rpm package
suse/alloy&distro=SUSE Linux Enterprise Server 16.0
pkg:rpm/suse/alloy&distro=SUSE%20Linux%20Enterprise%20Server%2016.0
Vulnerabilities (9)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-58190 | — | < 1.12.1-160000.1.1 | 1.12.1-160000.1.1 | Feb 5, 2026 | The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content. | ||
| CVE-2025-47911 | — | < 1.12.1-160000.1.1 | 1.12.1-160000.1.1 | Feb 5, 2026 | The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content. | ||
| CVE-2025-11065 | Med | 5.3 | < 1.11.3-160000.1.1 | 1.11.3-160000.1.1 | Jan 26, 2026 | A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data process | |
| CVE-2025-68156 | — | < 1.12.2-160000.1.1 | 1.12.2-160000.1.1 | Dec 16, 2025 | Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including `flatten`, `min`, `max`, `mean`, and `median`, perform recursive traversal over user-provided data structures without enforcing a maximum recursi | ||
| CVE-2025-47913 | — | < 1.12.1-160000.1.1 | 1.12.1-160000.1.1 | Nov 13, 2025 | SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process. | ||
| CVE-2025-52881 | — | < 1.12.2-160000.1.1 | 1.12.2-160000.1.1 | Nov 6, 2025 | runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have | ||
| CVE-2025-52565 | — | < 1.12.2-160000.1.1 | 1.12.2-160000.1.1 | Nov 6, 2025 | runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the conta | ||
| CVE-2025-31133 | — | < 1.12.2-160000.1.1 | 1.12.2-160000.1.1 | Nov 6, 2025 | runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container | ||
| CVE-2025-58058 | Med | 5.3 | < 1.11.3-160000.1.1 | 1.11.3-160000.1.1 | Aug 28, 2025 | xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the |
- CVE-2025-58190Feb 5, 2026affected < 1.12.1-160000.1.1fixed 1.12.1-160000.1.1
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
- CVE-2025-47911Feb 5, 2026affected < 1.12.1-160000.1.1fixed 1.12.1-160000.1.1
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
- affected < 1.11.3-160000.1.1fixed 1.11.3-160000.1.1
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data process
- CVE-2025-68156Dec 16, 2025affected < 1.12.2-160000.1.1fixed 1.12.2-160000.1.1
Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including `flatten`, `min`, `max`, `mean`, and `median`, perform recursive traversal over user-provided data structures without enforcing a maximum recursi
- CVE-2025-47913Nov 13, 2025affected < 1.12.1-160000.1.1fixed 1.12.1-160000.1.1
SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.
- CVE-2025-52881Nov 6, 2025affected < 1.12.2-160000.1.1fixed 1.12.2-160000.1.1
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have
- CVE-2025-52565Nov 6, 2025affected < 1.12.2-160000.1.1fixed 1.12.2-160000.1.1
runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the conta
- CVE-2025-31133Nov 6, 2025affected < 1.12.2-160000.1.1fixed 1.12.2-160000.1.1
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container
- affected < 1.11.3-160000.1.1fixed 1.11.3-160000.1.1
xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the