f3rmulas de adici\u00f3n completas. La firma ECDH y ECDSA que depende de esta curva no se ve afectada.\n\nEl error se corrigi\u00f3 en la v1.6.3 https://github.com/cloudflare/circl/releases/tag/v1.6.3."
}
],
"id": "CVE-2026-1229",
"lastModified": "2026-03-03T00:29:54.160",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NEGLIGIBLE",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:X/V:X/RE:X/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@cloudflare.com",
"type": "Secondary"
}
]
},
"published": "2026-02-24T08:16:28.407",
"references": [
{
"source": "cna@cloudflare.com",
"tags": [
"Product"
],
"url": "https://github.com/cloudflare/circl"
}
],
"sourceIdentifier": "cna@cloudflare.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-682"
}
],
"source": "cna@cloudflare.com",
"type": "Secondary"
}
]
}
GHSA-Q9HV-HPM4-HJ6X
Vulnerability from github – Published: 2026-02-25 19:17 – Updated: 2026-02-25 19:17
VLAI
Summary
CIRCL has an incorrect calculation in secp384r1 CombinedMult
Details
The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas. ECDH and ECDSA signing relying on this curve are not affected.
The bug was fixed in v1.6.3.
Severity
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/cloudflare/circl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-1229"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-25T19:17:50Z",
"nvd_published_at": "2026-02-24T08:16:28Z",
"severity": "LOW"
},
"details": "The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas.\nECDH and ECDSA signing relying on this curve are not affected.\n\nThe bug was fixed in **[v1.6.3](https://github.com/cloudflare/circl/releases/tag/v1.6.3)**.",
"id": "GHSA-q9hv-hpm4-hj6x",
"modified": "2026-02-25T19:17:50Z",
"published": "2026-02-25T19:17:50Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/cloudflare/circl/security/advisories/GHSA-q9hv-hpm4-hj6x"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1229"
},
{
"type": "WEB",
"url": "https://github.com/cloudflare/circl/pull/583"
},
{
"type": "PACKAGE",
"url": "https://github.com/cloudflare/circl"
},
{
"type": "WEB",
"url": "https://github.com/cloudflare/circl/releases/tag/v1.6.3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:P/S:N/AU:Y/U:Amber",
"type": "CVSS_V4"
}
],
"summary": "CIRCL has an incorrect calculation in secp384r1 CombinedMult"
}
OPENSUSE-SU-2026:10313-1
Vulnerability from csaf_opensuse - Published: 2026-03-09 00:00 - Updated: 2026-03-09 00:00Summary
rclone-1.73.2-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: rclone-1.73.2-1.1 on GA media
Description of the patch: These are all security issues fixed in the rclone-1.73.2-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10313
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.8 (Critical)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.73.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.73.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.73.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.73.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.73.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.73.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.73.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.73.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.73.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.73.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.73.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.73.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.73.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.73.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.73.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.73.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.73.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.73.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.73.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.73.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.73.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.73.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.73.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.73.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
7 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2026-1229/ | self |
| https://www.suse.com/security/cve/CVE-2026-27141/ | self |
| https://www.suse.com/security/cve/CVE-2026-1229 | external |
| https://www.suse.com/security/cve/CVE-2026-27141 | external |
| https://bugzilla.suse.com/1259062 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "rclone-1.73.2-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the rclone-1.73.2-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10313",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10313-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-1229 page",
"url": "https://www.suse.com/security/cve/CVE-2026-1229/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27141 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27141/"
}
],
"title": "rclone-1.73.2-1.1 on GA media",
"tracking": {
"current_release_date": "2026-03-09T00:00:00Z",
"generator": {
"date": "2026-03-09T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10313-1",
"initial_release_date": "2026-03-09T00:00:00Z",
"revision_history": [
{
"date": "2026-03-09T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rclone-1.73.2-1.1.aarch64",
"product": {
"name": "rclone-1.73.2-1.1.aarch64",
"product_id": "rclone-1.73.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "rclone-bash-completion-1.73.2-1.1.aarch64",
"product": {
"name": "rclone-bash-completion-1.73.2-1.1.aarch64",
"product_id": "rclone-bash-completion-1.73.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "rclone-zsh-completion-1.73.2-1.1.aarch64",
"product": {
"name": "rclone-zsh-completion-1.73.2-1.1.aarch64",
"product_id": "rclone-zsh-completion-1.73.2-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rclone-1.73.2-1.1.ppc64le",
