Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-1615 (GCVE-0-2026-1615)
Vulnerability from cvelistv5 – Published: 2026-02-09 05:00 – Updated: 2026-02-23 10:03
VLAI?
EPSS
Summary
Versions of the package jsonpath before 1.2.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not designed to handle untrusted data safely. An attacker can exploit this vulnerability by supplying a malicious JSON Path expression that, when evaluated, executes arbitrary JavaScript code, leading to Remote Code Execution in Node.js environments or Cross-site Scripting (XSS) in browser contexts. This affects all methods that evaluate JSON Paths against objects, including .query, .nodes, .paths, .value, .parent, and .apply.
Severity ?
9.8 (Critical)
CWE
- CWE-94 - Arbitrary Code Injection
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | jsonpath |
Affected:
0 , < 1.2.0
(semver)
|
|||||||
|
|||||||||
Credits
Nick Copi
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1615",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T16:07:07.143690Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T16:07:32.556Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "jsonpath",
"vendor": "n/a",
"versions": [
{
"lessThan": "1.2.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"product": "org.webjars.npm:jsonpath",
"vendor": "n/a",
"versions": [
{
"lessThan": "1.2.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Nick Copi"
}
],
"descriptions": [
{
"lang": "en",
"value": "Versions of the package jsonpath before 1.2.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not designed to handle untrusted data safely. An attacker can exploit this vulnerability by supplying a malicious JSON Path expression that, when evaluated, executes arbitrary JavaScript code, leading to Remote Code Execution in Node.js environments or Cross-site Scripting (XSS) in browser contexts. This affects all methods that evaluate JSON Paths against objects, including .query, .nodes, .paths, .value, .parent, and .apply."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P",
"version": "3.1"
},
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"exploitMaturity": "PROOF_OF_CONCEPT",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Arbitrary Code Injection",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T10:03:34.221Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"url": "https://security.snyk.io/vuln/SNYK-JS-JSONPATH-13645034"
},
{
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-15141219"
},
{
"url": "https://github.com/dchester/jsonpath/blob/c1dd8ec74034fb0375233abb5fdbec51ac317b4b/lib/handlers.js%23L243"
},
{
"url": "https://github.com/dchester/jsonpath/commit/9631412641b7095f86840a7a45b5b3afc68b0fcb"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2026-1615",
"datePublished": "2026-02-09T05:00:09.050Z",
"dateReserved": "2026-01-29T13:07:32.703Z",
"dateUpdated": "2026-02-23T10:03:34.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-1615\",\"sourceIdentifier\":\"report@snyk.io\",\"published\":\"2026-02-09T05:16:24.353\",\"lastModified\":\"2026-02-23T11:16:21.710\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Versions of the package jsonpath before 1.2.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not designed to handle untrusted data safely. An attacker can exploit this vulnerability by supplying a malicious JSON Path expression that, when evaluated, executes arbitrary JavaScript code, leading to Remote Code Execution in Node.js environments or Cross-site Scripting (XSS) in browser contexts. This affects all methods that evaluate JSON Paths against objects, including .query, .nodes, .paths, .value, .parent, and .apply.\"},{\"lang\":\"es\",\"value\":\"Todas las versiones del paquete jsonpath son vulnerables a Inyecci\u00f3n de C\u00f3digo Arbitrario a trav\u00e9s de la evaluaci\u00f3n insegura de expresiones JSON Path proporcionadas por el usuario. La biblioteca se basa en el m\u00f3dulo static-eval para procesar la entrada JSON Path, el cual no est\u00e1 dise\u00f1ado para manejar datos no confiables de forma segura. Un atacante puede explotar esta vulnerabilidad al proporcionar una expresi\u00f3n JSON Path maliciosa que, al ser evaluada, ejecuta c\u00f3digo JavaScript arbitrario, lo que lleva a Ejecuci\u00f3n Remota de C\u00f3digo en entornos Node.js o Cross-site scripting (XSS) en contextos de navegador. Esto afecta a todos los m\u00e9todos que eval\u00faan JSON Paths contra objetos, incluyendo .query, .nodes, .paths, .value, .parent y .apply.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"report@snyk.io\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":9.2,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"report@snyk.io\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"report@snyk.io\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"references\":[{\"url\":\"https://github.com/dchester/jsonpath/blob/c1dd8ec74034fb0375233abb5fdbec51ac317b4b/lib/handlers.js%23L243\",\"source\":\"report@snyk.io\"},{\"url\":\"https://github.com/dchester/jsonpath/commit/9631412641b7095f86840a7a45b5b3afc68b0fcb\",\"source\":\"report@snyk.io\"},{\"url\":\"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-15141219\",\"source\":\"report@snyk.io\"},{\"url\":\"https://security.snyk.io/vuln/SNYK-JS-JSONPATH-13645034\",\"source\":\"report@snyk.io\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-1615\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-09T16:07:07.143690Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-09T16:07:29.695Z\"}}], \"cna\": {\"credits\": [{\"lang\": \"en\", \"value\": \"Nick Copi\"}], \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"exploitCodeMaturity\": \"PROOF_OF_CONCEPT\", \"confidentialityImpact\": \"HIGH\"}, \"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 9.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P\", \"exploitMaturity\": \"PROOF_OF_CONCEPT\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"n/a\", \"product\": \"jsonpath\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.2.0\", \"versionType\": \"semver\"}]}, {\"vendor\": \"n/a\", \"product\": \"org.webjars.npm:jsonpath\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.2.0\", \"versionType\": \"semver\"}]}], \"references\": [{\"url\": \"https://security.snyk.io/vuln/SNYK-JS-JSONPATH-13645034\"}, {\"url\": \"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-15141219\"}, {\"url\": \"https://github.com/dchester/jsonpath/blob/c1dd8ec74034fb0375233abb5fdbec51ac317b4b/lib/handlers.js%23L243\"}, {\"url\": \"https://github.com/dchester/jsonpath/commit/9631412641b7095f86840a7a45b5b3afc68b0fcb\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Versions of the package jsonpath before 1.2.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not designed to handle untrusted data safely. An attacker can exploit this vulnerability by supplying a malicious JSON Path expression that, when evaluated, executes arbitrary JavaScript code, leading to Remote Code Execution in Node.js environments or Cross-site Scripting (XSS) in browser contexts. This affects all methods that evaluate JSON Paths against objects, including .query, .nodes, .paths, .value, .parent, and .apply.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"cweId\": \"CWE-94\", \"description\": \"Arbitrary Code Injection\"}]}], \"providerMetadata\": {\"orgId\": \"bae035ff-b466-4ff4-94d0-fc9efd9e1730\", \"shortName\": \"snyk\", \"dateUpdated\": \"2026-02-23T10:03:34.221Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-1615\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-23T10:03:34.221Z\", \"dateReserved\": \"2026-01-29T13:07:32.703Z\", \"assignerOrgId\": \"bae035ff-b466-4ff4-94d0-fc9efd9e1730\", \"datePublished\": \"2026-02-09T05:00:09.050Z\", \"assignerShortName\": \"snyk\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
SUSE-SU-2026:20574-1
Vulnerability from csaf_suse - Published: 2026-02-17 09:51 - Updated: 2026-02-17 09:51Summary
Security update for golang-github-prometheus-prometheus
Severity
Critical
Notes
Title of the patch: Security update for golang-github-prometheus-prometheus
Description of the patch: This update for golang-github-prometheus-prometheus fixes the following issues:
- CVE-2026-25547: Fixed an unbounded brace range expansion leading to excessive CPU and memory consumption. (bsc#1257841)
- CVE-2026-1615: Fixed arbitrary code injection due to unsafe evaluation of user-supplied JSON Path expressions in jsonpath. (bsc#1257897)
- CVE-2025-61140: Fixed a function vulnerable to prototype pollution in jsonpath. (bsc#1257442)
Patchnames: SUSE-SLES-16.0-290
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for golang-github-prometheus-prometheus",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for golang-github-prometheus-prometheus fixes the following issues:\n\n- CVE-2026-25547: Fixed an unbounded brace range expansion leading to excessive CPU and memory consumption. (bsc#1257841)\n- CVE-2026-1615: Fixed arbitrary code injection due to unsafe evaluation of user-supplied JSON Path expressions in jsonpath. (bsc#1257897)\n- CVE-2025-61140: Fixed a function vulnerable to prototype pollution in jsonpath. (bsc#1257442)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-290",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20574-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20574-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620574-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20574-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024627.html"
},
{
"category": "self",
"summary": "SUSE Bug 1257442",
"url": "https://bugzilla.suse.com/1257442"
},
{
"category": "self",
"summary": "SUSE Bug 1257841",
"url": "https://bugzilla.suse.com/1257841"
},
{
"category": "self",
"summary": "SUSE Bug 1257897",
"url": "https://bugzilla.suse.com/1257897"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61140 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-1615 page",
"url": "https://www.suse.com/security/cve/CVE-2026-1615/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25547 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25547/"
}
],
"title": "Security update for golang-github-prometheus-prometheus",
"tracking": {
"current_release_date": "2026-02-17T09:51:55Z",
"generator": {
"date": "2026-02-17T09:51:55Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20574-1",
"initial_release_date": "2026-02-17T09:51:55Z",
"revision_history": [
{
"date": "2026-02-17T09:51:55Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64",
"product": {
"name": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64",
"product_id": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le",
"product": {
"name": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le",
"product_id": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x",
"product": {
"name": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x",
"product_id": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64",
"product": {
"name": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64",
"product_id": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64"
},
"product_reference": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le"
},
"product_reference": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x"
},
"product_reference": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64"
},
"product_reference": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64"
},
"product_reference": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le"
},
"product_reference": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x"
},
"product_reference": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64"
},
"product_reference": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61140"
}
],
"notes": [
{
"category": "general",
"text": "The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61140",
"url": "https://www.suse.com/security/cve/CVE-2025-61140"
},
{
"category": "external",
"summary": "SUSE Bug 1257442 for CVE-2025-61140",
"url": "https://bugzilla.suse.com/1257442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-17T09:51:55Z",
"details": "important"
}
