rpm package
suse/rekor&distro=SUSE Linux Enterprise Module for Basesystem 15 SP7
pkg:rpm/suse/rekor&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-58058 | Med | 5.3 | < 1.4.3-150400.4.28.1 | 1.4.3-150400.4.28.1 | Aug 28, 2025 | xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the | |
| CVE-2025-29923 | Low | 3.7 | < 1.4.3-150400.4.28.1 | 1.4.3-150400.4.28.1 | Mar 20, 2025 | go-redis is the official Redis client library for the Go programming language. Prior to 9.5.5, 9.6.3, and 9.7.3, go-redis potentially responds out of order when `CLIENT SETINFO` times out during connection establishment. This can happen when the client is configured to transmit i |
- affected < 1.4.3-150400.4.28.1fixed 1.4.3-150400.4.28.1
xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the
- affected < 1.4.3-150400.4.28.1fixed 1.4.3-150400.4.28.1
go-redis is the official Redis client library for the Go programming language. Prior to 9.5.5, 9.6.3, and 9.7.3, go-redis potentially responds out of order when `CLIENT SETINFO` times out during connection establishment. This can happen when the client is configured to transmit i