"product": {
"name": "rclone-1.73.2-1.1.ppc64le",
"product_id": "rclone-1.73.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rclone-bash-completion-1.73.2-1.1.ppc64le",
"product": {
"name": "rclone-bash-completion-1.73.2-1.1.ppc64le",
"product_id": "rclone-bash-completion-1.73.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rclone-zsh-completion-1.73.2-1.1.ppc64le",
"product": {
"name": "rclone-zsh-completion-1.73.2-1.1.ppc64le",
"product_id": "rclone-zsh-completion-1.73.2-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rclone-1.73.2-1.1.s390x",
"product": {
"name": "rclone-1.73.2-1.1.s390x",
"product_id": "rclone-1.73.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "rclone-bash-completion-1.73.2-1.1.s390x",
"product": {
"name": "rclone-bash-completion-1.73.2-1.1.s390x",
"product_id": "rclone-bash-completion-1.73.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "rclone-zsh-completion-1.73.2-1.1.s390x",
"product": {
"name": "rclone-zsh-completion-1.73.2-1.1.s390x",
"product_id": "rclone-zsh-completion-1.73.2-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rclone-1.73.2-1.1.x86_64",
"product": {
"name": "rclone-1.73.2-1.1.x86_64",
"product_id": "rclone-1.73.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "rclone-bash-completion-1.73.2-1.1.x86_64",
"product": {
"name": "rclone-bash-completion-1.73.2-1.1.x86_64",
"product_id": "rclone-bash-completion-1.73.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "rclone-zsh-completion-1.73.2-1.1.x86_64",
"product": {
"name": "rclone-zsh-completion-1.73.2-1.1.x86_64",
"product_id": "rclone-zsh-completion-1.73.2-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-1.73.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-1.73.2-1.1.aarch64"
},
"product_reference": "rclone-1.73.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-1.73.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-1.73.2-1.1.ppc64le"
},
"product_reference": "rclone-1.73.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-1.73.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-1.73.2-1.1.s390x"
},
"product_reference": "rclone-1.73.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-1.73.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-1.73.2-1.1.x86_64"
},
"product_reference": "rclone-1.73.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-bash-completion-1.73.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-bash-completion-1.73.2-1.1.aarch64"
},
"product_reference": "rclone-bash-completion-1.73.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-bash-completion-1.73.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-bash-completion-1.73.2-1.1.ppc64le"
},
"product_reference": "rclone-bash-completion-1.73.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-bash-completion-1.73.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-bash-completion-1.73.2-1.1.s390x"
},
"product_reference": "rclone-bash-completion-1.73.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-bash-completion-1.73.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-bash-completion-1.73.2-1.1.x86_64"
},
"product_reference": "rclone-bash-completion-1.73.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-zsh-completion-1.73.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-zsh-completion-1.73.2-1.1.aarch64"
},
"product_reference": "rclone-zsh-completion-1.73.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-zsh-completion-1.73.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-zsh-completion-1.73.2-1.1.ppc64le"
},
"product_reference": "rclone-zsh-completion-1.73.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-zsh-completion-1.73.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-zsh-completion-1.73.2-1.1.s390x"
},
"product_reference": "rclone-zsh-completion-1.73.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-zsh-completion-1.73.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-zsh-completion-1.73.2-1.1.x86_64"
},
"product_reference": "rclone-zsh-completion-1.73.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-1229",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-1229"
}
],
"notes": [
{
"category": "general",
"text": "The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas.\nECDH and ECDSA signing relying on this curve are not affected.\n\nThe bug was fixed in v1.6.3 https://github.com/cloudflare/circl/releases/tag/v1.6.3 .",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.73.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.73.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.73.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.73.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.73.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.73.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.73.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.73.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.73.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.73.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.73.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.73.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-1229",