],
"title": "CVE-2025-61140"
},
{
"cve": "CVE-2026-1615",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-1615"
}
],
"notes": [
{
"category": "general",
"text": "Versions of the package jsonpath before 1.2.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not designed to handle untrusted data safely. An attacker can exploit this vulnerability by supplying a malicious JSON Path expression that, when evaluated, executes arbitrary JavaScript code, leading to Remote Code Execution in Node.js environments or Cross-site Scripting (XSS) in browser contexts. This affects all methods that evaluate JSON Paths against objects, including .query, .nodes, .paths, .value, .parent, and .apply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-1615",
"url": "https://www.suse.com/security/cve/CVE-2026-1615"
},
{
"category": "external",
"summary": "SUSE Bug 1257897 for CVE-2026-1615",
"url": "https://bugzilla.suse.com/1257897"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-17T09:51:55Z",
"details": "critical"
}
],
"title": "CVE-2026-1615"
},
{
"cve": "CVE-2026-25547",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25547"
}
],
"notes": [
{
"category": "general",
"text": "@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the expansion grows exponentially, even a small input can consume excessive CPU and memory and may crash the Node.js process. This issue has been patched in version 5.0.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25547",
"url": "https://www.suse.com/security/cve/CVE-2026-25547"
},
{
"category": "external",
"summary": "SUSE Bug 1257834 for CVE-2026-25547",
"url": "https://bugzilla.suse.com/1257834"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-17T09:51:55Z",
"details": "important"
}
],
"title": "CVE-2026-25547"
}
]
}
SUSE-SU-2026:1013-1
Vulnerability from csaf_suse - Published: 2026-03-25 10:11 - Updated: 2026-03-25 10:11Summary
Security update 5.0.7 for Multi-Linux Manager Client Tools
Severity
Important
Notes
Title of the patch: Security update 5.0.7 for Multi-Linux Manager Client Tools
Description of the patch: This update fixes the following issues:
dracut-saltboot:
- Version update to 1.1.0:
* Retry DHCP requests up to 3 times (bsc#1253004)
golang-github-QubitProducts-exporter_exporter:
- Non-customer-facing optimization and update
golang-github-boynux-squid_exporter:
- Version update from 1.6.0 to 1.13.0 with the following highlighted changes and fixes (jsc#PED-14971):
* Added compatibility for Squid 6 and support for the squid-internal-mgr metrics path
* Added TLS and Basic Authentication to the exporter’s web interface
* Added support for the exporter to authenticate against the Squid proxy itself
* Allow the gathering of process information without requiring root privileges
* The exporter can now be configured using environment variables
* Added support for custom labels to all exported metrics for better data filtering
* New metrics to track if Squid is running (squid_up), how long a scrape takes, and if any errors occurred
* Added 'service time' metrics to analyze proxy speed and performance.
* Added a metric for open file descriptors (process_open_fds) to help prevent connection bottlenecks
* Corrected the squid_client_http_requests_total metric to ensure accurate reporting
golang-github-lusitaniae-apache_exporter:
- Version update from 1.0.8 to 1.0.10:
* Updated github.com/prometheus/client_golang to 1.21.1
* Updated github.com/prometheus/common to 0.63.0
* Updated github.com/prometheus/exporter-toolkit to 0.14.0
* Fixed signal handler logging
golang-github-prometheus-prometheus:
- Security issues fixed:
* CVE-2026-27606: Fixed arbitrary file write via path traversal in rollup (bsc#1258893)
* CVE-2026-25547: Fixed unbounded brace range expansion leading to excessive CPU and memory consumption (bsc#1257841)
* CVE-2026-1615, CVE-2025-61140 The old web UI is no longer built due to security issues (bsc#1257897, bsc#1257442)
* CVE-2025-13465: Bump lodash package to version 4.17.23 to fix prototype pollution vulnerability (bsc#1257329)
* CVE-2025-12816: Interpretation conflict vulnerability allowing bypassing cryptographic verifications (bsc#1255588)
- Version update from 2.53.4 to 3.5.0 with the following highlighted changes (jsc#PED-13824):
* Modernized Interface: Introduced a brand-new UI
* Enhanced Cloud and Auth: Added unified AWS service discovery (EC2, ECS, Lightsail) and Azure Workload Identity support
for more secure, native cloudauthentication.
* Performance Standards: Fully integrated OpenTelemetry (OTLP) ingestion and moved Native Histograms from experimental
to a stable feature.
* Advanced Data Export: Rolled out Remote Write 2.0, offering better performance and metadata handling when sending
data to external systems.
* Query Power: Added new PromQL functions (like first_over_time and last_over_time) and optimization for grouping
operations
* Better Visibility: The UI now displays detailed relabeling steps, scrape intervals, and timeouts, making it easier
to troubleshoot why targets aren't reporting correctly.
* Critical Fixes: Resolved significant memory leaks related to query logging and fixed bugs where targets were
accidentally being scraped multiple times
grafana:
- Security issues fixed:
* CVE-2026-21722: Public dashboards annotations: use dashboard timerange if time selection disabled (bsc#1258136)
* CVE-2026-21721: Fixed access control by the dashboard permissions API (bsc#1257337)
* CVE-2026-21720: Fixed unauthenticated DoS (bsc#1257349)
* CVE-2025-68156: Fixed potential DoS via unbounded recursion in builtin functions (bsc#1255340)
* CVE-2025-3415: Fixedexposure of DingDing alerting integration URL to Viewer level users (bsc#1245302)
- Version update from 11.5.10 to 11.6.11 with the following highlighted changes and fixes:
* Performance Boost: Introduced WebGL-powered geomaps for smoother map visualizations and
removed blurred backgrounds from UI overlays to speed up the interface
* One-Click Actions: Visualizations now support faster navigation via one-click links and actions
* Alerting History: Added version history for alert rules, allowing you to track changes over time
* Service Accounts: Automated the migration of old API keys to more secure Service Accounts upon startup
* Cron Support: Annotations now support Cron syntax for more flexible scheduling
* Identity and Auth: Hardened the Avatar feature (now requires sign-in) and fixed several login redirection issues
when Grafana is hosted on a subpath
* Data Source Support: Added support for Cloud Partner Prometheus data sources and improved Azure legend formatting
* Alerting Limits: Added size limits for expanded notification templates to prevent system strain
* RBAC: Integrated Role-Based Access Control (RBAC) into the Alertmanager via the reqAction field
* Data Consistency: Fixed several issues with Graphite and InfluxDB regarding how variables are handled in repeated
rows or nested queries
* Dashboard Reliability: Resolved bugs involving row repeats and 'self-referencing' data links
* Alerting Fixes: Patched a critical 'panic' (crash) caused by a race condition in alert rules and fixed issues where
contact points weren't working correctly
* URL Handling: Fixed a bug where 'true' values in URL parameters weren't being read correctly
prometheus-blackbox_exporter:
- Non-customer-facing optimization and update
spacecmd:
- Version update to 5.0.15:
* Fixed typo in spacecmd help ca-cert flag (bsc#1253174)
* Convert cached IDs to integer values (bsc#1251995)
* Fixed spacecmd binary file upload (bsc#1253659)
uyuni-tools:
- Version update to 0.1.38:
* Fixed cobbler configuration when migrating to standalone files (bsc#1256803)
* Detect custom apache and squid config in the /etc/uyuni/proxy folder
* Add ssh tuning to configure sshd (bsc#1253738)
* Ignore supportconfig errors (bsc#1255781)
* Bumped the default image tag to 5.0.7
* Removed cgroup mount for podman containers (bsc#1253347)
* Registry flag can be a string (bsc#1254589)
* Use static supportconfig name to avoid dynamic search (bsc#1257941)
Patchnames: SUSE-2026-1013,SUSE-SLE-Manager-Tools-15-2026-1013,SUSE-SLE-Manager-Tools-For-Micro-5-2026-1013,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1013,openSUSE-SLE-15.6-2026-1013
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.6 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.2 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update 5.0.7 for Multi-Linux Manager Client Tools",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update fixes the following issues:\n\ndracut-saltboot:\n\n- Version update to 1.1.0:\n\n * Retry DHCP requests up to 3 times (bsc#1253004)\n\ngolang-github-QubitProducts-exporter_exporter:\n\n- Non-customer-facing optimization and update\n\ngolang-github-boynux-squid_exporter:\n\n- Version update from 1.6.0 to 1.13.0 with the following highlighted changes and fixes (jsc#PED-14971):\n\n * Added compatibility for Squid 6 and support for the squid-internal-mgr metrics path\n * Added TLS and Basic Authentication to the exporter\u2019s web interface\n * Added support for the exporter to authenticate against the Squid proxy itself\n * Allow the gathering of process information without requiring root privileges\n * The exporter can now be configured using environment variables\n * Added support for custom labels to all exported metrics for better data filtering\n * New metrics to track if Squid is running (squid_up), how long a scrape takes, and if any errors occurred\n * Added \u0027service time\u0027 metrics to analyze proxy speed and performance.\n * Added a metric for open file descriptors (process_open_fds) to help prevent connection bottlenecks\n * Corrected the squid_client_http_requests_total metric to ensure accurate reporting\n\n\ngolang-github-lusitaniae-apache_exporter:\n\n- Version update from 1.0.8 to 1.0.10:\n\n * Updated github.com/prometheus/client_golang to 1.21.1\n * Updated github.com/prometheus/common to 0.63.0\n * Updated github.com/prometheus/exporter-toolkit to 0.14.0\n * Fixed signal handler logging\n\ngolang-github-prometheus-prometheus:\n\n- Security issues fixed:\n\n * CVE-2026-27606: Fixed arbitrary file write via path traversal in rollup (bsc#1258893)\n * CVE-2026-25547: Fixed unbounded brace range expansion leading to excessive CPU and memory consumption (bsc#1257841)\n * CVE-2026-1615, CVE-2025-61140 The old web UI is no longer built due to security issues (bsc#1257897, bsc#1257442)\n * CVE-2025-13465: Bump lodash package to version 4.17.23 to fix prototype pollution vulnerability (bsc#1257329)\n * CVE-2025-12816: Interpretation conflict vulnerability allowing bypassing cryptographic verifications (bsc#1255588)\n\n- Version update from 2.53.4 to 3.5.0 with the following highlighted changes (jsc#PED-13824):\n\n * Modernized Interface: Introduced a brand-new UI\n * Enhanced Cloud and Auth: Added unified AWS service discovery (EC2, ECS, Lightsail) and Azure Workload Identity support\n for more secure, native cloudauthentication.\n * Performance Standards: Fully integrated OpenTelemetry (OTLP) ingestion and moved Native Histograms from experimental\n to a stable feature.\n * Advanced Data Export: Rolled out Remote Write 2.0, offering better performance and metadata handling when sending\n data to external systems.\n * Query Power: Added new PromQL functions (like first_over_time and last_over_time) and optimization for grouping\n operations\n * Better Visibility: The UI now displays detailed relabeling steps, scrape intervals, and timeouts, making it easier\n to troubleshoot why targets aren\u0027t reporting correctly.