Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-22870 (GCVE-0-2025-22870)
Vulnerability from cvelistv5 – Published: 2025-03-12 18:27 – Updated: 2026-04-16 22:39
VLAI
EPSS
VEX
Title
HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net
Summary
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.
Severity
4.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-115 Misinterpretation of Input
- CWE-115 - Misinterpretation of Input
Assigner
References
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | net/http |
Affected:
0 , < 1.23.7
(semver)
Affected: 1.24.0-0 , < 1.24.1 (semver) |
|
| golang.org/x/net | golang.org/x/net/http/httpproxy |
Affected:
0 , < 0.36.0
(semver)
|
|
| golang.org/x/net | golang.org/x/net/proxy |
Affected:
0 , < 0.36.0
(semver)
|
Credits
Juho Forsén of Mattermost
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-05-09T20:03:37.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/03/07/2"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250509-0007/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-22870",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-18T16:31:16.493335Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-115",
"description": "CWE-115 Misinterpretation of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T16:32:14.847Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "net/http",
"product": "net/http",
"programRoutines": [
{
"name": "envProxyFunc"
},
{
"name": "ProxyFromEnvironment"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.23.7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.24.1",
"status": "affected",
"version": "1.24.0-0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "golang.org/x/net/http/httpproxy",
"product": "golang.org/x/net/http/httpproxy",
"programRoutines": [
{
"name": "config.useProxy"
},
{
"name": "domainMatch.match"
}
],
"vendor": "golang.org/x/net",
"versions": [
{
"lessThan": "0.36.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "golang.org/x/net/proxy",
"product": "golang.org/x/net/proxy",
"programRoutines": [
{
"name": "PerHost.dialerForRequest"
},
{
"name": "PerHost.AddFromString"
},
{
"name": "Dial"
},
{
"name": "FromEnvironment"
},
{
"name": "FromEnvironmentUsing"
},
{
"name": "PerHost.Dial"
},
{
"name": "PerHost.DialContext"
}
],
"vendor": "golang.org/x/net",
"versions": [
{
"lessThan": "0.36.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Juho Fors\u00e9n of Mattermost"
}
],
"descriptions": [
{
"lang": "en",
"value": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-115 Misinterpretation of Input",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T22:39:33.619Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/cl/654697"
},
{
"url": "https://go.dev/issue/71984"
},
{
"url": "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ"
},
{
"url": "https://pkg.go.dev/vuln/GO-2025-3503"
}
],
"title": "HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2025-22870",
"datePublished": "2025-03-12T18:27:59.376Z",
"dateReserved": "2025-01-08T19:11:42.834Z",
"dateUpdated": "2026-04-16T22:39:33.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-22870",
"date": "2026-07-13",
"epss": "0.00384",
"percentile": "0.30475"
},
"microsoft_vex": {
"current_release_date": "2026-02-18T02:16:11.000Z",
"cve": "CVE-2025-22870",
"id": "msrc_CVE-2025-22870",
"initial_release_date": "2025-03-02T00:00:00.000Z",
"product_status:fixed": "28",
"product_status:known_affected": "29",
"product_status:known_not_affected": "10",
"source": "Microsoft CSAF VEX",
"status": "final",
"title": "HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-22870.json",
"version": "12"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-22870\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2025-03-12T19:15:38.310\",\"lastModified\":\"2026-06-17T08:50:40.640\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \\\"*.example.com\\\", a request to \\\"[::1%25.example.com]:80` will incorrectly match and not be proxied.\"},{\"lang\":\"es\",\"value\":\"La coincidencia de hosts con patrones de proxy puede tratar incorrectamente un ID de zona IPv6 como un componente de nombre de host. Por ejemplo, si la variable de entorno NO_PROXY se establece en \\\"*.example.com\\\", una solicitud a \\\"[::1%25.example.com]:80` coincidir\u00e1 incorrectamente y no se procesar\u00e1 mediante proxy.\"}],\"affected\":[{\"source\":\"security@golang.org\",\"affectedData\":[{\"vendor\":\"Go standard library\",\"product\":\"net/http\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://pkg.go.dev\",\"packageName\":\"net/http\",\"programRoutines\":[{\"name\":\"envProxyFunc\"},{\"name\":\"ProxyFromEnvironment\"}],\"versions\":[{\"version\":\"0\",\"lessThan\":\"1.23.7\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"1.24.0-0\",\"lessThan\":\"1.24.1\",\"versionType\":\"semver\",\"status\":\"affected\"}]},{\"vendor\":\"golang.org/x/net\",\"product\":\"golang.org/x/net/http/httpproxy\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://pkg.go.dev\",\"packageName\":\"golang.org/x/net/http/httpproxy\",\"programRoutines\":[{\"name\":\"config.useProxy\"},{\"name\":\"domainMatch.match\"}],\"versions\":[{\"version\":\"0\",\"lessThan\":\"0.36.0\",\"versionType\":\"semver\",\"status\":\"affected\"}]},{\"vendor\":\"golang.org/x/net\",\"product\":\"golang.org/x/net/proxy\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://pkg.go.dev\",\"packageName\":\"golang.org/x/net/proxy\",\"programRoutines\":[{\"name\":\"PerHost.dialerForRequest\"},{\"name\":\"PerHost.AddFromString\"},{\"name\":\"Dial\"},{\"name\":\"FromEnvironment\"},{\"name\":\"FromEnvironmentUsing\"},{\"name\":\"PerHost.Dial\"},{\"name\":\"PerHost.DialContext\"}],\"versions\":[{\"version\":\"0\",\"lessThan\":\"0.36.0\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.8,\"impactScore\":2.5}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-03-18T16:31:16.493335Z\",\"id\":\"CVE-2025-22870\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-115\"}]}],\"references\":[{\"url\":\"https://go.dev/cl/654697\",\"source\":\"security@golang.org\"},{\"url\":\"https://go.dev/issue/71984\",\"source\":\"security@golang.org\"},{\"url\":\"https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ\",\"source\":\"security@golang.org\"},{\"url\":\"https://pkg.go.dev/vuln/GO-2025-3503\",\"source\":\"security@golang.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/03/07/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20250509-0007/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"redhat_vex": {
"aggregate_severity": "Moderate",
"current_release_date": "2026-07-09T15:13:53+00:00",
"cve": "CVE-2025-22870",
"id": "CVE-2025-22870",
"initial_release_date": "2025-03-12T18:27:59.376000+00:00",
"product_status:fixed": "329",
"product_status:known_affected": "604",
"product_status:known_not_affected": "105",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22870.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2025/03/07/2\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20250509-0007/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-05-09T20:03:37.043Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-22870\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-18T16:31:16.493335Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-115\", \"description\": \"CWE-115 Misinterpretation of Input\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-18T16:31:44.113Z\"}}], \"cna\": {\"title\": \"HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net\", \"credits\": [{\"lang\": \"en\", \"value\": \"Juho Fors\\u00e9n of Mattermost\"}], \"affected\": [{\"vendor\": \"Go standard library\", \"product\": \"net/http\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.23.7\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.24.0-0\", \"lessThan\": \"1.24.1\", \"versionType\": \"semver\"}], \"packageName\": \"net/http\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"envProxyFunc\"}, {\"name\": \"ProxyFromEnvironment\"}]}, {\"vendor\": \"golang.org/x/net\", \"product\": \"golang.org/x/net/http/httpproxy\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"0.36.0\", \"versionType\": \"semver\"}], \"packageName\": \"golang.org/x/net/http/httpproxy\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"config.useProxy\"}, {\"name\": \"domainMatch.match\"}]}, {\"vendor\": \"golang.org/x/net\", \"product\": \"golang.org/x/net/proxy\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"0.36.0\", \"versionType\": \"semver\"}], \"packageName\": \"golang.org/x/net/proxy\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"PerHost.dialerForRequest\"}, {\"name\": \"PerHost.AddFromString\"}, {\"name\": \"Dial\"}, {\"name\": \"FromEnvironment\"}, {\"name\": \"FromEnvironmentUsing\"}, {\"name\": \"PerHost.Dial\"}, {\"name\": \"PerHost.DialContext\"}]}], \"references\": [{\"url\": \"https://go.dev/cl/654697\"}, {\"url\": \"https://go.dev/issue/71984\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2025-3503\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \\\"*.example.com\\\", a request to \\\"[::1%25.example.com]:80` will incorrectly match and not be proxied.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-115 Misinterpretation of Input\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2026-04-16T22:39:33.619Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-22870\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-16T22:39:33.619Z\", \"dateReserved\": \"2025-01-08T19:11:42.834Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2025-03-12T18:27:59.376Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
OPENSUSE-SU-2025:15041-1
Vulnerability from csaf_opensuse - Published: 2025-04-30 00:00 - Updated: 2025-04-30 00:00Summary
golang-github-prometheus-node_exporter-1.9.1-2.1 on GA media
Severity
Moderate
Notes
Title of the patch: golang-github-prometheus-node_exporter-1.9.1-2.1 on GA media
Description of the patch: These are all security issues fixed in the golang-github-prometheus-node_exporter-1.9.1-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15041
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.4 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.9.1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.9.1-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.9.1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.9.1-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
6 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "golang-github-prometheus-node_exporter-1.9.1-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the golang-github-prometheus-node_exporter-1.9.1-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15041",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15041-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22870/"
}
],
"title": "golang-github-prometheus-node_exporter-1.9.1-2.1 on GA media",
"tracking": {
"current_release_date": "2025-04-30T00:00:00Z",
"generator": {
"date": "2025-04-30T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15041-1",
"initial_release_date": "2025-04-30T00:00:00Z",
"revision_history": [
{
"date": "2025-04-30T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-1.9.1-2.1.aarch64",
"product": {
"name": "golang-github-prometheus-node_exporter-1.9.1-2.1.aarch64",
"product_id": "golang-github-prometheus-node_exporter-1.9.1-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-1.9.1-2.1.ppc64le",
"product": {
"name": "golang-github-prometheus-node_exporter-1.9.1-2.1.ppc64le",
"product_id": "golang-github-prometheus-node_exporter-1.9.1-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-1.9.1-2.1.s390x",
"product": {
"name": "golang-github-prometheus-node_exporter-1.9.1-2.1.s390x",
"product_id": "golang-github-prometheus-node_exporter-1.9.1-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-1.9.1-2.1.x86_64",
"product": {
"name": "golang-github-prometheus-node_exporter-1.9.1-2.1.x86_64",
"product_id": "golang-github-prometheus-node_exporter-1.9.1-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.9.1-2.1.aarch64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.9.1-2.1.ppc64le"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.9.1-2.1.s390x"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.9.1-2.1.x86_64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22870"
}
],
"notes": [
{
"category": "general",
"text": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.9.1-2.1.aarch64",
"openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.9.1-2.1.ppc64le",
"openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.9.1-2.1.s390x",
"openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.9.1-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22870",
"url": "https://www.suse.com/security/cve/CVE-2025-22870"
},
{
"category": "external",
"summary": "SUSE Bug 1238572 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238572"
},
{
"category": "external",
"summary": "SUSE Bug 1238611 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.9.1-2.1.aarch64",
"openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.9.1-2.1.ppc64le",
"openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.9.1-2.1.s390x",
"openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.9.1-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.9.1-2.1.aarch64",
"openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.9.1-2.1.ppc64le",
"openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.9.1-2.1.s390x",
"openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.9.1-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-30T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-22870"
}
]
}
OPENSUSE-SU-2025:15054-1
Vulnerability from csaf_opensuse - Published: 2025-05-05 00:00 - Updated: 2025-05-05 00:00Summary
rclone-1.69.2-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: rclone-1.69.2-1.1 on GA media
Description of the patch: These are all security issues fixed in the rclone-1.69.2-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15054
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.69.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.69.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.69.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.69.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.4 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.69.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.69.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.69.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.69.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.69.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.69.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.69.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.69.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
13 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "rclone-1.69.2-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the rclone-1.69.2-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15054",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15054-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-30204 page",