"url": "https://www.suse.com/security/cve/CVE-2026-1229"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.73.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.73.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.73.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.73.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.73.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.73.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.73.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.73.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.73.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.73.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.73.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.73.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rclone-1.73.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.73.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.73.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.73.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.73.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.73.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.73.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.73.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.73.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.73.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.73.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.73.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-09T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2026-1229"
},
{
"cve": "CVE-2026-27141",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27141"
}
],
"notes": [
{
"category": "general",
"text": "Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.73.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.73.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.73.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.73.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.73.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.73.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.73.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.73.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.73.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.73.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.73.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.73.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27141",
"url": "https://www.suse.com/security/cve/CVE-2026-27141"
},
{
"category": "external",
"summary": "SUSE Bug 1259062 for CVE-2026-27141",
"url": "https://bugzilla.suse.com/1259062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.73.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.73.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.73.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.73.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.73.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.73.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.73.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.73.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.73.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.73.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.73.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.73.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rclone-1.73.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.73.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.73.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.73.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.73.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.73.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.73.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.73.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.73.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.73.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.73.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.73.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-09T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-27141"
}
]
}
OPENSUSE-SU-2026:10613-1
Vulnerability from csaf_opensuse - Published: 2026-04-25 00:00 - Updated: 2026-04-25 00:00Summary
kyverno-1.17.2-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: kyverno-1.17.2-1.1 on GA media
Description of the patch: These are all security issues fixed in the kyverno-1.17.2-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10613
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.8 (Critical)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:kyverno-1.17.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-1.17.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-1.17.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-1.17.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:kyverno-1.17.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-1.17.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-1.17.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-1.17.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:kyverno-1.17.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-1.17.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-1.17.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-1.17.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:kyverno-1.17.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-1.17.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-1.17.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-1.17.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:kyverno-1.17.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-1.17.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-1.17.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-1.17.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
15 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2026-1229/ | self |
| https://www.suse.com/security/cve/CVE-2026-24051/ | self |
| https://www.suse.com/security/cve/CVE-2026-33186/ | self |
| https://www.suse.com/security/cve/CVE-2026-34986/ | self |
| https://www.suse.com/security/cve/CVE-2026-4789/ | self |
| https://www.suse.com/security/cve/CVE-2026-1229 | external |
| https://www.suse.com/security/cve/CVE-2026-24051 | external |
| https://bugzilla.suse.com/1259133 | external |
| https://www.suse.com/security/cve/CVE-2026-33186 | external |
| https://bugzilla.suse.com/1260085 | external |
| https://www.suse.com/security/cve/CVE-2026-34986 | external |
| https://www.suse.com/security/cve/CVE-2026-4789 | external |