\n * Critical Fixes: Resolved significant memory leaks related to query logging and fixed bugs where targets were\n accidentally being scraped multiple times\n\ngrafana:\n\n- Security issues fixed:\n\n * CVE-2026-21722: Public dashboards annotations: use dashboard timerange if time selection disabled (bsc#1258136)\n * CVE-2026-21721: Fixed access control by the dashboard permissions API (bsc#1257337)\n * CVE-2026-21720: Fixed unauthenticated DoS (bsc#1257349)\n * CVE-2025-68156: Fixed potential DoS via unbounded recursion in builtin functions (bsc#1255340)\n * CVE-2025-3415: Fixedexposure of DingDing alerting integration URL to Viewer level users (bsc#1245302)\n\n- Version update from 11.5.10 to 11.6.11 with the following highlighted changes and fixes:\n \n * Performance Boost: Introduced WebGL-powered geomaps for smoother map visualizations and\n removed blurred backgrounds from UI overlays to speed up the interface\n * One-Click Actions: Visualizations now support faster navigation via one-click links and actions\n * Alerting History: Added version history for alert rules, allowing you to track changes over time\n * Service Accounts: Automated the migration of old API keys to more secure Service Accounts upon startup\n * Cron Support: Annotations now support Cron syntax for more flexible scheduling\n * Identity and Auth: Hardened the Avatar feature (now requires sign-in) and fixed several login redirection issues\n when Grafana is hosted on a subpath\n * Data Source Support: Added support for Cloud Partner Prometheus data sources and improved Azure legend formatting\n * Alerting Limits: Added size limits for expanded notification templates to prevent system strain\n * RBAC: Integrated Role-Based Access Control (RBAC) into the Alertmanager via the reqAction field\n * Data Consistency: Fixed several issues with Graphite and InfluxDB regarding how variables are handled in repeated\n rows or nested queries\n * Dashboard Reliability: Resolved bugs involving row repeats and \u0027self-referencing\u0027 data links\n * Alerting Fixes: Patched a critical \u0027panic\u0027 (crash) caused by a race condition in alert rules and fixed issues where\n contact points weren\u0027t working correctly\n * URL Handling: Fixed a bug where \u0027true\u0027 values in URL parameters weren\u0027t being read correctly\n\nprometheus-blackbox_exporter:\n\n- Non-customer-facing optimization and update\n\nspacecmd:\n\n- Version update to 5.0.15:\n\n * Fixed typo in spacecmd help ca-cert flag (bsc#1253174)\n * Convert cached IDs to integer values (bsc#1251995)\n * Fixed spacecmd binary file upload (bsc#1253659)\n\nuyuni-tools:\n\n- Version update to 0.1.38:\n\n * Fixed cobbler configuration when migrating to standalone files (bsc#1256803)\n * Detect custom apache and squid config in the /etc/uyuni/proxy folder\n * Add ssh tuning to configure sshd (bsc#1253738)\n * Ignore supportconfig errors (bsc#1255781)\n * Bumped the default image tag to 5.0.7\n * Removed cgroup mount for podman containers (bsc#1253347)\n * Registry flag can be a string (bsc#1254589)\n * Use static supportconfig name to avoid dynamic search (bsc#1257941)\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1013,SUSE-SLE-Manager-Tools-15-2026-1013,SUSE-SLE-Manager-Tools-For-Micro-5-2026-1013,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1013,openSUSE-SLE-15.6-2026-1013",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1013-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1013-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261013-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1013-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024917.html"
},
{
"category": "self",
"summary": "SUSE Bug 1245302",
"url": "https://bugzilla.suse.com/1245302"
},
{
"category": "self",
"summary": "SUSE Bug 1251995",
"url": "https://bugzilla.suse.com/1251995"
},
{
"category": "self",
"summary": "SUSE Bug 1253004",
"url": "https://bugzilla.suse.com/1253004"
},
{
"category": "self",
"summary": "SUSE Bug 1253174",
"url": "https://bugzilla.suse.com/1253174"
},
{
"category": "self",
"summary": "SUSE Bug 1253347",
"url": "https://bugzilla.suse.com/1253347"
},
{
"category": "self",
"summary": "SUSE Bug 1253659",
"url": "https://bugzilla.suse.com/1253659"
},
{
"category": "self",
"summary": "SUSE Bug 1253738",
"url": "https://bugzilla.suse.com/1253738"
},
{
"category": "self",
"summary": "SUSE Bug 1254589",
"url": "https://bugzilla.suse.com/1254589"
},
{
"category": "self",
"summary": "SUSE Bug 1255340",
"url": "https://bugzilla.suse.com/1255340"
},
{
"category": "self",
"summary": "SUSE Bug 1255588",
"url": "https://bugzilla.suse.com/1255588"
},
{
"category": "self",
"summary": "SUSE Bug 1255781",
"url": "https://bugzilla.suse.com/1255781"
},
{
"category": "self",
"summary": "SUSE Bug 1256803",
"url": "https://bugzilla.suse.com/1256803"
},
{
"category": "self",
"summary": "SUSE Bug 1257329",
"url": "https://bugzilla.suse.com/1257329"
},
{
"category": "self",
"summary": "SUSE Bug 1257337",
"url": "https://bugzilla.suse.com/1257337"
},
{
"category": "self",
"summary": "SUSE Bug 1257349",
"url": "https://bugzilla.suse.com/1257349"
},
{
"category": "self",
"summary": "SUSE Bug 1257442",
"url": "https://bugzilla.suse.com/1257442"
},
{
"category": "self",
"summary": "SUSE Bug 1257841",
"url": "https://bugzilla.suse.com/1257841"
},
{
"category": "self",
"summary": "SUSE Bug 1257897",
"url": "https://bugzilla.suse.com/1257897"
},
{
"category": "self",
"summary": "SUSE Bug 1257941",
"url": "https://bugzilla.suse.com/1257941"
},
{
"category": "self",
"summary": "SUSE Bug 1258136",
"url": "https://bugzilla.suse.com/1258136"
},
{
"category": "self",
"summary": "SUSE Bug 1258893",
"url": "https://bugzilla.suse.com/1258893"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-12816 page",
"url": "https://www.suse.com/security/cve/CVE-2025-12816/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-13465 page",
"url": "https://www.suse.com/security/cve/CVE-2025-13465/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3415 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3415/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61140 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68156 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68156/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-1615 page",
"url": "https://www.suse.com/security/cve/CVE-2026-1615/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21720 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21721 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21721/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21722 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21722/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25547 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25547/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27606 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27606/"
}
],
"title": "Security update 5.0.7 for Multi-Linux Manager Client Tools",
"tracking": {
"current_release_date": "2026-03-25T10:11:52Z",
"generator": {
"date": "2026-03-25T10:11:52Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1013-1",
"initial_release_date": "2026-03-25T10:11:52Z",
"revision_history": [
{
"date": "2026-03-25T10:11:52Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"product": {
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"product_id": "firewalld-prometheus-config-0.1-150000.3.67.1.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"product": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"product_id": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"product": {
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"product_id": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"product": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"product_id": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.aarch64",
"product": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.aarch64",
"product_id": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"product": {
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"product_id": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"product": {
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"product_id": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64"
}
},
{
"category": "product_version",
"name": "grafana-11.6.11-150000.1.90.1.aarch64",
"product": {
"name": "grafana-11.6.11-150000.1.90.1.aarch64",
"product_id": "grafana-11.6.11-150000.1.90.1.aarch64"
}
},
{
"category": "product_version",
"name": "mgrctl-0.1.38-150000.1.30.1.aarch64",
"product": {
"name": "mgrctl-0.1.38-150000.1.30.1.aarch64",
"product_id": "mgrctl-0.1.38-150000.1.30.1.aarch64"
}
},
{
"category": "product_version",
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"product": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"product_id": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.i586",
"product": {
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.i586",
"product_id": "firewalld-prometheus-config-0.1-150000.3.67.1.i586"
}
},
{
"category": "product_version",
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.i586",
"product": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.i586",
"product_id": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.i586"
}
},
{
"category": "product_version",
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.i586",
"product": {
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.i586",
"product_id": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.i586"
}
},
{
"category": "product_version",
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.i586",
"product": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.i586",
"product_id": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.i586"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.i586",
"product": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.i586",
"product_id": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.i586"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.i586",
"product": {
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.i586",
"product_id": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.i586"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.i586",
"product": {
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.i586",
"product_id": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.i586"
}
},
{
"category": "product_version",
"name": "mgrctl-0.1.38-150000.1.30.1.i586",
"product": {
"name": "mgrctl-0.1.38-150000.1.30.1.i586",
"product_id": "mgrctl-0.1.38-150000.1.30.1.i586"
}
},
{
"category": "product_version",
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.i586",
"product": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.i586",
"product_id": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"product": {
"name": "dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"product_id": "dracut-saltboot-1.1.0-150000.1.65.1.noarch"
}
},
{
"category": "product_version",
"name": "mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"product": {
"name": "mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"product_id": "mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch"
}
},
{
"category": "product_version",
"name": "mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"product": {
"name": "mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"product_id": "mgrctl-lang-0.1.38-150000.1.30.1.noarch"
}
},
{
"category": "product_version",
"name": "mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"product": {
"name": "mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"product_id": "mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch"
}
},
{
"category": "product_version",
"name": "spacecmd-5.0.15-150000.3.142.1.noarch",
"product": {
"name": "spacecmd-5.0.15-150000.3.142.1.noarch",
"product_id": "spacecmd-5.0.15-150000.3.142.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"product": {
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"product_id": "firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"product": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"product_id": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"product": {
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"product_id": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"product": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"product_id": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.ppc64le",
"product": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.ppc64le",
"product_id": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"product": {
