VYPR

rpm package

suse/alloy&distro=SUSE Linux Enterprise Module for Basesystem 15 SP7

pkg:rpm/suse/alloy&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7

Vulnerabilities (14)

  • CVE-2026-41602HigApr 28, 2026
    affected < 1.16.1-150700.15.20.1fixed 1.16.1-150700.15.20.1

    Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

  • CVE-2026-34986HigApr 6, 2026
    affected < 1.16.1-150700.15.20.1fixed 1.16.1-150700.15.20.1

    Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JW

  • CVE-2026-33186CriMar 20, 2026
    affected < 1.16.1-150700.15.20.1fixed 1.16.1-150700.15.20.1

    gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omi

  • CVE-2026-26958LowFeb 19, 2026
    affected < 1.16.1-150700.15.20.1fixed 1.16.1-150700.15.20.1

    filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for building cryptographic primitives. In versions 1.1.0 and earlier, MultiScalarMult produces invalid results or undefined behavior if the receiver is not the identity point. If (*Poin

  • CVE-2026-25934Feb 9, 2026
    affected < 1.16.1-150700.15.20.1fixed 1.16.1-150700.15.20.1

    go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files,

  • CVE-2025-58190Feb 5, 2026
    affected < 1.12.1-150700.15.12.1fixed 1.12.1-150700.15.12.1

    The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.

  • CVE-2025-47911Feb 5, 2026
    affected < 1.12.1-150700.15.12.1fixed 1.12.1-150700.15.12.1

    The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.

  • CVE-2025-11065MedJan 26, 2026
    affected < 1.11.3-150700.15.9.1fixed 1.11.3-150700.15.9.1

    A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data process

  • CVE-2025-68156Dec 16, 2025
    affected < 1.12.2-150700.15.15.1fixed 1.12.2-150700.15.15.1

    Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including `flatten`, `min`, `max`, `mean`, and `median`, perform recursive traversal over user-provided data structures without enforcing a maximum recursi

  • CVE-2025-47913Nov 13, 2025
    affected < 1.12.1-150700.15.12.1fixed 1.12.1-150700.15.12.1

    SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.

  • CVE-2025-52881Nov 6, 2025
    affected < 1.12.2-150700.15.15.1fixed 1.12.2-150700.15.15.1

    runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have

  • CVE-2025-52565Nov 6, 2025
    affected < 1.12.2-150700.15.15.1fixed 1.12.2-150700.15.15.1

    runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the conta

  • CVE-2025-31133Nov 6, 2025
    affected < 1.12.2-150700.15.15.1fixed 1.12.2-150700.15.15.1

    runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container

  • CVE-2025-58058MedAug 28, 2025
    affected < 1.11.3-150700.15.9.1fixed 1.11.3-150700.15.9.1

    xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the