| https://bugzilla.suse.com/1261190 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "kyverno-1.17.2-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the kyverno-1.17.2-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10613",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10613-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-1229 page",
"url": "https://www.suse.com/security/cve/CVE-2026-1229/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-24051 page",
"url": "https://www.suse.com/security/cve/CVE-2026-24051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33186 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-34986 page",
"url": "https://www.suse.com/security/cve/CVE-2026-34986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-4789 page",
"url": "https://www.suse.com/security/cve/CVE-2026-4789/"
}
],
"title": "kyverno-1.17.2-1.1 on GA media",
"tracking": {
"current_release_date": "2026-04-25T00:00:00Z",
"generator": {
"date": "2026-04-25T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10613-1",
"initial_release_date": "2026-04-25T00:00:00Z",
"revision_history": [
{
"date": "2026-04-25T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kyverno-1.17.2-1.1.aarch64",
"product": {
"name": "kyverno-1.17.2-1.1.aarch64",
"product_id": "kyverno-1.17.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kyverno-bash-completion-1.17.2-1.1.aarch64",
"product": {
"name": "kyverno-bash-completion-1.17.2-1.1.aarch64",
"product_id": "kyverno-bash-completion-1.17.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kyverno-fish-completion-1.17.2-1.1.aarch64",
"product": {
"name": "kyverno-fish-completion-1.17.2-1.1.aarch64",
"product_id": "kyverno-fish-completion-1.17.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kyverno-zsh-completion-1.17.2-1.1.aarch64",
"product": {
"name": "kyverno-zsh-completion-1.17.2-1.1.aarch64",
"product_id": "kyverno-zsh-completion-1.17.2-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kyverno-1.17.2-1.1.ppc64le",
"product": {
"name": "kyverno-1.17.2-1.1.ppc64le",
"product_id": "kyverno-1.17.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kyverno-bash-completion-1.17.2-1.1.ppc64le",
"product": {
"name": "kyverno-bash-completion-1.17.2-1.1.ppc64le",
"product_id": "kyverno-bash-completion-1.17.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kyverno-fish-completion-1.17.2-1.1.ppc64le",
"product": {
"name": "kyverno-fish-completion-1.17.2-1.1.ppc64le",
"product_id": "kyverno-fish-completion-1.17.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kyverno-zsh-completion-1.17.2-1.1.ppc64le",
"product": {
"name": "kyverno-zsh-completion-1.17.2-1.1.ppc64le",
"product_id": "kyverno-zsh-completion-1.17.2-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kyverno-1.17.2-1.1.s390x",
"product": {
"name": "kyverno-1.17.2-1.1.s390x",
"product_id": "kyverno-1.17.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kyverno-bash-completion-1.17.2-1.1.s390x",
"product": {
"name": "kyverno-bash-completion-1.17.2-1.1.s390x",
"product_id": "kyverno-bash-completion-1.17.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kyverno-fish-completion-1.17.2-1.1.s390x",
"product": {
"name": "kyverno-fish-completion-1.17.2-1.1.s390x",
"product_id": "kyverno-fish-completion-1.17.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kyverno-zsh-completion-1.17.2-1.1.s390x",
"product": {
"name": "kyverno-zsh-completion-1.17.2-1.1.s390x",
"product_id": "kyverno-zsh-completion-1.17.2-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kyverno-1.17.2-1.1.x86_64",
"product": {
"name": "kyverno-1.17.2-1.1.x86_64",
"product_id": "kyverno-1.17.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kyverno-bash-completion-1.17.2-1.1.x86_64",
"product": {
"name": "kyverno-bash-completion-1.17.2-1.1.x86_64",
"product_id": "kyverno-bash-completion-1.17.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kyverno-fish-completion-1.17.2-1.1.x86_64",
"product": {
"name": "kyverno-fish-completion-1.17.2-1.1.x86_64",
"product_id": "kyverno-fish-completion-1.17.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kyverno-zsh-completion-1.17.2-1.1.x86_64",
"product": {
"name": "kyverno-zsh-completion-1.17.2-1.1.x86_64",
"product_id": "kyverno-zsh-completion-1.17.2-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kyverno-1.17.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kyverno-1.17.2-1.1.aarch64"
},
"product_reference": "kyverno-1.17.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kyverno-1.17.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kyverno-1.17.2-1.1.ppc64le"
},
"product_reference": "kyverno-1.17.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kyverno-1.17.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kyverno-1.17.2-1.1.s390x"
},
"product_reference": "kyverno-1.17.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kyverno-1.17.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kyverno-1.17.2-1.1.x86_64"
},
"product_reference": "kyverno-1.17.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kyverno-bash-completion-1.17.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.aarch64"
},
"product_reference": "kyverno-bash-completion-1.17.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kyverno-bash-completion-1.17.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.ppc64le"
},
"product_reference": "kyverno-bash-completion-1.17.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kyverno-bash-completion-1.17.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.s390x"
},
"product_reference": "kyverno-bash-completion-1.17.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kyverno-bash-completion-1.17.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.x86_64"
},
"product_reference": "kyverno-bash-completion-1.17.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kyverno-fish-completion-1.17.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.aarch64"