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"product_id": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"product": {
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"product_id": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le"
}
},
{
"category": "product_version",
"name": "grafana-11.6.11-150000.1.90.1.ppc64le",
"product": {
"name": "grafana-11.6.11-150000.1.90.1.ppc64le",
"product_id": "grafana-11.6.11-150000.1.90.1.ppc64le"
}
},
{
"category": "product_version",
"name": "mgrctl-0.1.38-150000.1.30.1.ppc64le",
"product": {
"name": "mgrctl-0.1.38-150000.1.30.1.ppc64le",
"product_id": "mgrctl-0.1.38-150000.1.30.1.ppc64le"
}
},
{
"category": "product_version",
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"product": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"product_id": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"product": {
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"product_id": "firewalld-prometheus-config-0.1-150000.3.67.1.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"product": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"product_id": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"product": {
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"product_id": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"product": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"product_id": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.s390x",
"product": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.s390x",
"product_id": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"product": {
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"product_id": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"product": {
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"product_id": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x"
}
},
{
"category": "product_version",
"name": "grafana-11.6.11-150000.1.90.1.s390x",
"product": {
"name": "grafana-11.6.11-150000.1.90.1.s390x",
"product_id": "grafana-11.6.11-150000.1.90.1.s390x"
}
},
{
"category": "product_version",
"name": "mgrctl-0.1.38-150000.1.30.1.s390x",
"product": {
"name": "mgrctl-0.1.38-150000.1.30.1.s390x",
"product_id": "mgrctl-0.1.38-150000.1.30.1.s390x"
}
},
{
"category": "product_version",
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"product": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"product_id": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"product": {
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"product_id": "firewalld-prometheus-config-0.1-150000.3.67.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"product": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"product_id": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"product": {
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"product_id": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"product": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"product_id": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.x86_64",
"product": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.x86_64",
"product_id": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"product": {
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"product_id": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"product": {
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"product_id": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64"
}
},
{
"category": "product_version",
"name": "grafana-11.6.11-150000.1.90.1.x86_64",
"product": {
"name": "grafana-11.6.11-150000.1.90.1.x86_64",
"product_id": "grafana-11.6.11-150000.1.90.1.x86_64"
}
},
{
"category": "product_version",
"name": "mgrctl-0.1.38-150000.1.30.1.x86_64",
"product": {
"name": "mgrctl-0.1.38-150000.1.30.1.x86_64",
"product_id": "mgrctl-0.1.38-150000.1.30.1.x86_64"
}
},
{
"category": "product_version",
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"product": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"product_id": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager Client Tools 15",
"product": {
"name": "SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15"
}
},
{
"category": "product_name",
"name": "SUSE Manager Client Tools for SLE Micro 5",
"product": {
"name": "SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-manager-tools-micro:5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp7"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "dracut-saltboot-1.1.0-150000.1.65.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch"
},
"product_reference": "dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.aarch64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64"
},
"product_reference": "firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le"
},
"product_reference": "firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.s390x as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x"
},
"product_reference": "firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.x86_64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64"
},
"product_reference": "firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64"
},
"product_reference": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le"
},
"product_reference": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x"
},
"product_reference": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64"
},
"product_reference": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64"
},
"product_reference": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le"
},
"product_reference": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x"
},
"product_reference": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64"
},
"product_reference": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64"
},
"product_reference": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le"
},
"product_reference": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x"
},
"product_reference": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64"
},
"product_reference": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-11.6.11-150000.1.90.1.aarch64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64"
},
"product_reference": "grafana-11.6.11-150000.1.90.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-11.6.11-150000.1.90.1.ppc64le as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le"
},
"product_reference": "grafana-11.6.11-150000.1.90.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-11.6.11-150000.1.90.1.s390x as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x"
},
"product_reference": "grafana-11.6.11-150000.1.90.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-11.6.11-150000.1.90.1.x86_64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64"
},
"product_reference": "grafana-11.6.11-150000.1.90.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-0.1.38-150000.1.30.1.aarch64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64"
},
"product_reference": "mgrctl-0.1.38-150000.1.30.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-0.1.38-150000.1.30.1.ppc64le as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le"
},
"product_reference": "mgrctl-0.1.38-150000.1.30.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-0.1.38-150000.1.30.1.s390x as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x"
},
"product_reference": "mgrctl-0.1.38-150000.1.30.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-0.1.38-150000.1.30.1.x86_64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64"
},
"product_reference": "mgrctl-0.1.38-150000.1.30.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch"
},
"product_reference": "mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-lang-0.1.38-150000.1.30.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch"
},
"product_reference": "mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch"
},
"product_reference": "mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64"
},
"product_reference": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le"
},
"product_reference": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x"
},
"product_reference": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64"
},
"product_reference": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacecmd-5.0.15-150000.3.142.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch"
},
"product_reference": "spacecmd-5.0.15-150000.3.142.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dracut-saltboot-1.1.0-150000.1.65.1.noarch as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch"
},
"product_reference": "dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64 as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64 as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-0.1.38-150000.1.30.1.aarch64 as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64"
},
"product_reference": "mgrctl-0.1.38-150000.1.30.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-0.1.38-150000.1.30.1.s390x as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x"
},
"product_reference": "mgrctl-0.1.38-150000.1.30.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-0.1.38-150000.1.30.1.x86_64 as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64"
},
"product_reference": "mgrctl-0.1.38-150000.1.30.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch"
},
"product_reference": "mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-lang-0.1.38-150000.1.30.1.noarch as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch"
},
"product_reference": "mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch"
},
"product_reference": "mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64 as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64"
},
"product_reference": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x"
},
"product_reference": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64 as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64"
},
"product_reference": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64"
},
"product_reference": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le"
},
"product_reference": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x"
},
"product_reference": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64"
},
"product_reference": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dracut-saltboot-1.1.0-150000.1.65.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch"
},
"product_reference": "dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64"
},
"product_reference": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le"
},
"product_reference": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x"
},
"product_reference": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64"
},
"product_reference": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64"
},
"product_reference": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le"
},
"product_reference": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x"
},
"product_reference": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64"
},
"product_reference": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64"
},
"product_reference": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le"
},
"product_reference": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x"
},
"product_reference": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64"
},
"product_reference": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64"
},
"product_reference": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le"
},
"product_reference": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x"
},
"product_reference": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64"
},
"product_reference": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacecmd-5.0.15-150000.3.142.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
},
"product_reference": "spacecmd-5.0.15-150000.3.142.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-12816",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-12816"
}
],
"notes": [
{
"category": "general",
"text": "An interpretation-conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-12816",