"url": "https://www.suse.com/security/cve/CVE-2025-30204/"
}
],
"title": "rclone-1.69.2-1.1 on GA media",
"tracking": {
"current_release_date": "2025-05-05T00:00:00Z",
"generator": {
"date": "2025-05-05T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15054-1",
"initial_release_date": "2025-05-05T00:00:00Z",
"revision_history": [
{
"date": "2025-05-05T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rclone-1.69.2-1.1.aarch64",
"product": {
"name": "rclone-1.69.2-1.1.aarch64",
"product_id": "rclone-1.69.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "rclone-bash-completion-1.69.2-1.1.aarch64",
"product": {
"name": "rclone-bash-completion-1.69.2-1.1.aarch64",
"product_id": "rclone-bash-completion-1.69.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "rclone-zsh-completion-1.69.2-1.1.aarch64",
"product": {
"name": "rclone-zsh-completion-1.69.2-1.1.aarch64",
"product_id": "rclone-zsh-completion-1.69.2-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rclone-1.69.2-1.1.ppc64le",
"product": {
"name": "rclone-1.69.2-1.1.ppc64le",
"product_id": "rclone-1.69.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rclone-bash-completion-1.69.2-1.1.ppc64le",
"product": {
"name": "rclone-bash-completion-1.69.2-1.1.ppc64le",
"product_id": "rclone-bash-completion-1.69.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rclone-zsh-completion-1.69.2-1.1.ppc64le",
"product": {
"name": "rclone-zsh-completion-1.69.2-1.1.ppc64le",
"product_id": "rclone-zsh-completion-1.69.2-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rclone-1.69.2-1.1.s390x",
"product": {
"name": "rclone-1.69.2-1.1.s390x",
"product_id": "rclone-1.69.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "rclone-bash-completion-1.69.2-1.1.s390x",
"product": {
"name": "rclone-bash-completion-1.69.2-1.1.s390x",
"product_id": "rclone-bash-completion-1.69.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "rclone-zsh-completion-1.69.2-1.1.s390x",
"product": {
"name": "rclone-zsh-completion-1.69.2-1.1.s390x",
"product_id": "rclone-zsh-completion-1.69.2-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rclone-1.69.2-1.1.x86_64",
"product": {
"name": "rclone-1.69.2-1.1.x86_64",
"product_id": "rclone-1.69.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "rclone-bash-completion-1.69.2-1.1.x86_64",
"product": {
"name": "rclone-bash-completion-1.69.2-1.1.x86_64",
"product_id": "rclone-bash-completion-1.69.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "rclone-zsh-completion-1.69.2-1.1.x86_64",
"product": {
"name": "rclone-zsh-completion-1.69.2-1.1.x86_64",
"product_id": "rclone-zsh-completion-1.69.2-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-1.69.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-1.69.2-1.1.aarch64"
},
"product_reference": "rclone-1.69.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-1.69.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-1.69.2-1.1.ppc64le"
},
"product_reference": "rclone-1.69.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-1.69.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-1.69.2-1.1.s390x"
},
"product_reference": "rclone-1.69.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-1.69.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-1.69.2-1.1.x86_64"
},
"product_reference": "rclone-1.69.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-bash-completion-1.69.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.aarch64"
},
"product_reference": "rclone-bash-completion-1.69.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-bash-completion-1.69.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.ppc64le"
},
"product_reference": "rclone-bash-completion-1.69.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-bash-completion-1.69.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.s390x"
},
"product_reference": "rclone-bash-completion-1.69.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-bash-completion-1.69.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.x86_64"
},
"product_reference": "rclone-bash-completion-1.69.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-zsh-completion-1.69.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.aarch64"
},
"product_reference": "rclone-zsh-completion-1.69.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-zsh-completion-1.69.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.ppc64le"
},
"product_reference": "rclone-zsh-completion-1.69.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-zsh-completion-1.69.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.s390x"
},
"product_reference": "rclone-zsh-completion-1.69.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-zsh-completion-1.69.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.x86_64"
},
"product_reference": "rclone-zsh-completion-1.69.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22869"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.69.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.69.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.69.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.69.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22869",
"url": "https://www.suse.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "SUSE Bug 1239322 for CVE-2025-22869",
"url": "https://bugzilla.suse.com/1239322"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.69.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.69.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.69.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.69.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rclone-1.69.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.69.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.69.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.69.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-05T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-22869"
},
{
"cve": "CVE-2025-22870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22870"
}
],
"notes": [
{
"category": "general",
"text": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.69.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.69.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.69.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.69.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22870",
"url": "https://www.suse.com/security/cve/CVE-2025-22870"
},
{
"category": "external",
"summary": "SUSE Bug 1238572 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238572"
},
{
"category": "external",
"summary": "SUSE Bug 1238611 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.69.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.69.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.69.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.69.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rclone-1.69.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.69.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.69.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.69.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-05T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-22870"
},
{
"cve": "CVE-2025-30204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-30204"
}
],
"notes": [
{
"category": "general",
"text": "golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function\u0027s argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.69.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.69.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.69.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.69.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-30204",
"url": "https://www.suse.com/security/cve/CVE-2025-30204"
},
{
"category": "external",
"summary": "SUSE Bug 1240441 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240441"
},
{
"category": "external",
"summary": "SUSE Bug 1240442 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.69.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.69.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.69.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.69.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rclone-1.69.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.69.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.69.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.69.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.69.2-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.69.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-05T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-30204"
}
]
}
OPENSUSE-SU-2025:15145-1
Vulnerability from csaf_opensuse - Published: 2025-05-22 00:00 - Updated: 2025-05-22 00:00Summary
grafana-11.6.1-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: grafana-11.6.1-1.1 on GA media
Description of the patch: These are all security issues fixed in the grafana-11.6.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15145
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:grafana-11.6.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-11.6.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-11.6.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-11.6.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:grafana-11.6.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-11.6.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-11.6.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-11.6.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "grafana-11.6.1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the grafana-11.6.1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15145",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15145-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:15145-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QLZDGCKYKLU6M3753VM7UMQPAHBYR63F/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:15145-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QLZDGCKYKLU6M3753VM7UMQPAHBYR63F/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45288 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45288/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22870/"
}
],
"title": "grafana-11.6.1-1.1 on GA media",
"tracking": {
"current_release_date": "2025-05-22T00:00:00Z",
"generator": {
"date": "2025-05-22T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15145-1",
"initial_release_date": "2025-05-22T00:00:00Z",
"revision_history": [
{
"date": "2025-05-22T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "grafana-11.6.1-1.1.aarch64",
"product": {
"name": "grafana-11.6.1-1.1.aarch64",
"product_id": "grafana-11.6.1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-11.6.1-1.1.ppc64le",
"product": {
"name": "grafana-11.6.1-1.1.ppc64le",
"product_id": "grafana-11.6.1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-11.6.1-1.1.s390x",
"product": {
"name": "grafana-11.6.1-1.1.s390x",
"product_id": "grafana-11.6.1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-11.6.1-1.1.x86_64",
"product": {
"name": "grafana-11.6.1-1.1.x86_64",
"product_id": "grafana-11.6.1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-11.6.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grafana-11.6.1-1.1.aarch64"
},
"product_reference": "grafana-11.6.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-11.6.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grafana-11.6.1-1.1.ppc64le"
},
"product_reference": "grafana-11.6.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-11.6.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grafana-11.6.1-1.1.s390x"
},
"product_reference": "grafana-11.6.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-11.6.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grafana-11.6.1-1.1.x86_64"
},
"product_reference": "grafana-11.6.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45288"
}
],
"notes": [
{
"category": "general",
"text": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request\u0027s headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:grafana-11.6.1-1.1.aarch64",
"openSUSE Tumbleweed:grafana-11.6.1-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-11.6.1-1.1.s390x",
"openSUSE Tumbleweed:grafana-11.6.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45288",
"url": "https://www.suse.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "SUSE Bug 1221400 for CVE-2023-45288",
"url": "https://bugzilla.suse.com/1221400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:grafana-11.6.1-1.1.aarch64",
"openSUSE Tumbleweed:grafana-11.6.1-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-11.6.1-1.1.s390x",
"openSUSE Tumbleweed:grafana-11.6.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:grafana-11.6.1-1.1.aarch64",
"openSUSE Tumbleweed:grafana-11.6.1-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-11.6.1-1.1.s390x",
"openSUSE Tumbleweed:grafana-11.6.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-22T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-45288"
},
{
"cve": "CVE-2025-22870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22870"
}
],
"notes": [
{
"category": "general",
"text": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:grafana-11.6.1-1.1.aarch64",
"openSUSE Tumbleweed:grafana-11.6.1-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-11.6.1-1.1.s390x",
"openSUSE Tumbleweed:grafana-11.6.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22870",
"url": "https://www.suse.com/security/cve/CVE-2025-22870"
},
{
"category": "external",
"summary": "SUSE Bug 1238572 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238572"
},
{
"category": "external",
"summary": "SUSE Bug 1238611 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:grafana-11.6.1-1.1.aarch64",
"openSUSE Tumbleweed:grafana-11.6.1-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-11.6.1-1.1.s390x",
"openSUSE Tumbleweed:grafana-11.6.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:grafana-11.6.1-1.1.aarch64",
"openSUSE Tumbleweed:grafana-11.6.1-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-11.6.1-1.1.s390x",
"openSUSE Tumbleweed:grafana-11.6.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-22T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-22870"
}
]
}
OPENSUSE-SU-2025:15162-1
Vulnerability from csaf_opensuse - Published: 2025-05-26 00:00 - Updated: 2025-05-26 00:00Summary
prometheus-blackbox_exporter-0.24.0-3.1 on GA media
Severity
Moderate
Notes
Title of the patch: prometheus-blackbox_exporter-0.24.0-3.1 on GA media
Description of the patch: These are all security issues fixed in the prometheus-blackbox_exporter-0.24.0-3.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15162