},
"product_reference": "kyverno-fish-completion-1.17.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kyverno-fish-completion-1.17.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.ppc64le"
},
"product_reference": "kyverno-fish-completion-1.17.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kyverno-fish-completion-1.17.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.s390x"
},
"product_reference": "kyverno-fish-completion-1.17.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kyverno-fish-completion-1.17.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.x86_64"
},
"product_reference": "kyverno-fish-completion-1.17.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kyverno-zsh-completion-1.17.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.aarch64"
},
"product_reference": "kyverno-zsh-completion-1.17.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kyverno-zsh-completion-1.17.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.ppc64le"
},
"product_reference": "kyverno-zsh-completion-1.17.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kyverno-zsh-completion-1.17.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.s390x"
},
"product_reference": "kyverno-zsh-completion-1.17.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kyverno-zsh-completion-1.17.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.x86_64"
},
"product_reference": "kyverno-zsh-completion-1.17.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-1229",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-1229"
}
],
"notes": [
{
"category": "general",
"text": "The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas.\nECDH and ECDSA signing relying on this curve are not affected.\n\nThe bug was fixed in v1.6.3 https://github.com/cloudflare/circl/releases/tag/v1.6.3 .",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.x86_64",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.x86_64",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.x86_64",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-1229",
"url": "https://www.suse.com/security/cve/CVE-2026-1229"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.x86_64",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.x86_64",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.x86_64",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.x86_64",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.x86_64",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.x86_64",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-25T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2026-1229"
},
{
"cve": "CVE-2026-24051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-24051"
}
],
"notes": [
{
"category": "general",
"text": "OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking (Untrusted Search Paths) on macOS/Darwin systems. The resource detection code in sdk/resource/host_id.go executes the ioreg system command using a search path. An attacker with the ability to locally modify the PATH environment variable can achieve Arbitrary Code Execution (ACE) within the context of the application. A fix was released with v1.40.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.x86_64",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.x86_64",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.x86_64",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-24051",
"url": "https://www.suse.com/security/cve/CVE-2026-24051"
},
{
"category": "external",
"summary": "SUSE Bug 1259133 for CVE-2026-24051",
"url": "https://bugzilla.suse.com/1259133"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.x86_64",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.x86_64",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.x86_64",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-24051"
},
{
"cve": "CVE-2026-33186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33186"
}
],
"notes": [
{
"category": "general",
"text": "gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.x86_64",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.x86_64",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.x86_64",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33186",
"url": "https://www.suse.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "SUSE Bug 1260085 for CVE-2026-33186",
"url": "https://bugzilla.suse.com/1260085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.x86_64",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.x86_64",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.x86_64",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.x86_64",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.x86_64",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.x86_64",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33186"
},
{
"cve": "CVE-2026-34986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-34986"
}
],
"notes": [
{
"category": "general",
"text": "Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JWE) object will panic if the alg field indicates a key wrapping algorithm (one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW) and the encrypted_key field is empty. The panic happens when cipher.KeyUnwrap() in key_wrap.go attempts to allocate a slice with a zero or negative length based on the length of the encrypted_key. This code path is reachable from ParseEncrypted() / ParseEncryptedJSON() / ParseEncryptedCompact() followed by Decrypt() on the resulting object. Note that the parse functions take a list of accepted key algorithms. If the accepted key algorithms do not include any key wrapping algorithms, parsing will fail and the application will be unaffected. This panic is also reachable by calling cipher.KeyUnwrap() directly with any ciphertext parameter less than 16 bytes long, but calling this function directly is less common. Panics can lead to denial of service. This vulnerability is fixed in 4.1.4 and 3.0.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.x86_64",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.x86_64",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.x86_64",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-34986",