"url": "https://www.suse.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "SUSE Bug 1255584 for CVE-2025-12816",
"url": "https://bugzilla.suse.com/1255584"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T10:11:52Z",
"details": "important"
}
],
"title": "CVE-2025-12816"
},
{
"cve": "CVE-2025-13465",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-13465"
}
],
"notes": [
{
"category": "general",
"text": "Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes.\n\nThe issue permits deletion of properties but does not allow overwriting their original behavior.\n\nThis issue is patched on 4.17.23",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-13465",
"url": "https://www.suse.com/security/cve/CVE-2025-13465"
},
{
"category": "external",
"summary": "SUSE Bug 1257321 for CVE-2025-13465",
"url": "https://bugzilla.suse.com/1257321"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T10:11:52Z",
"details": "important"
}
],
"title": "CVE-2025-13465"
},
{
"cve": "CVE-2025-3415",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3415"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. \nFixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01, 11.5.5+security-01, 11.6.2+security-01 and 12.0.1+security-01",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3415",
"url": "https://www.suse.com/security/cve/CVE-2025-3415"
},
{
"category": "external",
"summary": "SUSE Bug 1245302 for CVE-2025-3415",
"url": "https://bugzilla.suse.com/1245302"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T10:11:52Z",
"details": "moderate"
}
],
"title": "CVE-2025-3415"
},
{
"cve": "CVE-2025-61140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61140"
}
],
"notes": [
{
"category": "general",
"text": "The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61140",
"url": "https://www.suse.com/security/cve/CVE-2025-61140"
},
{
"category": "external",
"summary": "SUSE Bug 1257442 for CVE-2025-61140",
"url": "https://bugzilla.suse.com/1257442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T10:11:52Z",
"details": "important"
}
],
"title": "CVE-2025-61140"
},
{
"cve": "CVE-2025-68156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68156"
}
],
"notes": [
{
"category": "general",
"text": "Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including `flatten`, `min`, `max`, `mean`, and `median`, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation environment contains deeply nested or cyclic data structures, these functions may recurse indefinitely until exceed the Go runtime stack limit. This results in a stack overflow panic, causing the host application to crash. While exploitability depends on whether an attacker can influence or inject cyclic or pathologically deep data into the\nevaluation environment, this behavior represents a denial-of-service (DoS) risk and affects overall library robustness. Instead of returning a recoverable evaluation error, the process may terminate unexpectedly. In affected versions, evaluation of expressions that invoke certain builtin functions on untrusted or insufficiently validated data structures can lead to a process-level crash due to stack exhaustion. This issue is most relevant in scenarios where Expr is used to evaluate expressions against externally supplied or dynamically constructed environments; cyclic references (directly or indirectly) can be introduced into arrays, maps, or structs; and there are no application-level safeguards preventing deeply nested input data. In typical use cases with controlled, acyclic data, the issue may not manifest. However, when present, the resulting panic can be used to reliably crash the application, constituting a denial of service. The issue has been fixed in the v1.17.7 versions of Expr. The patch introduces a maximum recursion depth limit for affected builtin functions. When this limit is exceeded, evaluation aborts gracefully and returns a descriptive error instead of panicking. Additionally, the maximum depth can be customized by users via `builtin.MaxDepth`, allowing applications with legitimate deep structures to raise the limit in a controlled manner. Users are strongly encouraged to upgrade to the patched release, which includes both the recursion guard and comprehensive test coverage to prevent regressions. For users who cannot immediately upgrade, some mitigations are recommended. Ensure that evaluation environments cannot contain cyclic references, validate or sanitize externally supplied data structures before passing them to Expr, and/or wrap expression evaluation with panic recovery to prevent a full process crash (as a last-resort defensive measure). These workarounds reduce risk but do not fully eliminate the issue without the patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68156",
"url": "https://www.suse.com/security/cve/CVE-2025-68156"
},
{
"category": "external",
"summary": "SUSE Bug 1255330 for CVE-2025-68156",
"url": "https://bugzilla.suse.com/1255330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T10:11:52Z",
"details": "important"
}
],
"title": "CVE-2025-68156"
},
{
"cve": "CVE-2026-1615",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-1615"
}
],
"notes": [
{
"category": "general",
"text": "Versions of the package jsonpath before 1.2.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not designed to handle untrusted data safely. An attacker can exploit this vulnerability by supplying a malicious JSON Path expression that, when evaluated, executes arbitrary JavaScript code, leading to Remote Code Execution in Node.js environments or Cross-site Scripting (XSS) in browser contexts. This affects all methods that evaluate JSON Paths against objects, including .query, .nodes, .paths, .value, .parent, and .apply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-1615",
"url": "https://www.suse.com/security/cve/CVE-2026-1615"
},
{
"category": "external",
"summary": "SUSE Bug 1257897 for CVE-2026-1615",
"url": "https://bugzilla.suse.com/1257897"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T10:11:52Z",
"details": "critical"
}
],
"title": "CVE-2026-1615"
},
{
"cve": "CVE-2026-21720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21720"
}
],
"notes": [
{
"category": "general",
"text": "Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel. Sustained traffic with random hashes keeps tripping this timeout, so goroutine count grows linearly, eventually exhausting memory and causing Grafana to crash on some systems.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21720",
"url": "https://www.suse.com/security/cve/CVE-2026-21720"
},
{
"category": "external",
"summary": "SUSE Bug 1257349 for CVE-2026-21720",
"url": "https://bugzilla.suse.com/1257349"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T10:11:52Z",
"details": "important"
}
],
"title": "CVE-2026-21720"
},
{
"cve": "CVE-2026-21721",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21721"
}
],
"notes": [
{
"category": "general",
"text": "The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions:* action. As a result, a user who has permission management rights on one dashboard can read and modify permissions on other dashboards. This is an organization-internal privilege escalation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21721",
"url": "https://www.suse.com/security/cve/CVE-2026-21721"
},
{
"category": "external",
"summary": "SUSE Bug 1257337 for CVE-2026-21721",
"url": "https://bugzilla.suse.com/1257337"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T10:11:52Z",
"details": "important"
}
],
"title": "CVE-2026-21721"
},
{
"cve": "CVE-2026-21722",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21722"
}
],
"notes": [
{
"category": "general",
"text": "Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific dashboard, even those outside the locked timerange.\n\nThis did not leak any annotations that would not otherwise be visible on the public dashboard.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21722",
"url": "https://www.suse.com/security/cve/CVE-2026-21722"
},
{
"category": "external",
"summary": "SUSE Bug 1258136 for CVE-2026-21722",
"url": "https://bugzilla.suse.com/1258136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T10:11:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-21722"
},
{
"cve": "CVE-2026-25547",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25547"
}
],
"notes": [
{
"category": "general",
"text": "@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the expansion grows exponentially, even a small input can consume excessive CPU and memory and may crash the Node.js process. This issue has been patched in version 5.0.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25547",
"url": "https://www.suse.com/security/cve/CVE-2026-25547"
},
{
"category": "external",
"summary": "SUSE Bug 1257834 for CVE-2026-25547",
"url": "https://bugzilla.suse.com/1257834"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T10:11:52Z",
"details": "important"
}
],
"title": "CVE-2026-25547"
},
{
"cve": "CVE-2026-27606",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27606"
}
],
"notes": [
{
"category": "general",
"text": "Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler (specifically v4.x and present in current source) is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker to control output filenames (e.g., via CLI named inputs, manual chunk aliases, or malicious plugins) and use traversal sequences (`../`) to overwrite files anywhere on the host filesystem that the build process has permissions for. This can lead to persistent Remote Code Execution (RCE) by overwriting critical system or user configuration files. Versions 2.80.0, 3.30.0, and 4.59.0 contain a patch for the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27606",
"url": "https://www.suse.com/security/cve/CVE-2026-27606"
},
{
"category": "external",
"summary": "SUSE Bug 1258846 for CVE-2026-27606",
"url": "https://bugzilla.suse.com/1258846"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T10:11:52Z",
"details": "important"
}
],
"title": "CVE-2026-27606"
}
]
}
SUSE-SU-2026:1008-1
Vulnerability from csaf_suse - Published: 2026-03-25 10:07 - Updated: 2026-03-25 10:07Summary
Security update for Prometheus
Severity
Important
Notes
Title of the patch: Security update for Prometheus
Description of the patch: This update for Prometheus fixes the following issues:
golang-github-prometheus-alertmanager, golang-github-prometheus-node_exporter:
- Internal changes to fix build issues with no impact for customers
golang-github-prometheus-prometheus:
- Security issues fixed:
* CVE-2026-27606: Fixed arbitrary file write via path traversal in rollup (bsc#1258893)
* CVE-2026-25547: Fixed unbounded brace range expansion leading to excessive CPU and memory consumption (bsc#1257841)
* CVE-2026-1615, CVE-2025-61140 The old web UI is no longer built due to security issues (bsc#1257897, bsc#1257442)
* CVE-2025-13465: Bump lodash package to version 4.17.23 to fix prototype pollution vulnerability (bsc#1257329)
* CVE-2025-12816: Interpretation conflict vulnerability allowing bypassing cryptographic verifications (bsc#1255588)
- Version update from 2.53.4 to 3.5.0 with the following highlighted changes (jsc#PED-13824):
* Modernized Interface: Introduced a brand-new UI
* Enhanced Cloud and Auth: Added unified AWS service discovery (EC2, ECS, Lightsail) and Azure Workload Identity support
for more secure, native cloudauthentication.
* Performance Standards: Fully integrated OpenTelemetry (OTLP) ingestion and moved Native Histograms from experimental
to a stable feature.
* Advanced Data Export: Rolled out Remote Write 2.0, offering better performance and metadata handling when sending
data to external systems.
* Query Power: Added new PromQL functions (like first_over_time and last_over_time) and optimization for grouping
operations.
* Better Visibility: The UI now displays detailed relabeling steps, scrape intervals, and timeouts, making it easier
to troubleshoot why targets aren't reporting correctly.
* Critical Fixes: Resolved significant memory leaks related to query logging and fixed bugs where targets were
accidentally being scraped multiple times.
