VYPR

rpm package

suse/zypper&distro=SUSE Linux Enterprise Server for SAP applications 16.0

pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0

Vulnerabilities (5)

  • CVE-2026-44942Jun 18, 2026
    affected < 1.14.98-160000.1.1fixed 1.14.98-160000.1.1

    A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content.

  • CVE-2026-48863impMay 26, 2026
    affected < 1.14.98-160000.1.1fixed 1.14.98-160000.1.1

    libsolv: Stack-based buffer overflow in libsolv EdDSA PGP signature verification allows denial of service

  • CVE-2026-9149MedMay 21, 2026
    affected < 1.14.98-160000.1.1fixed 1.14.98-160000.1.1

    A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write

  • CVE-2026-9150MedMay 20, 2026
    affected < 1.14.98-160000.1.1fixed 1.14.98-160000.1.1

    A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to me

  • CVE-2026-44933HigMay 20, 2026
    affected < 1.14.98-160000.1.1fixed 1.14.98-160000.1.1

    `PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this root is frequently `/` (the system root) in standard configurations or when using `--root`. If the chroot target is `/`, it is a no-op, allowing the traversed path to execute host binaries (like `/bin/b