"url": "https://www.suse.com/security/cve/CVE-2026-34986"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.x86_64",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.x86_64",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.x86_64",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-34986"
},
{
"cve": "CVE-2026-4789",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-4789"
}
],
"notes": [
{
"category": "general",
"text": "Kyverno, versions 1.16.0 and later, are vulnerable to SSRF due to unrestricted CEL HTTP functions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.x86_64",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.x86_64",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.x86_64",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-4789",
"url": "https://www.suse.com/security/cve/CVE-2026-4789"
},
{
"category": "external",
"summary": "SUSE Bug 1261190 for CVE-2026-4789",
"url": "https://bugzilla.suse.com/1261190"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-1.17.2-1.1.x86_64",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-bash-completion-1.17.2-1.1.x86_64",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-fish-completion-1.17.2-1.1.x86_64",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.aarch64",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.ppc64le",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.s390x",
"openSUSE Tumbleweed:kyverno-zsh-completion-1.17.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-25T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2026-4789"
}
]
}
OPENSUSE-SU-2026:10803-1
Vulnerability from csaf_opensuse - Published: 2026-05-18 00:00 - Updated: 2026-05-18 00:00Summary
git-bug-0.10.1-4.1 on GA media
Severity
Moderate
Notes
Title of the patch: git-bug-0.10.1-4.1 on GA media
Description of the patch: These are all security issues fixed in the git-bug-0.10.1-4.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10803
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:git-bug-0.10.1-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-0.10.1-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-0.10.1-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-0.10.1-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:git-bug-0.10.1-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-0.10.1-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-0.10.1-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-0.10.1-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2026-1229/ | self |
| https://www.suse.com/security/cve/CVE-2026-41506/ | self |
| https://www.suse.com/security/cve/CVE-2026-1229 | external |
| https://bugzilla.suse.com/1265416 | external |
| https://www.suse.com/security/cve/CVE-2026-41506 | external |
| https://bugzilla.suse.com/1264854 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "git-bug-0.10.1-4.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the git-bug-0.10.1-4.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10803",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10803-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-1229 page",
"url": "https://www.suse.com/security/cve/CVE-2026-1229/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41506 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41506/"
}
],
"title": "git-bug-0.10.1-4.1 on GA media",
"tracking": {
"current_release_date": "2026-05-18T00:00:00Z",
"generator": {
"date": "2026-05-18T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10803-1",
"initial_release_date": "2026-05-18T00:00:00Z",
"revision_history": [
{
"date": "2026-05-18T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "git-bug-0.10.1-4.1.aarch64",
"product": {
"name": "git-bug-0.10.1-4.1.aarch64",
"product_id": "git-bug-0.10.1-4.1.aarch64"
}
},
{
"category": "product_version",
"name": "git-bug-bash-completion-0.10.1-4.1.aarch64",
"product": {
"name": "git-bug-bash-completion-0.10.1-4.1.aarch64",
"product_id": "git-bug-bash-completion-0.10.1-4.1.aarch64"
}
},
{
"category": "product_version",
"name": "git-bug-fish-completion-0.10.1-4.1.aarch64",
"product": {
"name": "git-bug-fish-completion-0.10.1-4.1.aarch64",
"product_id": "git-bug-fish-completion-0.10.1-4.1.aarch64"
}
},
{
"category": "product_version",
"name": "git-bug-zsh-completion-0.10.1-4.1.aarch64",
"product": {
"name": "git-bug-zsh-completion-0.10.1-4.1.aarch64",
"product_id": "git-bug-zsh-completion-0.10.1-4.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "git-bug-0.10.1-4.1.ppc64le",
"product": {
"name": "git-bug-0.10.1-4.1.ppc64le",
"product_id": "git-bug-0.10.1-4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "git-bug-bash-completion-0.10.1-4.1.ppc64le",
"product": {
"name": "git-bug-bash-completion-0.10.1-4.1.ppc64le",
"product_id": "git-bug-bash-completion-0.10.1-4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "git-bug-fish-completion-0.10.1-4.1.ppc64le",
"product": {
"name": "git-bug-fish-completion-0.10.1-4.1.ppc64le",
"product_id": "git-bug-fish-completion-0.10.1-4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "git-bug-zsh-completion-0.10.1-4.1.ppc64le",
"product": {
"name": "git-bug-zsh-completion-0.10.1-4.1.ppc64le",
"product_id": "git-bug-zsh-completion-0.10.1-4.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "git-bug-0.10.1-4.1.s390x",
"product": {
"name": "git-bug-0.10.1-4.1.s390x",
"product_id": "git-bug-0.10.1-4.1.s390x"
}
},
{
"category": "product_version",
"name": "git-bug-bash-completion-0.10.1-4.1.s390x",
"product": {
"name": "git-bug-bash-completion-0.10.1-4.1.s390x",
"product_id": "git-bug-bash-completion-0.10.1-4.1.s390x"