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:prometheus-blackbox_exporter-0.24.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:prometheus-blackbox_exporter-0.24.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:prometheus-blackbox_exporter-0.24.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:prometheus-blackbox_exporter-0.24.0-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:prometheus-blackbox_exporter-0.24.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:prometheus-blackbox_exporter-0.24.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:prometheus-blackbox_exporter-0.24.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:prometheus-blackbox_exporter-0.24.0-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "prometheus-blackbox_exporter-0.24.0-3.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the prometheus-blackbox_exporter-0.24.0-3.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15162",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15162-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:15162-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KHSZPRYNEYI2KIIJZMPPNQRPAMZ5ILGP/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:15162-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KHSZPRYNEYI2KIIJZMPPNQRPAMZ5ILGP/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45288 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45288/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22870/"
}
],
"title": "prometheus-blackbox_exporter-0.24.0-3.1 on GA media",
"tracking": {
"current_release_date": "2025-05-26T00:00:00Z",
"generator": {
"date": "2025-05-26T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15162-1",
"initial_release_date": "2025-05-26T00:00:00Z",
"revision_history": [
{
"date": "2025-05-26T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "prometheus-blackbox_exporter-0.24.0-3.1.aarch64",
"product": {
"name": "prometheus-blackbox_exporter-0.24.0-3.1.aarch64",
"product_id": "prometheus-blackbox_exporter-0.24.0-3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "prometheus-blackbox_exporter-0.24.0-3.1.ppc64le",
"product": {
"name": "prometheus-blackbox_exporter-0.24.0-3.1.ppc64le",
"product_id": "prometheus-blackbox_exporter-0.24.0-3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "prometheus-blackbox_exporter-0.24.0-3.1.s390x",
"product": {
"name": "prometheus-blackbox_exporter-0.24.0-3.1.s390x",
"product_id": "prometheus-blackbox_exporter-0.24.0-3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "prometheus-blackbox_exporter-0.24.0-3.1.x86_64",
"product": {
"name": "prometheus-blackbox_exporter-0.24.0-3.1.x86_64",
"product_id": "prometheus-blackbox_exporter-0.24.0-3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.24.0-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:prometheus-blackbox_exporter-0.24.0-3.1.aarch64"
},
"product_reference": "prometheus-blackbox_exporter-0.24.0-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.24.0-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:prometheus-blackbox_exporter-0.24.0-3.1.ppc64le"
},
"product_reference": "prometheus-blackbox_exporter-0.24.0-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.24.0-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:prometheus-blackbox_exporter-0.24.0-3.1.s390x"
},
"product_reference": "prometheus-blackbox_exporter-0.24.0-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.24.0-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:prometheus-blackbox_exporter-0.24.0-3.1.x86_64"
},
"product_reference": "prometheus-blackbox_exporter-0.24.0-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45288"
}
],
"notes": [
{
"category": "general",
"text": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request\u0027s headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:prometheus-blackbox_exporter-0.24.0-3.1.aarch64",
"openSUSE Tumbleweed:prometheus-blackbox_exporter-0.24.0-3.1.ppc64le",
"openSUSE Tumbleweed:prometheus-blackbox_exporter-0.24.0-3.1.s390x",
"openSUSE Tumbleweed:prometheus-blackbox_exporter-0.24.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45288",
"url": "https://www.suse.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "SUSE Bug 1221400 for CVE-2023-45288",
"url": "https://bugzilla.suse.com/1221400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:prometheus-blackbox_exporter-0.24.0-3.1.aarch64",
"openSUSE Tumbleweed:prometheus-blackbox_exporter-0.24.0-3.1.ppc64le",
"openSUSE Tumbleweed:prometheus-blackbox_exporter-0.24.0-3.1.s390x",
"openSUSE Tumbleweed:prometheus-blackbox_exporter-0.24.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:prometheus-blackbox_exporter-0.24.0-3.1.aarch64",
"openSUSE Tumbleweed:prometheus-blackbox_exporter-0.24.0-3.1.ppc64le",
"openSUSE Tumbleweed:prometheus-blackbox_exporter-0.24.0-3.1.s390x",
"openSUSE Tumbleweed:prometheus-blackbox_exporter-0.24.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-26T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-45288"
},
{
"cve": "CVE-2025-22870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22870"
}
],
"notes": [
{
"category": "general",
"text": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:prometheus-blackbox_exporter-0.24.0-3.1.aarch64",
"openSUSE Tumbleweed:prometheus-blackbox_exporter-0.24.0-3.1.ppc64le",
"openSUSE Tumbleweed:prometheus-blackbox_exporter-0.24.0-3.1.s390x",
"openSUSE Tumbleweed:prometheus-blackbox_exporter-0.24.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22870",
"url": "https://www.suse.com/security/cve/CVE-2025-22870"
},
{
"category": "external",
"summary": "SUSE Bug 1238572 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238572"
},
{
"category": "external",
"summary": "SUSE Bug 1238611 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:prometheus-blackbox_exporter-0.24.0-3.1.aarch64",
"openSUSE Tumbleweed:prometheus-blackbox_exporter-0.24.0-3.1.ppc64le",
"openSUSE Tumbleweed:prometheus-blackbox_exporter-0.24.0-3.1.s390x",
"openSUSE Tumbleweed:prometheus-blackbox_exporter-0.24.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:prometheus-blackbox_exporter-0.24.0-3.1.aarch64",
"openSUSE Tumbleweed:prometheus-blackbox_exporter-0.24.0-3.1.ppc64le",
"openSUSE Tumbleweed:prometheus-blackbox_exporter-0.24.0-3.1.s390x",
"openSUSE Tumbleweed:prometheus-blackbox_exporter-0.24.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-26T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-22870"
}
]
}
OPENSUSE-SU-2025:15178-1
Vulnerability from csaf_opensuse - Published: 2025-05-30 00:00 - Updated: 2025-05-30 00:00Summary
golang-github-prometheus-alertmanager-0.28.1-2.1 on GA media
Severity
Moderate
Notes
Title of the patch: golang-github-prometheus-alertmanager-0.28.1-2.1 on GA media
Description of the patch: These are all security issues fixed in the golang-github-prometheus-alertmanager-0.28.1-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15178
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.4 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:golang-github-prometheus-alertmanager-0.28.1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:golang-github-prometheus-alertmanager-0.28.1-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:golang-github-prometheus-alertmanager-0.28.1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:golang-github-prometheus-alertmanager-0.28.1-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "golang-github-prometheus-alertmanager-0.28.1-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the golang-github-prometheus-alertmanager-0.28.1-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15178",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15178-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:15178-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RHPU2FCHAZXEG7LBQYJMUZPYCQLI5OUG/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:15178-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RHPU2FCHAZXEG7LBQYJMUZPYCQLI5OUG/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22870/"
}
],
"title": "golang-github-prometheus-alertmanager-0.28.1-2.1 on GA media",
"tracking": {
"current_release_date": "2025-05-30T00:00:00Z",
"generator": {
"date": "2025-05-30T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15178-1",
"initial_release_date": "2025-05-30T00:00:00Z",
"revision_history": [
{
"date": "2025-05-30T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "golang-github-prometheus-alertmanager-0.28.1-2.1.aarch64",
"product": {
"name": "golang-github-prometheus-alertmanager-0.28.1-2.1.aarch64",
"product_id": "golang-github-prometheus-alertmanager-0.28.1-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-github-prometheus-alertmanager-0.28.1-2.1.ppc64le",
"product": {
"name": "golang-github-prometheus-alertmanager-0.28.1-2.1.ppc64le",
"product_id": "golang-github-prometheus-alertmanager-0.28.1-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-github-prometheus-alertmanager-0.28.1-2.1.s390x",
"product": {
"name": "golang-github-prometheus-alertmanager-0.28.1-2.1.s390x",
"product_id": "golang-github-prometheus-alertmanager-0.28.1-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-github-prometheus-alertmanager-0.28.1-2.1.x86_64",
"product": {
"name": "golang-github-prometheus-alertmanager-0.28.1-2.1.x86_64",
"product_id": "golang-github-prometheus-alertmanager-0.28.1-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0.28.1-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:golang-github-prometheus-alertmanager-0.28.1-2.1.aarch64"
},
"product_reference": "golang-github-prometheus-alertmanager-0.28.1-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0.28.1-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:golang-github-prometheus-alertmanager-0.28.1-2.1.ppc64le"
},
"product_reference": "golang-github-prometheus-alertmanager-0.28.1-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0.28.1-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:golang-github-prometheus-alertmanager-0.28.1-2.1.s390x"
},
"product_reference": "golang-github-prometheus-alertmanager-0.28.1-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0.28.1-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:golang-github-prometheus-alertmanager-0.28.1-2.1.x86_64"
},
"product_reference": "golang-github-prometheus-alertmanager-0.28.1-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22870"
}
],
"notes": [
{
"category": "general",
"text": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:golang-github-prometheus-alertmanager-0.28.1-2.1.aarch64",
"openSUSE Tumbleweed:golang-github-prometheus-alertmanager-0.28.1-2.1.ppc64le",
"openSUSE Tumbleweed:golang-github-prometheus-alertmanager-0.28.1-2.1.s390x",
"openSUSE Tumbleweed:golang-github-prometheus-alertmanager-0.28.1-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22870",
"url": "https://www.suse.com/security/cve/CVE-2025-22870"
},
{
"category": "external",
"summary": "SUSE Bug 1238572 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238572"
},
{
"category": "external",
"summary": "SUSE Bug 1238611 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:golang-github-prometheus-alertmanager-0.28.1-2.1.aarch64",
"openSUSE Tumbleweed:golang-github-prometheus-alertmanager-0.28.1-2.1.ppc64le",
"openSUSE Tumbleweed:golang-github-prometheus-alertmanager-0.28.1-2.1.s390x",
"openSUSE Tumbleweed:golang-github-prometheus-alertmanager-0.28.1-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:golang-github-prometheus-alertmanager-0.28.1-2.1.aarch64",
"openSUSE Tumbleweed:golang-github-prometheus-alertmanager-0.28.1-2.1.ppc64le",
"openSUSE Tumbleweed:golang-github-prometheus-alertmanager-0.28.1-2.1.s390x",
"openSUSE Tumbleweed:golang-github-prometheus-alertmanager-0.28.1-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-30T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-22870"
}
]
}
OPENSUSE-SU-2025:15253-1
Vulnerability from csaf_opensuse - Published: 2025-07-03 00:00 - Updated: 2025-07-03 00:00Summary
opa-1.6.0-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: opa-1.6.0-1.1 on GA media
Description of the patch: These are all security issues fixed in the opa-1.6.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15253
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.4 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:opa-1.6.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:opa-1.6.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:opa-1.6.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:opa-1.6.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:opa-bash-completion-1.6.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:opa-bash-completion-1.6.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:opa-bash-completion-1.6.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:opa-bash-completion-1.6.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:opa-fish-completion-1.6.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:opa-fish-completion-1.6.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:opa-fish-completion-1.6.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:opa-fish-completion-1.6.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:opa-zsh-completion-1.6.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:opa-zsh-completion-1.6.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:opa-zsh-completion-1.6.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:opa-zsh-completion-1.6.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.3 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:opa-1.6.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:opa-1.6.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:opa-1.6.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:opa-1.6.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:opa-bash-completion-1.6.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:opa-bash-completion-1.6.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:opa-bash-completion-1.6.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:opa-bash-completion-1.6.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:opa-fish-completion-1.6.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:opa-fish-completion-1.6.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:opa-fish-completion-1.6.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:opa-fish-completion-1.6.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:opa-zsh-completion-1.6.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:opa-zsh-completion-1.6.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:opa-zsh-completion-1.6.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:opa-zsh-completion-1.6.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "opa-1.6.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the opa-1.6.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15253",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15253-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-46569 page",
"url": "https://www.suse.com/security/cve/CVE-2025-46569/"
}
],
"title": "opa-1.6.0-1.1 on GA media",
"tracking": {
"current_release_date": "2025-07-03T00:00:00Z",
"generator": {
"date": "2025-07-03T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15253-1",
"initial_release_date": "2025-07-03T00:00:00Z",
"revision_history": [
{