Patchnames: SUSE-2026-1008,SUSE-SLE-Manager-Tools-15-2026-1008,SUSE-SLE-Manager-Tools-For-Micro-5-2026-1008,SUSE-SLE-Module-Basesystem-15-SP7-2026-1008,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1008,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1008,SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1008,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1008,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1008,SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1008,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1008,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1008,SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1008,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1008,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1008,openSUSE-SLE-15.6-2026-1008
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.6 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.2 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for Prometheus ",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for Prometheus fixes the following issues:\n\ngolang-github-prometheus-alertmanager, golang-github-prometheus-node_exporter: \n\n- Internal changes to fix build issues with no impact for customers \n\ngolang-github-prometheus-prometheus:\n\n- Security issues fixed:\n\n * CVE-2026-27606: Fixed arbitrary file write via path traversal in rollup (bsc#1258893)\n * CVE-2026-25547: Fixed unbounded brace range expansion leading to excessive CPU and memory consumption (bsc#1257841)\n * CVE-2026-1615, CVE-2025-61140 The old web UI is no longer built due to security issues (bsc#1257897, bsc#1257442)\n * CVE-2025-13465: Bump lodash package to version 4.17.23 to fix prototype pollution vulnerability (bsc#1257329)\n * CVE-2025-12816: Interpretation conflict vulnerability allowing bypassing cryptographic verifications (bsc#1255588)\n\n- Version update from 2.53.4 to 3.5.0 with the following highlighted changes (jsc#PED-13824):\n\n * Modernized Interface: Introduced a brand-new UI\n * Enhanced Cloud and Auth: Added unified AWS service discovery (EC2, ECS, Lightsail) and Azure Workload Identity support\n for more secure, native cloudauthentication.\n * Performance Standards: Fully integrated OpenTelemetry (OTLP) ingestion and moved Native Histograms from experimental\n to a stable feature.\n * Advanced Data Export: Rolled out Remote Write 2.0, offering better performance and metadata handling when sending\n data to external systems.\n * Query Power: Added new PromQL functions (like first_over_time and last_over_time) and optimization for grouping\n operations.\n * Better Visibility: The UI now displays detailed relabeling steps, scrape intervals, and timeouts, making it easier\n to troubleshoot why targets aren\u0027t reporting correctly.\n * Critical Fixes: Resolved significant memory leaks related to query logging and fixed bugs where targets were\n accidentally being scraped multiple times.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1008,SUSE-SLE-Manager-Tools-15-2026-1008,SUSE-SLE-Manager-Tools-For-Micro-5-2026-1008,SUSE-SLE-Module-Basesystem-15-SP7-2026-1008,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1008,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1008,SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1008,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1008,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1008,SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1008,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1008,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1008,SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1008,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1008,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1008,openSUSE-SLE-15.6-2026-1008",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1008-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1008-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261008-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1008-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024921.html"
},
{
"category": "self",
"summary": "SUSE Bug 1255588",
"url": "https://bugzilla.suse.com/1255588"
},
{
"category": "self",
"summary": "SUSE Bug 1257329",
"url": "https://bugzilla.suse.com/1257329"
},
{
"category": "self",
"summary": "SUSE Bug 1257442",
"url": "https://bugzilla.suse.com/1257442"
},
{
"category": "self",
"summary": "SUSE Bug 1257841",
"url": "https://bugzilla.suse.com/1257841"
},
{
"category": "self",
"summary": "SUSE Bug 1257897",
"url": "https://bugzilla.suse.com/1257897"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-12816 page",
"url": "https://www.suse.com/security/cve/CVE-2025-12816/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-13465 page",
"url": "https://www.suse.com/security/cve/CVE-2025-13465/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61140 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-1615 page",
"url": "https://www.suse.com/security/cve/CVE-2026-1615/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25547 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25547/"
}
],
"title": "Security update for Prometheus ",
"tracking": {
"current_release_date": "2026-03-25T10:07:27Z",
"generator": {
"date": "2026-03-25T10:07:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1008-1",
"initial_release_date": "2026-03-25T10:07:27Z",
"revision_history": [
{
"date": "2026-03-25T10:07:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "firewalld-prometheus-config-0.1-150100.4.29.1.aarch64",
"product": {
"name": "firewalld-prometheus-config-0.1-150100.4.29.1.aarch64",
"product_id": "firewalld-prometheus-config-0.1-150100.4.29.1.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"product": {
"name": "golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"product_id": "golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"product": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"product_id": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.aarch64",
"product": {
"name": "golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.aarch64",
"product_id": "golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "firewalld-prometheus-config-0.1-150100.4.29.1.i586",
"product": {
"name": "firewalld-prometheus-config-0.1-150100.4.29.1.i586",
"product_id": "firewalld-prometheus-config-0.1-150100.4.29.1.i586"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.i586",
"product": {
"name": "golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.i586",
"product_id": "golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.i586"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.i586",
"product": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.i586",
"product_id": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.i586"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.i586",
"product": {
"name": "golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.i586",
"product_id": "golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "firewalld-prometheus-config-0.1-150100.4.29.1.ppc64le",
"product": {
"name": "firewalld-prometheus-config-0.1-150100.4.29.1.ppc64le",
"product_id": "firewalld-prometheus-config-0.1-150100.4.29.1.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"product": {
"name": "golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"product_id": "golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"product": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"product_id": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.ppc64le",
"product": {
"name": "golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.ppc64le",
"product_id": "golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firewalld-prometheus-config-0.1-150100.4.29.1.s390x",
"product": {
"name": "firewalld-prometheus-config-0.1-150100.4.29.1.s390x",
"product_id": "firewalld-prometheus-config-0.1-150100.4.29.1.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"product": {
"name": "golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"product_id": "golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"product": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"product_id": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.s390x",
"product": {
"name": "golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.s390x",
"product_id": "golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "firewalld-prometheus-config-0.1-150100.4.29.1.x86_64",
"product": {
"name": "firewalld-prometheus-config-0.1-150100.4.29.1.x86_64",
"product_id": "firewalld-prometheus-config-0.1-150100.4.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"product": {
"name": "golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"product_id": "golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"product": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"product_id": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.x86_64",
"product": {
"name": "golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.x86_64",
"product_id": "golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager Client Tools 15",
"product": {
"name": "SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15"
}
},
{
"category": "product_name",
"name": "SUSE Manager Client Tools for SLE Micro 5",
"product": {
"name": "SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-manager-tools-micro:5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64"
},
"product_reference": "golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le"
},
"product_reference": "golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x"
},
"product_reference": "golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64"
},
"product_reference": "golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64 as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64 as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64"
},
"product_reference": "golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le"
},
"product_reference": "golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x"
},
"product_reference": "golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64"
},
"product_reference": "golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.aarch64"
},
"product_reference": "golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.ppc64le"
},
"product_reference": "golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.s390x"
},
"product_reference": "golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.x86_64"
},
"product_reference": "golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firewalld-prometheus-config-0.1-150100.4.29.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.aarch64"
},
"product_reference": "firewalld-prometheus-config-0.1-150100.4.29.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firewalld-prometheus-config-0.1-150100.4.29.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.ppc64le"
},
"product_reference": "firewalld-prometheus-config-0.1-150100.4.29.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firewalld-prometheus-config-0.1-150100.4.29.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.s390x"
},
"product_reference": "firewalld-prometheus-config-0.1-150100.4.29.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firewalld-prometheus-config-0.1-150100.4.29.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.x86_64"
},
"product_reference": "firewalld-prometheus-config-0.1-150100.4.29.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64"
},
"product_reference": "golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le"
},
"product_reference": "golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x"
},
"product_reference": "golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64"
},
"product_reference": "golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.aarch64"
},
"product_reference": "golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.ppc64le"
},
"product_reference": "golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.s390x"
},
"product_reference": "golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.x86_64"
},
"product_reference": "golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-12816",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-12816"
}
],
"notes": [
{
"category": "general",
"text": "An interpretation-conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.aarch64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.ppc64le",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.s390x",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-12816",
"url": "https://www.suse.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "SUSE Bug 1255584 for CVE-2025-12816",
"url": "https://bugzilla.suse.com/1255584"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.aarch64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.ppc64le",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.s390x",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.aarch64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.ppc64le",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.s390x",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T10:07:27Z",
"details": "important"
}
],
"title": "CVE-2025-12816"
},
{
"cve": "CVE-2025-13465",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-13465"
}
],
"notes": [
{
"category": "general",
"text": "Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes.\n\nThe issue permits deletion of properties but does not allow overwriting their original behavior.\n\nThis issue is patched on 4.17.23",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.aarch64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.ppc64le",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.s390x",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-13465",
"url": "https://www.suse.com/security/cve/CVE-2025-13465"
},
{
"category": "external",
"summary": "SUSE Bug 1257321 for CVE-2025-13465",
"url": "https://bugzilla.suse.com/1257321"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.aarch64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.ppc64le",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.s390x",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.aarch64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.ppc64le",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.s390x",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T10:07:27Z",
"details": "important"
}
],
"title": "CVE-2025-13465"
},
{
"cve": "CVE-2025-61140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61140"
}
],
"notes": [
{
"category": "general",
"text": "The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.aarch64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.ppc64le",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.s390x",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61140",
"url": "https://www.suse.com/security/cve/CVE-2025-61140"
},
{
"category": "external",
"summary": "SUSE Bug 1257442 for CVE-2025-61140",
"url": "https://bugzilla.suse.com/1257442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.aarch64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.ppc64le",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.s390x",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.aarch64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.ppc64le",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.s390x",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T10:07:27Z",
"details": "important"
}
],
"title": "CVE-2025-61140"
},
{
"cve": "CVE-2026-1615",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-1615"
}
],
"notes": [
{
"category": "general",
"text": "Versions of the package jsonpath before 1.2.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not designed to handle untrusted data safely. An attacker can exploit this vulnerability by supplying a malicious JSON Path expression that, when evaluated, executes arbitrary JavaScript code, leading to Remote Code Execution in Node.js environments or Cross-site Scripting (XSS) in browser contexts. This affects all methods that evaluate JSON Paths against objects, including .query, .nodes, .paths, .value, .parent, and .apply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.aarch64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.ppc64le",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.s390x",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-1615",
"url": "https://www.suse.com/security/cve/CVE-2026-1615"
},
{
"category": "external",
"summary": "SUSE Bug 1257897 for CVE-2026-1615",
"url": "https://bugzilla.suse.com/1257897"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.aarch64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.ppc64le",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.s390x",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.aarch64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.ppc64le",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.s390x",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T10:07:27Z",
"details": "critical"
}
],
"title": "CVE-2026-1615"
},
{
"cve": "CVE-2026-25547",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25547"
}
],
"notes": [
{
"category": "general",
"text": "@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the expansion grows exponentially, even a small input can consume excessive CPU and memory and may crash the Node.js process. This issue has been patched in version 5.0.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.aarch64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.ppc64le",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.s390x",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25547",
"url": "https://www.suse.com/security/cve/CVE-2026-25547"
},
{
"category": "external",
"summary": "SUSE Bug 1257834 for CVE-2026-25547",
"url": "https://bugzilla.suse.com/1257834"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.aarch64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.ppc64le",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.s390x",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.aarch64",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.ppc64le",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.s390x",
"openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.29.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-alertmanager-0.28.1-150100.4.31.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-node_exporter-1.9.1-150100.3.38.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-prometheus-3.5.0-150100.4.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T10:07:27Z",
"details": "important"
}
],
"title": "CVE-2026-25547"
}
]
}
CERTFR-2026-AVI-0224
Vulnerability from certfr_avis - Published: 2026-02-27 - Updated: 2026-02-27
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
IBM indique les versions correctives 9.0.5.27 et 26.0.0.3 pour WebSphere Application Server seront disponibles au cours du premier trimestre 2026. La version 8.5.5.30 sera disponible au troisième trimestre 2026.