}
},
{
"category": "product_version",
"name": "git-bug-fish-completion-0.10.1-4.1.s390x",
"product": {
"name": "git-bug-fish-completion-0.10.1-4.1.s390x",
"product_id": "git-bug-fish-completion-0.10.1-4.1.s390x"
}
},
{
"category": "product_version",
"name": "git-bug-zsh-completion-0.10.1-4.1.s390x",
"product": {
"name": "git-bug-zsh-completion-0.10.1-4.1.s390x",
"product_id": "git-bug-zsh-completion-0.10.1-4.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "git-bug-0.10.1-4.1.x86_64",
"product": {
"name": "git-bug-0.10.1-4.1.x86_64",
"product_id": "git-bug-0.10.1-4.1.x86_64"
}
},
{
"category": "product_version",
"name": "git-bug-bash-completion-0.10.1-4.1.x86_64",
"product": {
"name": "git-bug-bash-completion-0.10.1-4.1.x86_64",
"product_id": "git-bug-bash-completion-0.10.1-4.1.x86_64"
}
},
{
"category": "product_version",
"name": "git-bug-fish-completion-0.10.1-4.1.x86_64",
"product": {
"name": "git-bug-fish-completion-0.10.1-4.1.x86_64",
"product_id": "git-bug-fish-completion-0.10.1-4.1.x86_64"
}
},
{
"category": "product_version",
"name": "git-bug-zsh-completion-0.10.1-4.1.x86_64",
"product": {
"name": "git-bug-zsh-completion-0.10.1-4.1.x86_64",
"product_id": "git-bug-zsh-completion-0.10.1-4.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "git-bug-0.10.1-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-bug-0.10.1-4.1.aarch64"
},
"product_reference": "git-bug-0.10.1-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-bug-0.10.1-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-bug-0.10.1-4.1.ppc64le"
},
"product_reference": "git-bug-0.10.1-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-bug-0.10.1-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-bug-0.10.1-4.1.s390x"
},
"product_reference": "git-bug-0.10.1-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-bug-0.10.1-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-bug-0.10.1-4.1.x86_64"
},
"product_reference": "git-bug-0.10.1-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-bug-bash-completion-0.10.1-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-4.1.aarch64"
},
"product_reference": "git-bug-bash-completion-0.10.1-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-bug-bash-completion-0.10.1-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-4.1.ppc64le"
},
"product_reference": "git-bug-bash-completion-0.10.1-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-bug-bash-completion-0.10.1-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-4.1.s390x"
},
"product_reference": "git-bug-bash-completion-0.10.1-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-bug-bash-completion-0.10.1-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-4.1.x86_64"
},
"product_reference": "git-bug-bash-completion-0.10.1-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-bug-fish-completion-0.10.1-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-4.1.aarch64"
},
"product_reference": "git-bug-fish-completion-0.10.1-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-bug-fish-completion-0.10.1-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-4.1.ppc64le"
},
"product_reference": "git-bug-fish-completion-0.10.1-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-bug-fish-completion-0.10.1-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-4.1.s390x"
},
"product_reference": "git-bug-fish-completion-0.10.1-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-bug-fish-completion-0.10.1-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-4.1.x86_64"
},
"product_reference": "git-bug-fish-completion-0.10.1-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-bug-zsh-completion-0.10.1-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-4.1.aarch64"
},
"product_reference": "git-bug-zsh-completion-0.10.1-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-bug-zsh-completion-0.10.1-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-4.1.ppc64le"
},
"product_reference": "git-bug-zsh-completion-0.10.1-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-bug-zsh-completion-0.10.1-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-4.1.s390x"
},
"product_reference": "git-bug-zsh-completion-0.10.1-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-bug-zsh-completion-0.10.1-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-4.1.x86_64"
},
"product_reference": "git-bug-zsh-completion-0.10.1-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-1229",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-1229"
}
],
"notes": [
{
"category": "general",
"text": "The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas.\nECDH and ECDSA signing relying on this curve are not affected.\n\nThe bug was fixed in v1.6.3 https://github.com/cloudflare/circl/releases/tag/v1.6.3 .",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:git-bug-0.10.1-4.1.aarch64",
"openSUSE Tumbleweed:git-bug-0.10.1-4.1.ppc64le",
"openSUSE Tumbleweed:git-bug-0.10.1-4.1.s390x",
"openSUSE Tumbleweed:git-bug-0.10.1-4.1.x86_64",
"openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-4.1.aarch64",
"openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-4.1.ppc64le",
"openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-4.1.s390x",
"openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-4.1.x86_64",
"openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-4.1.aarch64",
"openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-4.1.ppc64le",
"openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-4.1.s390x",
"openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-4.1.x86_64",
"openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-4.1.aarch64",
"openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-4.1.ppc64le",
"openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-4.1.s390x",
"openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-1229",