"date": "2025-07-03T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "opa-1.6.0-1.1.aarch64",
"product": {
"name": "opa-1.6.0-1.1.aarch64",
"product_id": "opa-1.6.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "opa-bash-completion-1.6.0-1.1.aarch64",
"product": {
"name": "opa-bash-completion-1.6.0-1.1.aarch64",
"product_id": "opa-bash-completion-1.6.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "opa-fish-completion-1.6.0-1.1.aarch64",
"product": {
"name": "opa-fish-completion-1.6.0-1.1.aarch64",
"product_id": "opa-fish-completion-1.6.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "opa-zsh-completion-1.6.0-1.1.aarch64",
"product": {
"name": "opa-zsh-completion-1.6.0-1.1.aarch64",
"product_id": "opa-zsh-completion-1.6.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "opa-1.6.0-1.1.ppc64le",
"product": {
"name": "opa-1.6.0-1.1.ppc64le",
"product_id": "opa-1.6.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "opa-bash-completion-1.6.0-1.1.ppc64le",
"product": {
"name": "opa-bash-completion-1.6.0-1.1.ppc64le",
"product_id": "opa-bash-completion-1.6.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "opa-fish-completion-1.6.0-1.1.ppc64le",
"product": {
"name": "opa-fish-completion-1.6.0-1.1.ppc64le",
"product_id": "opa-fish-completion-1.6.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "opa-zsh-completion-1.6.0-1.1.ppc64le",
"product": {
"name": "opa-zsh-completion-1.6.0-1.1.ppc64le",
"product_id": "opa-zsh-completion-1.6.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "opa-1.6.0-1.1.s390x",
"product": {
"name": "opa-1.6.0-1.1.s390x",
"product_id": "opa-1.6.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "opa-bash-completion-1.6.0-1.1.s390x",
"product": {
"name": "opa-bash-completion-1.6.0-1.1.s390x",
"product_id": "opa-bash-completion-1.6.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "opa-fish-completion-1.6.0-1.1.s390x",
"product": {
"name": "opa-fish-completion-1.6.0-1.1.s390x",
"product_id": "opa-fish-completion-1.6.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "opa-zsh-completion-1.6.0-1.1.s390x",
"product": {
"name": "opa-zsh-completion-1.6.0-1.1.s390x",
"product_id": "opa-zsh-completion-1.6.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "opa-1.6.0-1.1.x86_64",
"product": {
"name": "opa-1.6.0-1.1.x86_64",
"product_id": "opa-1.6.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "opa-bash-completion-1.6.0-1.1.x86_64",
"product": {
"name": "opa-bash-completion-1.6.0-1.1.x86_64",
"product_id": "opa-bash-completion-1.6.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "opa-fish-completion-1.6.0-1.1.x86_64",
"product": {
"name": "opa-fish-completion-1.6.0-1.1.x86_64",
"product_id": "opa-fish-completion-1.6.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "opa-zsh-completion-1.6.0-1.1.x86_64",
"product": {
"name": "opa-zsh-completion-1.6.0-1.1.x86_64",
"product_id": "opa-zsh-completion-1.6.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "opa-1.6.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:opa-1.6.0-1.1.aarch64"
},
"product_reference": "opa-1.6.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opa-1.6.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:opa-1.6.0-1.1.ppc64le"
},
"product_reference": "opa-1.6.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opa-1.6.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:opa-1.6.0-1.1.s390x"
},
"product_reference": "opa-1.6.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opa-1.6.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:opa-1.6.0-1.1.x86_64"
},
"product_reference": "opa-1.6.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opa-bash-completion-1.6.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:opa-bash-completion-1.6.0-1.1.aarch64"
},
"product_reference": "opa-bash-completion-1.6.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opa-bash-completion-1.6.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:opa-bash-completion-1.6.0-1.1.ppc64le"
},
"product_reference": "opa-bash-completion-1.6.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opa-bash-completion-1.6.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:opa-bash-completion-1.6.0-1.1.s390x"
},
"product_reference": "opa-bash-completion-1.6.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opa-bash-completion-1.6.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:opa-bash-completion-1.6.0-1.1.x86_64"
},
"product_reference": "opa-bash-completion-1.6.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opa-fish-completion-1.6.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:opa-fish-completion-1.6.0-1.1.aarch64"
},
"product_reference": "opa-fish-completion-1.6.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opa-fish-completion-1.6.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:opa-fish-completion-1.6.0-1.1.ppc64le"
},
"product_reference": "opa-fish-completion-1.6.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opa-fish-completion-1.6.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:opa-fish-completion-1.6.0-1.1.s390x"
},
"product_reference": "opa-fish-completion-1.6.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opa-fish-completion-1.6.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:opa-fish-completion-1.6.0-1.1.x86_64"
},
"product_reference": "opa-fish-completion-1.6.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opa-zsh-completion-1.6.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:opa-zsh-completion-1.6.0-1.1.aarch64"
},
"product_reference": "opa-zsh-completion-1.6.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opa-zsh-completion-1.6.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:opa-zsh-completion-1.6.0-1.1.ppc64le"
},
"product_reference": "opa-zsh-completion-1.6.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opa-zsh-completion-1.6.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:opa-zsh-completion-1.6.0-1.1.s390x"
},
"product_reference": "opa-zsh-completion-1.6.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opa-zsh-completion-1.6.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:opa-zsh-completion-1.6.0-1.1.x86_64"
},
"product_reference": "opa-zsh-completion-1.6.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22870"
}
],
"notes": [
{
"category": "general",
"text": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:opa-1.6.0-1.1.aarch64",
"openSUSE Tumbleweed:opa-1.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:opa-1.6.0-1.1.s390x",
"openSUSE Tumbleweed:opa-1.6.0-1.1.x86_64",
"openSUSE Tumbleweed:opa-bash-completion-1.6.0-1.1.aarch64",
"openSUSE Tumbleweed:opa-bash-completion-1.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:opa-bash-completion-1.6.0-1.1.s390x",
"openSUSE Tumbleweed:opa-bash-completion-1.6.0-1.1.x86_64",
"openSUSE Tumbleweed:opa-fish-completion-1.6.0-1.1.aarch64",
"openSUSE Tumbleweed:opa-fish-completion-1.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:opa-fish-completion-1.6.0-1.1.s390x",
"openSUSE Tumbleweed:opa-fish-completion-1.6.0-1.1.x86_64",
"openSUSE Tumbleweed:opa-zsh-completion-1.6.0-1.1.aarch64",
"openSUSE Tumbleweed:opa-zsh-completion-1.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:opa-zsh-completion-1.6.0-1.1.s390x",
"openSUSE Tumbleweed:opa-zsh-completion-1.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22870",
"url": "https://www.suse.com/security/cve/CVE-2025-22870"
},
{
"category": "external",
"summary": "SUSE Bug 1238572 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238572"
},
{
"category": "external",
"summary": "SUSE Bug 1238611 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:opa-1.6.0-1.1.aarch64",
"openSUSE Tumbleweed:opa-1.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:opa-1.6.0-1.1.s390x",
"openSUSE Tumbleweed:opa-1.6.0-1.1.x86_64",
"openSUSE Tumbleweed:opa-bash-completion-1.6.0-1.1.aarch64",
"openSUSE Tumbleweed:opa-bash-completion-1.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:opa-bash-completion-1.6.0-1.1.s390x",
"openSUSE Tumbleweed:opa-bash-completion-1.6.0-1.1.x86_64",
"openSUSE Tumbleweed:opa-fish-completion-1.6.0-1.1.aarch64",
"openSUSE Tumbleweed:opa-fish-completion-1.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:opa-fish-completion-1.6.0-1.1.s390x",
"openSUSE Tumbleweed:opa-fish-completion-1.6.0-1.1.x86_64",
"openSUSE Tumbleweed:opa-zsh-completion-1.6.0-1.1.aarch64",
"openSUSE Tumbleweed:opa-zsh-completion-1.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:opa-zsh-completion-1.6.0-1.1.s390x",
"openSUSE Tumbleweed:opa-zsh-completion-1.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:opa-1.6.0-1.1.aarch64",
"openSUSE Tumbleweed:opa-1.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:opa-1.6.0-1.1.s390x",
"openSUSE Tumbleweed:opa-1.6.0-1.1.x86_64",
"openSUSE Tumbleweed:opa-bash-completion-1.6.0-1.1.aarch64",
"openSUSE Tumbleweed:opa-bash-completion-1.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:opa-bash-completion-1.6.0-1.1.s390x",
"openSUSE Tumbleweed:opa-bash-completion-1.6.0-1.1.x86_64",
"openSUSE Tumbleweed:opa-fish-completion-1.6.0-1.1.aarch64",
"openSUSE Tumbleweed:opa-fish-completion-1.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:opa-fish-completion-1.6.0-1.1.s390x",
"openSUSE Tumbleweed:opa-fish-completion-1.6.0-1.1.x86_64",
"openSUSE Tumbleweed:opa-zsh-completion-1.6.0-1.1.aarch64",
"openSUSE Tumbleweed:opa-zsh-completion-1.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:opa-zsh-completion-1.6.0-1.1.s390x",
"openSUSE Tumbleweed:opa-zsh-completion-1.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-22870"
},
{
"cve": "CVE-2025-46569",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-46569"
}
],
"notes": [
{
"category": "general",
"text": "Open Policy Agent (OPA) is an open source, general-purpose policy engine. Prior to version 1.4.0, when run as a server, OPA exposes an HTTP Data API for reading and writing documents. Requesting a virtual document through the Data API entails policy evaluation, where a Rego query containing a single data document reference is constructed from the requested path. This query is then used for policy evaluation. A HTTP request path can be crafted in a way that injects Rego code into the constructed query. The evaluation result cannot be made to return any other data than what is generated by the requested path, but this path can be misdirected, and the injected Rego code can be crafted to make the query succeed or fail; opening up for oracle attacks or, given the right circumstances, erroneous policy decision results. Furthermore, the injected code can be crafted to be computationally expensive, resulting in a Denial Of Service (DoS) attack. This issue has been patched in version 1.4.0. A workaround involves having network access to OPA\u0027s RESTful APIs being limited to `localhost` and/or trusted networks, unless necessary for production reasons.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:opa-1.6.0-1.1.aarch64",
"openSUSE Tumbleweed:opa-1.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:opa-1.6.0-1.1.s390x",
"openSUSE Tumbleweed:opa-1.6.0-1.1.x86_64",
"openSUSE Tumbleweed:opa-bash-completion-1.6.0-1.1.aarch64",
"openSUSE Tumbleweed:opa-bash-completion-1.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:opa-bash-completion-1.6.0-1.1.s390x",
"openSUSE Tumbleweed:opa-bash-completion-1.6.0-1.1.x86_64",
"openSUSE Tumbleweed:opa-fish-completion-1.6.0-1.1.aarch64",
"openSUSE Tumbleweed:opa-fish-completion-1.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:opa-fish-completion-1.6.0-1.1.s390x",
"openSUSE Tumbleweed:opa-fish-completion-1.6.0-1.1.x86_64",
"openSUSE Tumbleweed:opa-zsh-completion-1.6.0-1.1.aarch64",
"openSUSE Tumbleweed:opa-zsh-completion-1.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:opa-zsh-completion-1.6.0-1.1.s390x",
"openSUSE Tumbleweed:opa-zsh-completion-1.6.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-46569",
"url": "https://www.suse.com/security/cve/CVE-2025-46569"
},
{
"category": "external",
"summary": "SUSE Bug 1246710 for CVE-2025-46569",
"url": "https://bugzilla.suse.com/1246710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:opa-1.6.0-1.1.aarch64",
"openSUSE Tumbleweed:opa-1.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:opa-1.6.0-1.1.s390x",
"openSUSE Tumbleweed:opa-1.6.0-1.1.x86_64",
"openSUSE Tumbleweed:opa-bash-completion-1.6.0-1.1.aarch64",
"openSUSE Tumbleweed:opa-bash-completion-1.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:opa-bash-completion-1.6.0-1.1.s390x",
"openSUSE Tumbleweed:opa-bash-completion-1.6.0-1.1.x86_64",
"openSUSE Tumbleweed:opa-fish-completion-1.6.0-1.1.aarch64",
"openSUSE Tumbleweed:opa-fish-completion-1.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:opa-fish-completion-1.6.0-1.1.s390x",
"openSUSE Tumbleweed:opa-fish-completion-1.6.0-1.1.x86_64",
"openSUSE Tumbleweed:opa-zsh-completion-1.6.0-1.1.aarch64",
"openSUSE Tumbleweed:opa-zsh-completion-1.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:opa-zsh-completion-1.6.0-1.1.s390x",
"openSUSE Tumbleweed:opa-zsh-completion-1.6.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:opa-1.6.0-1.1.aarch64",
"openSUSE Tumbleweed:opa-1.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:opa-1.6.0-1.1.s390x",
"openSUSE Tumbleweed:opa-1.6.0-1.1.x86_64",
"openSUSE Tumbleweed:opa-bash-completion-1.6.0-1.1.aarch64",
"openSUSE Tumbleweed:opa-bash-completion-1.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:opa-bash-completion-1.6.0-1.1.s390x",
"openSUSE Tumbleweed:opa-bash-completion-1.6.0-1.1.x86_64",
"openSUSE Tumbleweed:opa-fish-completion-1.6.0-1.1.aarch64",
"openSUSE Tumbleweed:opa-fish-completion-1.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:opa-fish-completion-1.6.0-1.1.s390x",
"openSUSE Tumbleweed:opa-fish-completion-1.6.0-1.1.x86_64",
"openSUSE Tumbleweed:opa-zsh-completion-1.6.0-1.1.aarch64",
"openSUSE Tumbleweed:opa-zsh-completion-1.6.0-1.1.ppc64le",
"openSUSE Tumbleweed:opa-zsh-completion-1.6.0-1.1.s390x",
"openSUSE Tumbleweed:opa-zsh-completion-1.6.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-46569"
}
]
}
OPENSUSE-SU-2025:15487-1
Vulnerability from csaf_opensuse - Published: 2025-08-25 00:00 - Updated: 2025-08-25 00:00Summary
cheat-4.4.2-2.1 on GA media
Severity
Moderate
Notes
Title of the patch: cheat-4.4.2-2.1 on GA media
Description of the patch: These are all security issues fixed in the cheat-4.4.2-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15487