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | WebSphere | WebSphere Application Server versions 8.x antérieures à 8.5.5.30 | ||
| IBM | WebSphere | WebSphere Application Server - Liberty versions antérieures à 26.0.0.3 | ||
| IBM | QRadar Assistant | QRadar AI Assistant versions antérieures à 1.3.1 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.1.x antérieures à 6.1.0.3 GA | ||
| IBM | QRadar | QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP14 IF05 | ||
| IBM | Sterling | Sterling Transformation Extender sans l'application des mesures de contournement décrites par l'éditeur | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.2.1.x antérieures à 6.2.1.1 GA | ||
| IBM | Db2 | Db2 mirror pour i sans les derniers correctifs de sécurité | ||
| IBM | WebSphere | WebSphere Application Server versions 9.x antérieures à 9.0.5.27 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.2.x antérieures à 6.2.0.3 GA | ||
| IBM | Cognos Command Center | Cognos Command Center versions antérieures à 10.2.5 FP1 IF3 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "WebSphere Application Server versions 8.x ant\u00e9rieures \u00e0 8.5.5.30",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server - Liberty versions ant\u00e9rieures \u00e0 26.0.0.3",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar AI Assistant versions ant\u00e9rieures \u00e0 1.3.1",
"product": {
"name": "QRadar Assistant",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.3 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP14 IF05",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Transformation Extender sans l\u0027application des mesures de contournement d\u00e9crites par l\u0027\u00e9diteur",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.2.1.x ant\u00e9rieures \u00e0 6.2.1.1 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 mirror pour i sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 9.x ant\u00e9rieures \u00e0 9.0.5.27",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.3 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Command Center versions ant\u00e9rieures \u00e0 10.2.5 FP1 IF3",
"product": {
"name": "Cognos Command Center",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "IBM indique les versions correctives 9.0.5.27 et 26.0.0.3 pour WebSphere Application Server seront disponibles au cours du premier trimestre 2026. La version 8.5.5.30 sera disponible au troisi\u00e8me trimestre 2026.",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
},
{
"name": "CVE-2026-21932",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
},
{
"name": "CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"name": "CVE-2025-68973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68973"
},
{
"name": "CVE-2025-65106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65106"
},
{
"name": "CVE-2026-22610",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22610"
},
{
"name": "CVE-2025-66412",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66412"
},
{
"name": "CVE-2025-40240",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40240"
},
{
"name": "CVE-2025-69223",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69223"
},
{
"name": "CVE-2025-66035",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66035"
},
{
"name": "CVE-2025-68664",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68664"
},
{
"name": "CVE-2026-22701",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22701"
},
{
"name": "CVE-2026-23745",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
},
{
"name": "CVE-2026-22690",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22690"
},
{
"name": "CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"name": "CVE-2025-69230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69230"
},
{
"name": "CVE-2025-66019",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66019"
},
{
"name": "CVE-2026-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
},
{
"name": "CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"name": "CVE-2025-69225",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69225"
},
{
"name": "CVE-2026-21860",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21860"
},
{
"name": "CVE-2025-40277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40277"
},
{
"name": "CVE-2023-53673",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53673"
},
{
"name": "CVE-2026-1615",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1615"
},
{
"name": "CVE-2025-69227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69227"
},
{
"name": "CVE-2026-1188",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1188"
},
{
"name": "CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"name": "CVE-2025-68146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68146"
},
{
"name": "CVE-2025-66030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66030"
},
{
"name": "CVE-2025-61140",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61140"
},
{
"name": "CVE-2025-66221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66221"
},
{
"name": "CVE-2025-69228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69228"
},
{
"name": "CVE-2025-39993",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39993"
},
{
"name": "CVE-2024-29371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29371"
},
{
"name": "CVE-2025-40154",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40154"
},
{
"name": "CVE-2025-13601",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13601"
},
{
"name": "CVE-2025-69226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69226"
},
{
"name": "CVE-2026-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
},
{
"name": "CVE-2025-40248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40248"
},
{
"name": "CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"name": "CVE-2025-69224",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69224"
},
{
"name": "CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"name": "CVE-2025-69229",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69229"
},
{
"name": "CVE-2025-68480",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68480"
},
{
"name": "CVE-2025-14847",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14847"
},
{
"name": "CVE-2025-68285",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68285"
},
{
"name": "CVE-2025-68615",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68615"
},
{
"name": "CVE-2026-22691",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22691"
},
{
"name": "CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
}
],
"initial_release_date": "2026-02-27T00:00:00",
"last_revision_date": "2026-02-27T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0224",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-27T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2026-02-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7261959",
"url": "https://www.ibm.com/support/pages/node/7261959"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7261794",
"url": "https://www.ibm.com/support/pages/node/7261794"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7261890",
"url": "https://www.ibm.com/support/pages/node/7261890"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7261887",
"url": "https://www.ibm.com/support/pages/node/7261887"
},
{
"published_at": "2026-02-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7261935",
"url": "https://www.ibm.com/support/pages/node/7261935"
},
{
"published_at": "2026-02-20",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7261436",
"url": "https://www.ibm.com/support/pages/node/7261436"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7261774",
"url": "https://www.ibm.com/support/pages/node/7261774"
}
]
}
FKIE_CVE-2026-1615
Vulnerability from fkie_nvd - Published: 2026-02-09 05:16 - Updated: 2026-02-23 11:16
Severity ?
Summary
Versions of the package jsonpath before 1.2.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not designed to handle untrusted data safely. An attacker can exploit this vulnerability by supplying a malicious JSON Path expression that, when evaluated, executes arbitrary JavaScript code, leading to Remote Code Execution in Node.js environments or Cross-site Scripting (XSS) in browser contexts. This affects all methods that evaluate JSON Paths against objects, including .query, .nodes, .paths, .value, .parent, and .apply.
References
| URL | Tags | ||
|---|---|---|---|
| report@snyk.io | https://github.com/dchester/jsonpath/blob/c1dd8ec74034fb0375233abb5fdbec51ac317b4b/lib/handlers.js%23L243 | ||
| report@snyk.io | https://github.com/dchester/jsonpath/commit/9631412641b7095f86840a7a45b5b3afc68b0fcb | ||
| report@snyk.io | https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-15141219 | ||
| report@snyk.io | https://security.snyk.io/vuln/SNYK-JS-JSONPATH-13645034 |
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Versions of the package jsonpath before 1.2.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not designed to handle untrusted data safely. An attacker can exploit this vulnerability by supplying a malicious JSON Path expression that, when evaluated, executes arbitrary JavaScript code, leading to Remote Code Execution in Node.js environments or Cross-site Scripting (XSS) in browser contexts. This affects all methods that evaluate JSON Paths against objects, including .query, .nodes, .paths, .value, .parent, and .apply."
},
{
"lang": "es",
"value": "Todas las versiones del paquete jsonpath son vulnerables a Inyecci\u00f3n de C\u00f3digo Arbitrario a trav\u00e9s de la evaluaci\u00f3n insegura de expresiones JSON Path proporcionadas por el usuario. La biblioteca se basa en el m\u00f3dulo static-eval para procesar la entrada JSON Path, el cual no est\u00e1 dise\u00f1ado para manejar datos no confiables de forma segura. Un atacante puede explotar esta vulnerabilidad al proporcionar una expresi\u00f3n JSON Path maliciosa que, al ser evaluada, ejecuta c\u00f3digo JavaScript arbitrario, lo que lleva a Ejecuci\u00f3n Remota de C\u00f3digo en entornos Node.js o Cross-site scripting (XSS) en contextos de navegador. Esto afecta a todos los m\u00e9todos que eval\u00faan JSON Paths contra objetos, incluyendo .query, .nodes, .paths, .value, .parent y .apply."
}
],
"id": "CVE-2026-1615",
"lastModified": "2026-02-23T11:16:21.710",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "report@snyk.io",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "report@snyk.io",
"type": "Secondary"
}
]
},
"published": "2026-02-09T05:16:24.353",
"references": [
{
"source": "report@snyk.io",
"url": "https://github.com/dchester/jsonpath/blob/c1dd8ec74034fb0375233abb5fdbec51ac317b4b/lib/handlers.js%23L243"
},
{
"source": "report@snyk.io",
"url": "https://github.com/dchester/jsonpath/commit/9631412641b7095f86840a7a45b5b3afc68b0fcb"
},
{
"source": "report@snyk.io",
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-15141219"
},
{
"source": "report@snyk.io",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSONPATH-13645034"
}
],
"sourceIdentifier": "report@snyk.io",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "report@snyk.io",
"type": "Secondary"
}
]
}
GHSA-87R5-MP6G-5W5J
Vulnerability from github – Published: 2026-02-09 06:30 – Updated: 2026-03-19 16:17
VLAI?
Summary
jsonpath has Arbitrary Code Injection via Unsafe Evaluation of JSON Path Expressions
Details
Impact
Arbitrary Code Injection (Remote Code Execution & XSS):
A critical security vulnerability affects all versions of the jsonpath package. The library relies on the static-eval module to evaluate JSON Path expressions but fails to properly sanitize or sandbox the input.
This allows an attacker to inject arbitrary JavaScript code into the JSON Path expression. When the library evaluates this expression, the malicious code is executed.