"url": "https://www.suse.com/security/cve/CVE-2026-1229"
},
{
"category": "external",
"summary": "SUSE Bug 1265416 for CVE-2026-1229",
"url": "https://bugzilla.suse.com/1265416"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:git-bug-0.10.1-4.1.aarch64",
"openSUSE Tumbleweed:git-bug-0.10.1-4.1.ppc64le",
"openSUSE Tumbleweed:git-bug-0.10.1-4.1.s390x",
"openSUSE Tumbleweed:git-bug-0.10.1-4.1.x86_64",
"openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-4.1.aarch64",
"openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-4.1.ppc64le",
"openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-4.1.s390x",
"openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-4.1.x86_64",
"openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-4.1.aarch64",
"openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-4.1.ppc64le",
"openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-4.1.s390x",
"openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-4.1.x86_64",
"openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-4.1.aarch64",
"openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-4.1.ppc64le",
"openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-4.1.s390x",
"openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:git-bug-0.10.1-4.1.aarch64",
"openSUSE Tumbleweed:git-bug-0.10.1-4.1.ppc64le",
"openSUSE Tumbleweed:git-bug-0.10.1-4.1.s390x",
"openSUSE Tumbleweed:git-bug-0.10.1-4.1.x86_64",
"openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-4.1.aarch64",
"openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-4.1.ppc64le",
"openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-4.1.s390x",
"openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-4.1.x86_64",
"openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-4.1.aarch64",
"openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-4.1.ppc64le",
"openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-4.1.s390x",
"openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-4.1.x86_64",
"openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-4.1.aarch64",
"openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-4.1.ppc64le",
"openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-4.1.s390x",
"openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-1229"
},
{
"cve": "CVE-2026-41506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41506"
}
],
"notes": [
{
"category": "general",
"text": "go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:git-bug-0.10.1-4.1.aarch64",
"openSUSE Tumbleweed:git-bug-0.10.1-4.1.ppc64le",
"openSUSE Tumbleweed:git-bug-0.10.1-4.1.s390x",
"openSUSE Tumbleweed:git-bug-0.10.1-4.1.x86_64",
"openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-4.1.aarch64",
"openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-4.1.ppc64le",
"openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-4.1.s390x",
"openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-4.1.x86_64",
"openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-4.1.aarch64",
"openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-4.1.ppc64le",
"openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-4.1.s390x",
"openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-4.1.x86_64",
"openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-4.1.aarch64",
"openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-4.1.ppc64le",
"openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-4.1.s390x",
"openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41506",
"url": "https://www.suse.com/security/cve/CVE-2026-41506"
},
{
"category": "external",
"summary": "SUSE Bug 1264854 for CVE-2026-41506",
"url": "https://bugzilla.suse.com/1264854"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:git-bug-0.10.1-4.1.aarch64",
"openSUSE Tumbleweed:git-bug-0.10.1-4.1.ppc64le",
"openSUSE Tumbleweed:git-bug-0.10.1-4.1.s390x",
"openSUSE Tumbleweed:git-bug-0.10.1-4.1.x86_64",
"openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-4.1.aarch64",
"openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-4.1.ppc64le",
"openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-4.1.s390x",
"openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-4.1.x86_64",
"openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-4.1.aarch64",
"openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-4.1.ppc64le",
"openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-4.1.s390x",
"openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-4.1.x86_64",
"openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-4.1.aarch64",
"openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-4.1.ppc64le",
"openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-4.1.s390x",
"openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:git-bug-0.10.1-4.1.aarch64",
"openSUSE Tumbleweed:git-bug-0.10.1-4.1.ppc64le",
"openSUSE Tumbleweed:git-bug-0.10.1-4.1.s390x",
"openSUSE Tumbleweed:git-bug-0.10.1-4.1.x86_64",
"openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-4.1.aarch64",
"openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-4.1.ppc64le",
"openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-4.1.s390x",
"openSUSE Tumbleweed:git-bug-bash-completion-0.10.1-4.1.x86_64",
"openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-4.1.aarch64",
"openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-4.1.ppc64le",
"openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-4.1.s390x",
"openSUSE Tumbleweed:git-bug-fish-completion-0.10.1-4.1.x86_64",
"openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-4.1.aarch64",
"openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-4.1.ppc64le",
"openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-4.1.s390x",
"openSUSE Tumbleweed:git-bug-zsh-completion-0.10.1-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-41506"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…