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.9 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cheat-4.4.2-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cheat-4.4.2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cheat-4.4.2-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cheat-4.4.2-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cheat-4.4.2-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cheat-4.4.2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cheat-4.4.2-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cheat-4.4.2-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cheat-4.4.2-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cheat-4.4.2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cheat-4.4.2-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cheat-4.4.2-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cheat-4.4.2-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cheat-4.4.2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cheat-4.4.2-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cheat-4.4.2-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.4 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cheat-4.4.2-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cheat-4.4.2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cheat-4.4.2-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cheat-4.4.2-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
18 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "cheat-4.4.2-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the cheat-4.4.2-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15487",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15487-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-48795 page",
"url": "https://www.suse.com/security/cve/CVE-2023-48795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21613 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21613/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21614 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21614/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22870/"
}
],
"title": "cheat-4.4.2-2.1 on GA media",
"tracking": {
"current_release_date": "2025-08-25T00:00:00Z",
"generator": {
"date": "2025-08-25T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15487-1",
"initial_release_date": "2025-08-25T00:00:00Z",
"revision_history": [
{
"date": "2025-08-25T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cheat-4.4.2-2.1.aarch64",
"product": {
"name": "cheat-4.4.2-2.1.aarch64",
"product_id": "cheat-4.4.2-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cheat-4.4.2-2.1.ppc64le",
"product": {
"name": "cheat-4.4.2-2.1.ppc64le",
"product_id": "cheat-4.4.2-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cheat-4.4.2-2.1.s390x",
"product": {
"name": "cheat-4.4.2-2.1.s390x",
"product_id": "cheat-4.4.2-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cheat-4.4.2-2.1.x86_64",
"product": {
"name": "cheat-4.4.2-2.1.x86_64",
"product_id": "cheat-4.4.2-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cheat-4.4.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cheat-4.4.2-2.1.aarch64"
},
"product_reference": "cheat-4.4.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cheat-4.4.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cheat-4.4.2-2.1.ppc64le"
},
"product_reference": "cheat-4.4.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cheat-4.4.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cheat-4.4.2-2.1.s390x"
},
"product_reference": "cheat-4.4.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cheat-4.4.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cheat-4.4.2-2.1.x86_64"
},
"product_reference": "cheat-4.4.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-48795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-48795"
}
],
"notes": [
{
"category": "general",
"text": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cheat-4.4.2-2.1.aarch64",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.ppc64le",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.s390x",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-48795",
"url": "https://www.suse.com/security/cve/CVE-2023-48795"
},
{
"category": "external",
"summary": "SUSE Bug 1217950 for CVE-2023-48795",
"url": "https://bugzilla.suse.com/1217950"
},
{
"category": "external",
"summary": "SUSE Bug 1218708 for CVE-2023-48795",
"url": "https://bugzilla.suse.com/1218708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cheat-4.4.2-2.1.aarch64",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.ppc64le",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.s390x",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cheat-4.4.2-2.1.aarch64",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.ppc64le",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.s390x",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2025-21613",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21613"
}
],
"notes": [
{
"category": "general",
"text": "go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only happens when the file transport protocol is being used, as that is the only protocol that shells out to git binaries. This vulnerability is fixed in 5.13.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cheat-4.4.2-2.1.aarch64",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.ppc64le",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.s390x",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21613",
"url": "https://www.suse.com/security/cve/CVE-2025-21613"
},
{
"category": "external",
"summary": "SUSE Bug 1235572 for CVE-2025-21613",
"url": "https://bugzilla.suse.com/1235572"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cheat-4.4.2-2.1.aarch64",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.ppc64le",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.s390x",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cheat-4.4.2-2.1.aarch64",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.ppc64le",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.s390x",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-21613"
},
{
"cve": "CVE-2025-21614",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21614"
}
],
"notes": [
{
"category": "general",
"text": "go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cheat-4.4.2-2.1.aarch64",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.ppc64le",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.s390x",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21614",
"url": "https://www.suse.com/security/cve/CVE-2025-21614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cheat-4.4.2-2.1.aarch64",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.ppc64le",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.s390x",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-21614"
},
{
"cve": "CVE-2025-22869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22869"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cheat-4.4.2-2.1.aarch64",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.ppc64le",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.s390x",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22869",
"url": "https://www.suse.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "SUSE Bug 1239322 for CVE-2025-22869",
"url": "https://bugzilla.suse.com/1239322"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cheat-4.4.2-2.1.aarch64",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.ppc64le",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.s390x",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cheat-4.4.2-2.1.aarch64",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.ppc64le",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.s390x",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-22869"
},
{
"cve": "CVE-2025-22870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22870"
}
],
"notes": [
{
"category": "general",
"text": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cheat-4.4.2-2.1.aarch64",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.ppc64le",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.s390x",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22870",
"url": "https://www.suse.com/security/cve/CVE-2025-22870"
},
{
"category": "external",
"summary": "SUSE Bug 1238572 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238572"
},
{
"category": "external",
"summary": "SUSE Bug 1238611 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cheat-4.4.2-2.1.aarch64",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.ppc64le",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.s390x",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cheat-4.4.2-2.1.aarch64",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.ppc64le",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.s390x",
"openSUSE Tumbleweed:cheat-4.4.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-22870"
}
]
}
OPENSUSE-SU-2025:15779-1
Vulnerability from csaf_opensuse - Published: 2025-11-28 00:00 - Updated: 2025-11-28 00:00Summary
helm3-3.19.2-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: helm3-3.19.2-1.1 on GA media
Description of the patch: These are all security issues fixed in the helm3-3.19.2-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15779
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.8 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.7 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.1 (Critical)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
5.3 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.4 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.1 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
70 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "helm3-3.19.2-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the helm3-3.19.2-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15779",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15779-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16873 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16874 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21272 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21272/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1996 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23524 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23524/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23525 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23525/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23526 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23526/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-36055 page",
"url": "https://www.suse.com/security/cve/CVE-2022-36055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-25165 page",
"url": "https://www.suse.com/security/cve/CVE-2023-25165/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-25173 page",
"url": "https://www.suse.com/security/cve/CVE-2023-25173/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-25620 page",
"url": "https://www.suse.com/security/cve/CVE-2024-25620/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26147 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45337 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45337/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45338 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45338/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22872 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47911 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-53547 page",
"url": "https://www.suse.com/security/cve/CVE-2025-53547/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58190 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58190/"
}
],
"title": "helm3-3.19.2-1.1 on GA media",
"tracking": {
"current_release_date": "2025-11-28T00:00:00Z",
"generator": {
"date": "2025-11-28T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15779-1",
"initial_release_date": "2025-11-28T00:00:00Z",
"revision_history": [
{
"date": "2025-11-28T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "helm3-3.19.2-1.1.aarch64",
"product": {
"name": "helm3-3.19.2-1.1.aarch64",
"product_id": "helm3-3.19.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "helm3-bash-completion-3.19.2-1.1.aarch64",
"product": {
"name": "helm3-bash-completion-3.19.2-1.1.aarch64",
"product_id": "helm3-bash-completion-3.19.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "helm3-fish-completion-3.19.2-1.1.aarch64",
"product": {
"name": "helm3-fish-completion-3.19.2-1.1.aarch64",
"product_id": "helm3-fish-completion-3.19.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "helm3-zsh-completion-3.19.2-1.1.aarch64",
"product": {
"name": "helm3-zsh-completion-3.19.2-1.1.aarch64",
"product_id": "helm3-zsh-completion-3.19.2-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "helm3-3.19.2-1.1.ppc64le",
"product": {
"name": "helm3-3.19.2-1.1.ppc64le",
"product_id": "helm3-3.19.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "helm3-bash-completion-3.19.2-1.1.ppc64le",
"product": {
"name": "helm3-bash-completion-3.19.2-1.1.ppc64le",
"product_id": "helm3-bash-completion-3.19.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "helm3-fish-completion-3.19.2-1.1.ppc64le",
"product": {
"name": "helm3-fish-completion-3.19.2-1.1.ppc64le",
"product_id": "helm3-fish-completion-3.19.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "helm3-zsh-completion-3.19.2-1.1.ppc64le",
"product": {
"name": "helm3-zsh-completion-3.19.2-1.1.ppc64le",
"product_id": "helm3-zsh-completion-3.19.2-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "helm3-3.19.2-1.1.s390x",
"product": {
"name": "helm3-3.19.2-1.1.s390x",
"product_id": "helm3-3.19.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "helm3-bash-completion-3.19.2-1.1.s390x",
"product": {
"name": "helm3-bash-completion-3.19.2-1.1.s390x",
"product_id": "helm3-bash-completion-3.19.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "helm3-fish-completion-3.19.2-1.1.s390x",
"product": {
"name": "helm3-fish-completion-3.19.2-1.1.s390x",
"product_id": "helm3-fish-completion-3.19.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "helm3-zsh-completion-3.19.2-1.1.s390x",
"product": {
"name": "helm3-zsh-completion-3.19.2-1.1.s390x",
"product_id": "helm3-zsh-completion-3.19.2-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "helm3-3.19.2-1.1.x86_64",
"product": {
"name": "helm3-3.19.2-1.1.x86_64",
"product_id": "helm3-3.19.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "helm3-bash-completion-3.19.2-1.1.x86_64",
"product": {
"name": "helm3-bash-completion-3.19.2-1.1.x86_64",
"product_id": "helm3-bash-completion-3.19.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "helm3-fish-completion-3.19.2-1.1.x86_64",
"product": {
"name": "helm3-fish-completion-3.19.2-1.1.x86_64",
"product_id": "helm3-fish-completion-3.19.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "helm3-zsh-completion-3.19.2-1.1.x86_64",
"product": {
"name": "helm3-zsh-completion-3.19.2-1.1.x86_64",
"product_id": "helm3-zsh-completion-3.19.2-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "helm3-3.19.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64"
},
"product_reference": "helm3-3.19.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm3-3.19.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le"
},
"product_reference": "helm3-3.19.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm3-3.19.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x"
},
