VYPR

rpm package

suse/alloy&distro=SUSE Linux Enterprise Server 16.0

pkg:rpm/suse/alloy&distro=SUSE%20Linux%20Enterprise%20Server%2016.0

Vulnerabilities (9)

  • CVE-2025-58190Feb 5, 2026
    affected < 1.12.1-160000.1.1fixed 1.12.1-160000.1.1

    The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.

  • CVE-2025-47911Feb 5, 2026
    affected < 1.12.1-160000.1.1fixed 1.12.1-160000.1.1

    The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.

  • CVE-2025-11065MedJan 26, 2026
    affected < 1.11.3-160000.1.1fixed 1.11.3-160000.1.1

    A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data process

  • CVE-2025-68156Dec 16, 2025
    affected < 1.12.2-160000.1.1fixed 1.12.2-160000.1.1

    Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including `flatten`, `min`, `max`, `mean`, and `median`, perform recursive traversal over user-provided data structures without enforcing a maximum recursi

  • CVE-2025-47913Nov 13, 2025
    affected < 1.12.1-160000.1.1fixed 1.12.1-160000.1.1

    SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.

  • CVE-2025-52881Nov 6, 2025
    affected < 1.12.2-160000.1.1fixed 1.12.2-160000.1.1

    runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have

  • CVE-2025-52565Nov 6, 2025
    affected < 1.12.2-160000.1.1fixed 1.12.2-160000.1.1

    runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the conta

  • CVE-2025-31133Nov 6, 2025
    affected < 1.12.2-160000.1.1fixed 1.12.2-160000.1.1

    runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container

  • CVE-2025-58058MedAug 28, 2025
    affected < 1.11.3-160000.1.1fixed 1.11.3-160000.1.1

    xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the