rpm package
opensuse/amazon-ssm-agent&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/amazon-ssm-agent&distro=openSUSE%20Tumbleweed
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-41506 | Med | 4.7 | < 3.3.4268.0-2.1 | 3.3.4268.0-2.1 | May 8, 2026 | go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 | |
| CVE-2026-1229 | — | < 3.3.4121.0-1.1 | 3.3.4121.0-1.1 | Feb 24, 2026 | The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas. ECDH and ECDSA signing relying on this curve are not affected. The bug was fixed in v1.6.3 https:// | ||
| CVE-2025-47913 | — | < 3.3.3270.0-2.1 | 3.3.3270.0-2.1 | Nov 13, 2025 | SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process. | ||
| CVE-2025-22870 | Med | 4.4 | < 3.3.1957.0-2.1 | 3.3.1957.0-2.1 | Mar 12, 2025 | Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied. | |
| CVE-2025-21613 | — | < 3.3.1611.0-1.1 | 3.3.1611.0-1.1 | Jan 6, 2025 | go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flag | ||
| CVE-2022-29527 | — | < 3.1.1260.0-1.1 | 3.1.1260.0-1.1 | Apr 20, 2022 | Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a world-writable sudoers file, which allows local attackers to inject Sudo rules and escalate privileges to root. This occurs in certain situations involving a race condition. |
- affected < 3.3.4268.0-2.1fixed 3.3.4268.0-2.1
go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0
- CVE-2026-1229Feb 24, 2026affected < 3.3.4121.0-1.1fixed 3.3.4121.0-1.1
The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas. ECDH and ECDSA signing relying on this curve are not affected. The bug was fixed in v1.6.3 https://
- CVE-2025-47913Nov 13, 2025affected < 3.3.3270.0-2.1fixed 3.3.3270.0-2.1
SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.
- affected < 3.3.1957.0-2.1fixed 3.3.1957.0-2.1
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.
- CVE-2025-21613Jan 6, 2025affected < 3.3.1611.0-1.1fixed 3.3.1611.0-1.1
go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flag
- CVE-2022-29527Apr 20, 2022affected < 3.1.1260.0-1.1fixed 3.1.1260.0-1.1
Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a world-writable sudoers file, which allows local attackers to inject Sudo rules and escalate privileges to root. This occurs in certain situations involving a race condition.