"product_reference": "helm3-3.19.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm3-3.19.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64"
},
"product_reference": "helm3-3.19.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm3-bash-completion-3.19.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64"
},
"product_reference": "helm3-bash-completion-3.19.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm3-bash-completion-3.19.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le"
},
"product_reference": "helm3-bash-completion-3.19.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm3-bash-completion-3.19.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x"
},
"product_reference": "helm3-bash-completion-3.19.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm3-bash-completion-3.19.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64"
},
"product_reference": "helm3-bash-completion-3.19.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm3-fish-completion-3.19.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64"
},
"product_reference": "helm3-fish-completion-3.19.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm3-fish-completion-3.19.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le"
},
"product_reference": "helm3-fish-completion-3.19.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm3-fish-completion-3.19.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x"
},
"product_reference": "helm3-fish-completion-3.19.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm3-fish-completion-3.19.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64"
},
"product_reference": "helm3-fish-completion-3.19.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm3-zsh-completion-3.19.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64"
},
"product_reference": "helm3-zsh-completion-3.19.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm3-zsh-completion-3.19.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le"
},
"product_reference": "helm3-zsh-completion-3.19.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm3-zsh-completion-3.19.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x"
},
"product_reference": "helm3-zsh-completion-3.19.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm3-zsh-completion-3.19.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
},
"product_reference": "helm3-zsh-completion-3.19.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16873"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16873",
"url": "https://www.suse.com/security/cve/CVE-2018-16873"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-16873"
},
{
"cve": "CVE-2018-16874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16874"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16874",
"url": "https://www.suse.com/security/cve/CVE-2018-16874"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16874"
},
{
"cve": "CVE-2018-16875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16875"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16875",
"url": "https://www.suse.com/security/cve/CVE-2018-16875"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16875"
},
{
"cve": "CVE-2021-21272",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21272"
}
],
"notes": [
{
"category": "general",
"text": "ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a \"zip-slip\" vulnerability. The directory support feature allows the downloaded gzipped tarballs to be automatically extracted to the user-specified directory where the tarball can have symbolic links and hard links. A well-crafted tarball or tarballs allow malicious artifact providers linking, writing, or overwriting specific files on the host filesystem outside of the user-specified directory unexpectedly with the same permissions as the user who runs `oras pull`. Users of the affected versions are impacted if they are `oras` CLI users who runs `oras pull`, or if they are Go programs, which invoke `github.com/deislabs/oras/pkg/content.FileStore`. The problem has been fixed in version 0.9.0. For `oras` CLI users, there is no workarounds other than pulling from a trusted artifact provider. For `oras` package users, the workaround is to not use `github.com/deislabs/oras/pkg/content.FileStore`, and use other content stores instead, or pull from a trusted artifact provider.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21272",
"url": "https://www.suse.com/security/cve/CVE-2021-21272"
},
{
"category": "external",
"summary": "SUSE Bug 1181419 for CVE-2021-21272",
"url": "https://bugzilla.suse.com/1181419"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-21272"
},
{
"cve": "CVE-2022-1996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1996"
}
],
"notes": [
{
"category": "general",
"text": "Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1996",
"url": "https://www.suse.com/security/cve/CVE-2022-1996"
},
{
"category": "external",
"summary": "SUSE Bug 1200528 for CVE-2022-1996",
"url": "https://bugzilla.suse.com/1200528"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2022-1996"
},
{
"cve": "CVE-2022-23524",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23524"
}
],
"notes": [
{
"category": "general",
"text": "Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to Uncontrolled Resource Consumption, resulting in Denial of Service. Input to functions in the _strvals_ package can cause a stack overflow. In Go, a stack overflow cannot be recovered from. Applications that use functions from the _strvals_ package in the Helm SDK can have a Denial of Service attack when they use this package and it panics. This issue has been patched in 3.10.3. SDK users can validate strings supplied by users won\u0027t create large arrays causing significant memory usage before passing them to the _strvals_ functions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23524",
"url": "https://www.suse.com/security/cve/CVE-2022-23524"
},
{
"category": "external",
"summary": "SUSE Bug 1206467 for CVE-2022-23524",
"url": "https://bugzilla.suse.com/1206467"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-23524"
},
{
"cve": "CVE-2022-23525",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23525"
}
],
"notes": [
{
"category": "general",
"text": "Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in the _repo_package. The _repo_ package contains a handler that processes the index file of a repository. For example, the Helm client adds references to chart repositories where charts are managed. The _repo_ package parses the index file of the repository and loads it into structures Go can work with. Some index files can cause array data structures to be created causing a memory violation. Applications that use the _repo_ package in the Helm SDK to parse an index file can suffer a Denial of Service when that input causes a panic that cannot be recovered from. The Helm Client will panic with an index file that causes a memory violation panic. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been patched in 3.10.3. SDK users can validate index files that are correctly formatted before passing them to the _repo_ functions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23525",
"url": "https://www.suse.com/security/cve/CVE-2022-23525"
},
{
"category": "external",
"summary": "SUSE Bug 1206469 for CVE-2022-23525",
"url": "https://bugzilla.suse.com/1206469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2022-23525"
},
{
"cve": "CVE-2022-23526",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23526"
}
],
"notes": [
{
"category": "general",
"text": "Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in the_chartutil_ package that can cause a segmentation violation. The _chartutil_ package contains a parser that loads a JSON Schema validation file. For example, the Helm client when rendering a chart will validate its values with the schema file. The _chartutil_ package parses the schema file and loads it into structures Go can work with. Some schema files can cause array data structures to be created causing a memory violation. Applications that use the _chartutil_ package in the Helm SDK to parse a schema file can suffer a Denial of Service when that input causes a panic that cannot be recovered from. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been patched in 3.10.3. SDK users can validate schema files that are correctly formatted before passing them to the _chartutil_ functions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23526",
"url": "https://www.suse.com/security/cve/CVE-2022-23526"
},
{
"category": "external",
"summary": "SUSE Bug 1206471 for CVE-2022-23526",
"url": "https://bugzilla.suse.com/1206471"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2022-23526"
},
{
"cve": "CVE-2022-36055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-36055"
}
],
"notes": [
{
"category": "general",
"text": "Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. Fuzz testing, provided by the CNCF, identified input to functions in the _strvals_ package that can cause an out of memory panic. The _strvals_ package contains a parser that turns strings in to Go structures. The _strvals_ package converts these strings into structures Go can work with. Some string inputs can cause array data structures to be created causing an out of memory panic. Applications that use the _strvals_ package in the Helm SDK to parse user supplied input can suffer a Denial of Service when that input causes a panic that cannot be recovered from. The Helm Client will panic with input to `--set`, `--set-string`, and other value setting flags that causes an out of memory panic. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been resolved in 3.9.4. SDK users can validate strings supplied by users won\u0027t create large arrays causing significant memory usage before passing them to the _strvals_ functions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-36055",
"url": "https://www.suse.com/security/cve/CVE-2022-36055"
},
{
"category": "external",
"summary": "SUSE Bug 1203054 for CVE-2022-36055",
"url": "https://bugzilla.suse.com/1203054"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-36055"
},
{
"cve": "CVE-2023-25165",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-25165"
}
],
"notes": [
{
"category": "general",
"text": "Helm is a tool that streamlines installing and managing Kubernetes applications.`getHostByName` is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the function performs a DNS lookup. The DNS lookup happens when used with `helm install|upgrade|template` or when the Helm SDK is used to render a chart. Information passed into the chart can be disclosed to the DNS servers used to lookup the IP address. For example, a malicious chart could inject `getHostByName` into a chart in order to disclose values to a malicious DNS server. The issue has been fixed in Helm 3.11.1. Prior to using a chart with Helm verify the `getHostByName` function is not being used in a template to disclose any information you do not want passed to DNS servers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-25165",
"url": "https://www.suse.com/security/cve/CVE-2023-25165"
},
{
"category": "external",
"summary": "SUSE Bug 1208083 for CVE-2023-25165",
"url": "https://bugzilla.suse.com/1208083"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-25165"
},
{
"cve": "CVE-2023-25173",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-25173"
}
],
"notes": [
{
"category": "general",
"text": "containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. Downstream applications that use the containerd client library may be affected as well.\n\nThis bug has been fixed in containerd v1.6.18 and v.1.5.18. Users should update to these versions and recreate containers to resolve this issue. Users who rely on a downstream application that uses containerd\u0027s client library should check that application for a separate advisory and instructions. As a workaround, ensure that the `\"USER $USERNAME\"` Dockerfile instruction is not used. Instead, set the container entrypoint to a value similar to `ENTRYPOINT [\"su\", \"-\", \"user\"]` to allow `su` to properly set up supplementary groups.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-25173",
"url": "https://www.suse.com/security/cve/CVE-2023-25173"
},
{
"category": "external",
"summary": "SUSE Bug 1208426 for CVE-2023-25173",
"url": "https://bugzilla.suse.com/1208426"
},
{
"category": "external",
"summary": "SUSE Bug 1215588 for CVE-2023-25173",
"url": "https://bugzilla.suse.com/1215588"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-25173"
},
{
"cve": "CVE-2024-25620",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-25620"
}
],
"notes": [
{
"category": "general",
"text": "Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whose name within the `Chart.yaml` file includes a relative path change, the chart would be saved outside its expected directory based on the changes in the relative path. The validation and linting did not detect the path changes in the name. This issue has been resolved in Helm v3.14.1. Users unable to upgrade should check all charts used by Helm for path changes in their name as found in the `Chart.yaml` file. This includes dependencies.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-25620",
"url": "https://www.suse.com/security/cve/CVE-2024-25620"
},
{
"category": "external",
"summary": "SUSE Bug 1219969 for CVE-2024-25620",
"url": "https://bugzilla.suse.com/1219969"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-25620"
},
{
"cve": "CVE-2024-26147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26147"
}
],
"notes": [
{
"category": "general",
"text": "Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an `index.yaml` file or a plugins `plugin.yaml` file were missing all metadata a panic would occur in Helm. In the Helm SDK, this is found when using the `LoadIndexFile` or `DownloadIndexFile` functions in the `repo` package or the `LoadDir` function in the `plugin` package. For the Helm client this impacts functions around adding a repository and all Helm functions if a malicious plugin is added as Helm inspects all known plugins on each invocation. This issue has been resolved in Helm v3.14.2. If a malicious plugin has been added which is causing all Helm client commands to panic, the malicious plugin can be manually removed from the filesystem. If using Helm SDK versions prior to 3.14.2, calls to affected functions can use `recover` to catch the panic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26147",
"url": "https://www.suse.com/security/cve/CVE-2024-26147"
},
{
"category": "external",
"summary": "SUSE Bug 1220207 for CVE-2024-26147",
"url": "https://bugzilla.suse.com/1220207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-26147"
},
{
"cve": "CVE-2024-45337",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45337"
}
],
"notes": [
{
"category": "general",
"text": "Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that \"A call to this function does not guarantee that the key offered is in fact used to authenticate.\" Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/cry...@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45337",
"url": "https://www.suse.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "SUSE Bug 1234482 for CVE-2024-45337",
"url": "https://bugzilla.suse.com/1234482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-45337"
},
{
"cve": "CVE-2024-45338",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45338"
}
],
"notes": [
{
"category": "general",
"text": "An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45338",
"url": "https://www.suse.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "SUSE Bug 1234794 for CVE-2024-45338",
"url": "https://bugzilla.suse.com/1234794"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-45338"
},
{
"cve": "CVE-2025-22870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22870"
}
],
"notes": [
{
"category": "general",
"text": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22870",
"url": "https://www.suse.com/security/cve/CVE-2025-22870"
},
{
"category": "external",
"summary": "SUSE Bug 1238572 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238572"
},
{
"category": "external",
"summary": "SUSE Bug 1238611 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-22870"
},
{
"cve": "CVE-2025-22872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22872"
}
],
"notes": [
{
"category": "general",
"text": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22872",
"url": "https://www.suse.com/security/cve/CVE-2025-22872"
},
{
"category": "external",
"summary": "SUSE Bug 1241710 for CVE-2025-22872",
"url": "https://bugzilla.suse.com/1241710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-22872"
},
{
"cve": "CVE-2025-47911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47911"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47911",
"url": "https://www.suse.com/security/cve/CVE-2025-47911"
},
{
"category": "external",
"summary": "SUSE Bug 1251308 for CVE-2025-47911",
"url": "https://bugzilla.suse.com/1251308"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-47911"
},
{
"cve": "CVE-2025-53547",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-53547"
}
],
"notes": [
{
"category": "general",
"text": "Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when dependencies are updated and this file is written, can be crafted in a way that can cause execution if that same content were in a file that is executed (e.g., a bash.rc file or shell script). If the Chart.lock file is symlinked to one of these files updating dependencies will write the lock file content to the symlinked file. This can lead to unwanted execution. Helm warns of the symlinked file but did not stop execution due to symlinking. This issue has been resolved in Helm v3.18.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-53547",
"url": "https://www.suse.com/security/cve/CVE-2025-53547"
},
{
"category": "external",
"summary": "SUSE Bug 1246150 for CVE-2025-53547",
"url": "https://bugzilla.suse.com/1246150"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-53547"
},
{
"cve": "CVE-2025-58190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58190"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58190",
"url": "https://www.suse.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "SUSE Bug 1251309 for CVE-2025-58190",
"url": "https://bugzilla.suse.com/1251309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:helm3-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-bash-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-fish-completion-3.19.2-1.1.x86_64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.aarch64",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.ppc64le",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.s390x",
"openSUSE Tumbleweed:helm3-zsh-completion-3.19.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-58190"
}
]
}
OPENSUSE-SU-2025:20177-1
Vulnerability from csaf_opensuse - Published: 2025-12-18 00:17 - Updated: 2025-12-18 00:17Summary
Security update for cheat
Severity
Important
Notes
Title of the patch: Security update for cheat
Description of the patch: This update for cheat fixes the following issues:
- Security:
* CVE-2025-47913: Fix client process termination (bsc#1253593)
* CVE-2025-58181: Fix potential unbounded memory consumption (bsc#1253922)
* CVE-2025-47914: Fix panic due to an out of bounds read (bsc#1254051)
* Replace golang.org/x/crypto=golang.org/x/crypto@v0.45.0
* Replace golang.org/x/net=golang.org/x/net@v0.47.0
* Replace golang.org/x/sys=golang.org/x/sys@v0.38.0
- Packaging improvements:
* Drop Requires: golang-packaging. The recommended Go toolchain
dependency expression is BuildRequires: golang(API) >= 1.x or
optionally the metapackage BuildRequires: go
* Use BuildRequires: golang(API) >= 1.19 matching go.mod
* Build PIE with pattern that may become recommended procedure:
%%ifnarch ppc64 GOFLAGS="-buildmode=pie" %%endif go build
A go toolchain buildmode default config would be preferable
but none exist at this time.
* Drop mod=vendor, go1.14+ will detect vendor dir and auto-enable
* Remove go build -o output binary location and name. Default
binary has the same name as package of func main() and is
placed in the top level of the build directory.
* Add basic %check to execute binary --help
- Packaging improvements:
* Service go_modules replace dependencies with CVEs
* Replace github.com/cloudflare/circl=github.com/cloudflare/circl@v1.6.1
Fix GO-2025-3754 GHSA-2x5j-vhc8-9cwm
* Replace golang.org/x/net=golang.org/x/net@v0.36.0
Fixes GO-2025-3503 CVE-2025-22870
* Replace golang.org/x/crypto=golang.org/x/crypto@v0.35.0
Fixes GO-2023-2402 CVE-2023-48795 GHSA-45x7-px36-x8w8
Fixes GO-2025-3487 CVE-2025-22869
* Replace github.com/go-git/go-git/v5=github.com/go-git/go-git/v5@v5.13.0
Fixes GO-2025-3367 CVE-2025-21614 GHSA-r9px-m959-cxf4
Fixes GO-2025-3368 CVE-2025-21613 GHSA-v725-9546-7q7m
* Service tar_scm set mode manual from disabled
* Service tar_scm create archive from git so we can exclude
vendor directory upstream committed to git. Committed vendor
directory contents have build issues even after go mod tidy.
* Service tar_scm exclude dir vendor
* Service set_version set mode manual from disabled
* Service set_version remove param basename not needed
Patchnames: openSUSE-Leap-16.0-packagehub-59
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.9 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.4 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
31 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for cheat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for cheat fixes the following issues:\n\n- Security:\n * CVE-2025-47913: Fix client process termination (bsc#1253593)\n * CVE-2025-58181: Fix potential unbounded memory consumption (bsc#1253922)\n * CVE-2025-47914: Fix panic due to an out of bounds read (bsc#1254051)\n * Replace golang.org/x/crypto=golang.org/x/crypto@v0.45.0\n * Replace golang.org/x/net=golang.org/x/net@v0.47.0\n * Replace golang.org/x/sys=golang.org/x/sys@v0.38.0\n\n- Packaging improvements:\n * Drop Requires: golang-packaging. The recommended Go toolchain\n dependency expression is BuildRequires: golang(API) \u003e= 1.x or\n optionally the metapackage BuildRequires: go\n * Use BuildRequires: golang(API) \u003e= 1.19 matching go.mod\n * Build PIE with pattern that may become recommended procedure:\n %%ifnarch ppc64 GOFLAGS=\"-buildmode=pie\" %%endif go build\n A go toolchain buildmode default config would be preferable\n but none exist at this time.\n * Drop mod=vendor, go1.14+ will detect vendor dir and auto-enable\n * Remove go build -o output binary location and name. Default\n binary has the same name as package of func main() and is\n placed in the top level of the build directory.\n * Add basic %check to execute binary --help\n\n- Packaging improvements:\n * Service go_modules replace dependencies with CVEs\n * Replace github.com/cloudflare/circl=github.com/cloudflare/circl@v1.6.1\n Fix GO-2025-3754 GHSA-2x5j-vhc8-9cwm\n * Replace golang.org/x/net=golang.org/x/net@v0.36.0\n Fixes GO-2025-3503 CVE-2025-22870\n * Replace golang.org/x/crypto=golang.org/x/crypto@v0.35.0\n Fixes GO-2023-2402 CVE-2023-48795 GHSA-45x7-px36-x8w8\n Fixes GO-2025-3487 CVE-2025-22869\n * Replace github.com/go-git/go-git/v5=github.com/go-git/go-git/v5@v5.13.0\n Fixes GO-2025-3367 CVE-2025-21614 GHSA-r9px-m959-cxf4\n Fixes GO-2025-3368 CVE-2025-21613 GHSA-v725-9546-7q7m\n * Service tar_scm set mode manual from disabled\n * Service tar_scm create archive from git so we can exclude\n vendor directory upstream committed to git. Committed vendor\n directory contents have build issues even after go mod tidy.\n * Service tar_scm exclude dir vendor\n * Service set_version set mode manual from disabled\n * Service set_version remove param basename not needed\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-packagehub-59",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_20177-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1247629",
"url": "https://bugzilla.suse.com/1247629"
},
{
"category": "self",
"summary": "SUSE Bug 1253593",
"url": "https://bugzilla.suse.com/1253593"
},
{
"category": "self",
"summary": "SUSE Bug 1253922",
"url": "https://bugzilla.suse.com/1253922"
},
{
"category": "self",
"summary": "SUSE Bug 1254051",
"url": "https://bugzilla.suse.com/1254051"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-48795 page",
"url": "https://www.suse.com/security/cve/CVE-2023-48795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21613 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21613/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21614 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21614/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58181/"
}
],
"title": "Security update for cheat",
"tracking": {
"current_release_date": "2025-12-18T00:17:52Z",
"generator": {
"date": "2025-12-18T00:17:52Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:20177-1",
"initial_release_date": "2025-12-18T00:17:52Z",
"revision_history": [
{
"date": "2025-12-18T00:17:52Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cheat-4.4.2-bp160.2.1.aarch64",
"product": {
"name": "cheat-4.4.2-bp160.2.1.aarch64",
"product_id": "cheat-4.4.2-bp160.2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cheat-4.4.2-bp160.2.1.ppc64le",
"product": {
"name": "cheat-4.4.2-bp160.2.1.ppc64le",
"product_id": "cheat-4.4.2-bp160.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cheat-4.4.2-bp160.2.1.s390x",
"product": {
"name": "cheat-4.4.2-bp160.2.1.s390x",
"product_id": "cheat-4.4.2-bp160.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cheat-4.4.2-bp160.2.1.x86_64",
"product": {
"name": "cheat-4.4.2-bp160.2.1.x86_64",
"product_id": "cheat-4.4.2-bp160.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cheat-4.4.2-bp160.2.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.aarch64"
},
"product_reference": "cheat-4.4.2-bp160.2.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cheat-4.4.2-bp160.2.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.ppc64le"
},
"product_reference": "cheat-4.4.2-bp160.2.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cheat-4.4.2-bp160.2.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.s390x"
},
"product_reference": "cheat-4.4.2-bp160.2.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cheat-4.4.2-bp160.2.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.x86_64"
},
"product_reference": "cheat-4.4.2-bp160.2.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-48795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-48795"
}
],
"notes": [
{
"category": "general",
"text": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.aarch64",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.ppc64le",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.s390x",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-48795",
"url": "https://www.suse.com/security/cve/CVE-2023-48795"
},
{
"category": "external",
"summary": "SUSE Bug 1217950 for CVE-2023-48795",
"url": "https://bugzilla.suse.com/1217950"
},
{
"category": "external",
"summary": "SUSE Bug 1218708 for CVE-2023-48795",
"url": "https://bugzilla.suse.com/1218708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.aarch64",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.ppc64le",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.s390x",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.aarch64",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.ppc64le",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.s390x",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-18T00:17:52Z",
"details": "important"
}
],
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2025-21613",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21613"
}
],
"notes": [
{
"category": "general",
"text": "go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only happens when the file transport protocol is being used, as that is the only protocol that shells out to git binaries. This vulnerability is fixed in 5.13.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.aarch64",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.ppc64le",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.s390x",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21613",
"url": "https://www.suse.com/security/cve/CVE-2025-21613"
},
{
"category": "external",
"summary": "SUSE Bug 1235572 for CVE-2025-21613",
"url": "https://bugzilla.suse.com/1235572"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.aarch64",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.ppc64le",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.s390x",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.aarch64",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.ppc64le",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.s390x",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-18T00:17:52Z",
"details": "important"
}
],
"title": "CVE-2025-21613"
},
{
"cve": "CVE-2025-21614",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21614"
}
],
"notes": [
{
"category": "general",
"text": "go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.aarch64",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.ppc64le",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.s390x",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21614",
"url": "https://www.suse.com/security/cve/CVE-2025-21614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.aarch64",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.ppc64le",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.s390x",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-18T00:17:52Z",
"details": "important"
}
],
"title": "CVE-2025-21614"
},
{
"cve": "CVE-2025-22869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22869"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.aarch64",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.ppc64le",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.s390x",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22869",
"url": "https://www.suse.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "SUSE Bug 1239322 for CVE-2025-22869",
"url": "https://bugzilla.suse.com/1239322"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.aarch64",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.ppc64le",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.s390x",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.aarch64",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.ppc64le",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.s390x",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-18T00:17:52Z",
"details": "important"
}
],
"title": "CVE-2025-22869"
},
{
"cve": "CVE-2025-22870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22870"
}
],
"notes": [
{
"category": "general",
"text": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.aarch64",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.ppc64le",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.s390x",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22870",
"url": "https://www.suse.com/security/cve/CVE-2025-22870"
},
{
"category": "external",
"summary": "SUSE Bug 1238572 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238572"
},
{
"category": "external",
"summary": "SUSE Bug 1238611 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.aarch64",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.ppc64le",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.s390x",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.aarch64",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.ppc64le",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.s390x",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-18T00:17:52Z",
"details": "moderate"
}
],
"title": "CVE-2025-22870"
},
{
"cve": "CVE-2025-47913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47913"
}
],
"notes": [
{
"category": "general",
"text": "SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.aarch64",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.ppc64le",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.s390x",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47913",
"url": "https://www.suse.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "SUSE Bug 1253506 for CVE-2025-47913",
"url": "https://bugzilla.suse.com/1253506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.aarch64",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.ppc64le",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.s390x",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.aarch64",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.ppc64le",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.s390x",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-18T00:17:52Z",
"details": "important"
}
],
"title": "CVE-2025-47913"
},
{
"cve": "CVE-2025-47914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47914"
}
],
"notes": [
{
"category": "general",
"text": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.aarch64",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.ppc64le",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.s390x",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47914",
"url": "https://www.suse.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "SUSE Bug 1253967 for CVE-2025-47914",
"url": "https://bugzilla.suse.com/1253967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.aarch64",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.ppc64le",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.s390x",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.aarch64",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.ppc64le",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.s390x",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-18T00:17:52Z",
"details": "moderate"
}
],
"title": "CVE-2025-47914"
},
{
"cve": "CVE-2025-58181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58181"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.aarch64",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.ppc64le",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.s390x",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58181",
"url": "https://www.suse.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "SUSE Bug 1253784 for CVE-2025-58181",
"url": "https://bugzilla.suse.com/1253784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.aarch64",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.ppc64le",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.s390x",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.aarch64",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.ppc64le",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.s390x",
"openSUSE Leap 16.0:cheat-4.4.2-bp160.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-18T00:17:52Z",
"details": "moderate"
}
],
"title": "CVE-2025-58181"
}
]
}
OPENSUSE-SU-2026:10230-1
Vulnerability from csaf_opensuse - Published: 2026-02-19 00:00 - Updated: 2026-02-19 00:00Summary
vexctl-0.4.1+git78.f951e3a-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: vexctl-0.4.1+git78.f951e3a-1.1 on GA media
Description of the patch: These are all security issues fixed in the vexctl-0.4.1+git78.f951e3a-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10230
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.4 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.8 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
33 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "vexctl-0.4.1+git78.f951e3a-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the vexctl-0.4.1+git78.f951e3a-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10230",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10230-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45337 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45337/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22868 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22868/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27144 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27144/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-30204 page",
"url": "https://www.suse.com/security/cve/CVE-2025-30204/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-22772 page",
"url": "https://www.suse.com/security/cve/CVE-2026-22772/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-24137 page",
"url": "https://www.suse.com/security/cve/CVE-2026-24137/"
}
],
"title": "vexctl-0.4.1+git78.f951e3a-1.1 on GA media",
"tracking": {
"current_release_date": "2026-02-19T00:00:00Z",
"generator": {
"date": "2026-02-19T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10230-1",
"initial_release_date": "2026-02-19T00:00:00Z",
"revision_history": [
{
"date": "2026-02-19T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"product": {
"name": "vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"product_id": "vexctl-0.4.1+git78.f951e3a-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"product": {
"name": "vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"product_id": "vexctl-0.4.1+git78.f951e3a-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"product": {
"name": "vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"product_id": "vexctl-0.4.1+git78.f951e3a-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "vexctl-0.4.1+git78.f951e3a-1.1.x86_64",
"product": {
"name": "vexctl-0.4.1+git78.f951e3a-1.1.x86_64",
"product_id": "vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "vexctl-0.4.1+git78.f951e3a-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64"
},
"product_reference": "vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vexctl-0.4.1+git78.f951e3a-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le"
},
"product_reference": "vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vexctl-0.4.1+git78.f951e3a-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x"
},
"product_reference": "vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vexctl-0.4.1+git78.f951e3a-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
},
"product_reference": "vexctl-0.4.1+git78.f951e3a-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45337",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45337"
}
],
"notes": [
{
"category": "general",
"text": "Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that \"A call to this function does not guarantee that the key offered is in fact used to authenticate.\" Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/cry...@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45337",
"url": "https://www.suse.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "SUSE Bug 1234482 for CVE-2024-45337",
"url": "https://bugzilla.suse.com/1234482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-19T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-45337"
},
{
"cve": "CVE-2025-22868",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22868"
}
],
"notes": [
{
"category": "general",
"text": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22868",
"url": "https://www.suse.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "SUSE Bug 1239185 for CVE-2025-22868",
"url": "https://bugzilla.suse.com/1239185"
},
{
"category": "external",
"summary": "SUSE Bug 1239186 for CVE-2025-22868",
"url": "https://bugzilla.suse.com/1239186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-19T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-22868"
},
{
"cve": "CVE-2025-22869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22869"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22869",
"url": "https://www.suse.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "SUSE Bug 1239322 for CVE-2025-22869",
"url": "https://bugzilla.suse.com/1239322"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-19T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-22869"
},
{
"cve": "CVE-2025-22870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22870"
}
],
"notes": [
{
"category": "general",
"text": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22870",
"url": "https://www.suse.com/security/cve/CVE-2025-22870"
},
{
"category": "external",
"summary": "SUSE Bug 1238572 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238572"
},
{
"category": "external",
"summary": "SUSE Bug 1238611 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-19T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-22870"
},
{
"cve": "CVE-2025-27144",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27144"
}
],
"notes": [
{
"category": "general",
"text": "Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code used strings.Split(token, \".\") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. Version 4.0.5 fixes this issue. As a workaround, applications could pre-validate that payloads passed to Go JOSE do not contain an excessive number of `.` characters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27144",
"url": "https://www.suse.com/security/cve/CVE-2025-27144"
},
{
"category": "external",
"summary": "SUSE Bug 1237608 for CVE-2025-27144",
"url": "https://bugzilla.suse.com/1237608"
},
{
"category": "external",
"summary": "SUSE Bug 1237609 for CVE-2025-27144",
"url": "https://bugzilla.suse.com/1237609"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-19T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-27144"
},
{
"cve": "CVE-2025-30204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-30204"
}
],
"notes": [
{
"category": "general",
"text": "golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function\u0027s argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-30204",
"url": "https://www.suse.com/security/cve/CVE-2025-30204"
},
{
"category": "external",
"summary": "SUSE Bug 1240441 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240441"
},
{
"category": "external",
"summary": "SUSE Bug 1240442 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-19T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-30204"
},
{
"cve": "CVE-2025-58181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58181"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58181",
"url": "https://www.suse.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "SUSE Bug 1253784 for CVE-2025-58181",
"url": "https://bugzilla.suse.com/1253784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-19T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-58181"
},
{
"cve": "CVE-2026-22772",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-22772"
}
],
"notes": [
{
"category": "general",
"text": "Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.5, Fulcio\u0027s metaRegex() function uses unanchored regex, allowing attackers to bypass MetaIssuer URL validation and trigger SSRF to arbitrary internal services. Since the SSRF only can trigger GET requests, the request cannot mutate state. The response from the GET request is not returned to the caller so data exfiltration is not possible. A malicious actor could attempt to probe an internal network through Blind SSRF. This vulnerability is fixed in 1.8.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-22772",
"url": "https://www.suse.com/security/cve/CVE-2026-22772"
},
{
"category": "external",
"summary": "SUSE Bug 1256532 for CVE-2026-22772",
"url": "https://bugzilla.suse.com/1256532"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-19T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-22772"
},
{
"cve": "CVE-2026-24137",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-24137"
}
],
"notes": [
{
"category": "general",
"text": "sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client (pkg/tuf/client.go) supports caching target files to disk. It constructs a filesystem path by joining a cache base directory with a target name sourced from signed target metadata; however, it does not validate that the resulting path stays within the cache base directory. A malicious TUF repository can trigger arbitrary file overwriting, limited to the permissions that the calling process has. Note that this should only affect clients that are directly using the TUF client in sigstore/sigstore or are using an older version of Cosign. Public Sigstore deployment users are unaffected, as TUF metadata is validated by a quorum of trusted collaborators. This issue has been fixed in version 1.10.4. As a workaround, users can disable disk caching for the legacy client by setting SIGSTORE_NO_CACHE=true in the environment, migrate to https://github.com/sigstore/sigstore-go/tree/main/pkg/tuf, or upgrade to the latest sigstore/sigstore release.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-24137",
"url": "https://www.suse.com/security/cve/CVE-2026-24137"
},
{
"category": "external",
"summary": "SUSE Bug 1257137 for CVE-2026-24137",
"url": "https://bugzilla.suse.com/1257137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-19T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-24137"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…