- Node.js Environments: This leads to Remote Code Execution (RCE), allowing an attacker to compromise the server.
- Browser Environments: This leads to Cross-Site Scripting (XSS), allowing an attacker to hijack user sessions or exfiltrate data.
Affected Methods:
The vulnerability triggers when untrusted data is passed to any method that evaluates a path, including:
jsonpath.queryjsonpath.nodesjsonpath.pathsjsonpath.valuejsonpath.parentjsonpath.apply
Patches
No Patch Available:
Currently, all versions of jsonpath are vulnerable. There is no known patched version of this package that resolves the issue while retaining the current architecture.
Recommendation:
Developers are strongly advised to migrate to a secure alternative (such as jsonpath-plus or similar libraries that do not use eval/static-eval) or strictly validate all JSON Path inputs against a known allowlist.
Workarounds
- Strict Input Validation: Ensure that no user-supplied data is ever passed directly to
jsonpathfunctions. - Sanitization: If user input is unavoidable, implement a strict parser to reject any JSON Path expressions containing executable JavaScript syntax (e.g., parentheses
(), script expressionsscript:, or function calls).
Resources
Severity ?
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.2.1"
},
"package": {
"ecosystem": "npm",
"name": "jsonpath"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-1615"
],
"database_specific": {
"cwe_ids": [
"CWE-94"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-12T15:29:55Z",
"nvd_published_at": "2026-02-09T05:16:24Z",
"severity": "HIGH"
},
"details": "### Impact\n\n**Arbitrary Code Injection (Remote Code Execution \u0026 XSS):**\n\nA critical security vulnerability affects **all versions** of the `jsonpath` package. The library relies on the `static-eval` module to evaluate JSON Path expressions but fails to properly sanitize or sandbox the input.\n\nThis allows an attacker to inject arbitrary JavaScript code into the JSON Path expression. When the library evaluates this expression, the malicious code is executed.\n\n* **Node.js Environments:** This leads to **Remote Code Execution (RCE)**, allowing an attacker to compromise the server.\n* **Browser Environments:** This leads to **Cross-Site Scripting (XSS)**, allowing an attacker to hijack user sessions or exfiltrate data.\n\n**Affected Methods:**\n\nThe vulnerability triggers when untrusted data is passed to any method that evaluates a path, including:\n\n* `jsonpath.query`\n* `jsonpath.nodes`\n* `jsonpath.paths`\n* `jsonpath.value`\n* `jsonpath.parent`\n* `jsonpath.apply`\n\n### Patches\n\n**No Patch Available:**\n\nCurrently, **all versions** of `jsonpath` are vulnerable. There is no known patched version of this package that resolves the issue while retaining the current architecture.\n\n**Recommendation:**\n\nDevelopers are strongly advised to **migrate to a secure alternative** (such as `jsonpath-plus` or similar libraries that do not use `eval`/`static-eval`) or strictly validate all JSON Path inputs against a known allowlist.\n\n### Workarounds\n\n* **Strict Input Validation:** Ensure that no user-supplied data is ever passed directly to `jsonpath` functions.\n* **Sanitization:** If user input is unavoidable, implement a strict parser to reject any JSON Path expressions containing executable JavaScript syntax (e.g., parentheses `()`, script expressions `script:`, or function calls).\n\n### Resources\n\n* [CVE-2026-1615](https://nvd.nist.gov/vuln/detail/CVE-2026-1615)\n* [Vulnerable Code in handlers.js](https://github.com/dchester/jsonpath/blob/c1dd8ec74034fb0375233abb5fdbec51ac317b4b/lib/handlers.js#L243)\n* [Snyk Advisory (Java/WebJars)](https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-15141219)\n* [Snyk Advisory (JS)](https://security.snyk.io/vuln/SNYK-JS-JSONPATH-13645034)",
"id": "GHSA-87r5-mp6g-5w5j",
"modified": "2026-03-19T16:17:26Z",
"published": "2026-02-09T06:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1615"
},
{
"type": "WEB",
"url": "https://github.com/dchester/jsonpath/pull/197"
},
{
"type": "WEB",
"url": "https://github.com/dchester/jsonpath/commit/491e2e01de2ff13f7d95e87eb2be726edbf4225f"
},
{
"type": "WEB",
"url": "https://github.com/dchester/jsonpath/commit/b61111f07ac1a8d0f3133b5fc51438ecb76a6c39"
},
{
"type": "PACKAGE",
"url": "https://github.com/dchester/jsonpath"
},
{
"type": "WEB",
"url": "https://github.com/dchester/jsonpath/blob/c1dd8ec74034fb0375233abb5fdbec51ac317b4b/lib/handlers.js#L243"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-15141219"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSONPATH-13645034"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "jsonpath has Arbitrary Code Injection via Unsafe Evaluation of JSON Path Expressions"
}
OPENSUSE-SU-2026:20239-1
Vulnerability from csaf_opensuse - Published: 2026-02-17 09:54 - Updated: 2026-02-17 09:54Summary
Security update for golang-github-prometheus-prometheus
Severity
Critical
Notes
Title of the patch: Security update for golang-github-prometheus-prometheus
Description of the patch: This update for golang-github-prometheus-prometheus fixes the following issues:
- CVE-2026-25547: Fixed an unbounded brace range expansion leading to excessive CPU and memory consumption. (bsc#1257841)
- CVE-2026-1615: Fixed arbitrary code injection due to unsafe evaluation of user-supplied JSON Path expressions in jsonpath. (bsc#1257897)
- CVE-2025-61140: Fixed a function vulnerable to prototype pollution in jsonpath. (bsc#1257442)
Patchnames: openSUSE-Leap-16.0-290
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for golang-github-prometheus-prometheus",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for golang-github-prometheus-prometheus fixes the following issues:\n\n- CVE-2026-25547: Fixed an unbounded brace range expansion leading to excessive CPU and memory consumption. (bsc#1257841)\n- CVE-2026-1615: Fixed arbitrary code injection due to unsafe evaluation of user-supplied JSON Path expressions in jsonpath. (bsc#1257897)\n- CVE-2025-61140: Fixed a function vulnerable to prototype pollution in jsonpath. (bsc#1257442)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-290",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20239-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1257442",
"url": "https://bugzilla.suse.com/1257442"
},
{
"category": "self",
"summary": "SUSE Bug 1257841",
"url": "https://bugzilla.suse.com/1257841"
},
{
"category": "self",
"summary": "SUSE Bug 1257897",
"url": "https://bugzilla.suse.com/1257897"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61140 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-1615 page",
"url": "https://www.suse.com/security/cve/CVE-2026-1615/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25547 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25547/"
}
],
"title": "Security update for golang-github-prometheus-prometheus",
"tracking": {
"current_release_date": "2026-02-17T09:54:15Z",
"generator": {
"date": "2026-02-17T09:54:15Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20239-1",
"initial_release_date": "2026-02-17T09:54:15Z",
"revision_history": [
{
"date": "2026-02-17T09:54:15Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64",
"product": {
"name": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64",
"product_id": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le",
"product": {
"name": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le",
"product_id": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x",
"product": {
"name": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x",
"product_id": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64",
"product": {
"name": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64",
"product_id": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64"
},
"product_reference": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le"
},
"product_reference": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x"
},
"product_reference": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64"
},
"product_reference": "golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61140"
}
],
"notes": [
{
"category": "general",
"text": "The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64",
"openSUSE Leap 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le",
"openSUSE Leap 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x",
"openSUSE Leap 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61140",
"url": "https://www.suse.com/security/cve/CVE-2025-61140"
},
{
"category": "external",
"summary": "SUSE Bug 1257442 for CVE-2025-61140",
"url": "https://bugzilla.suse.com/1257442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64",
"openSUSE Leap 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le",
"openSUSE Leap 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x",
"openSUSE Leap 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64",
"openSUSE Leap 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le",
"openSUSE Leap 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x",
"openSUSE Leap 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-17T09:54:15Z",
"details": "important"
}
],
"title": "CVE-2025-61140"
},
{
"cve": "CVE-2026-1615",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-1615"
}
],
"notes": [
{
"category": "general",
"text": "Versions of the package jsonpath before 1.2.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not designed to handle untrusted data safely. An attacker can exploit this vulnerability by supplying a malicious JSON Path expression that, when evaluated, executes arbitrary JavaScript code, leading to Remote Code Execution in Node.js environments or Cross-site Scripting (XSS) in browser contexts. This affects all methods that evaluate JSON Paths against objects, including .query, .nodes, .paths, .value, .parent, and .apply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64",
"openSUSE Leap 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le",
"openSUSE Leap 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x",
"openSUSE Leap 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-1615",
"url": "https://www.suse.com/security/cve/CVE-2026-1615"
},
{
"category": "external",
"summary": "SUSE Bug 1257897 for CVE-2026-1615",
"url": "https://bugzilla.suse.com/1257897"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64",
"openSUSE Leap 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le",
"openSUSE Leap 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x",
"openSUSE Leap 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64",
"openSUSE Leap 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le",
"openSUSE Leap 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x",
"openSUSE Leap 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-17T09:54:15Z",
"details": "critical"
}
],
"title": "CVE-2026-1615"
},
{
"cve": "CVE-2026-25547",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25547"
}
],
"notes": [
{
"category": "general",
"text": "@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the expansion grows exponentially, even a small input can consume excessive CPU and memory and may crash the Node.js process. This issue has been patched in version 5.0.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64",
"openSUSE Leap 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le",
"openSUSE Leap 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x",
"openSUSE Leap 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25547",
"url": "https://www.suse.com/security/cve/CVE-2026-25547"
},
{
"category": "external",
"summary": "SUSE Bug 1257834 for CVE-2026-25547",
"url": "https://bugzilla.suse.com/1257834"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64",
"openSUSE Leap 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le",
"openSUSE Leap 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x",
"openSUSE Leap 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.aarch64",
"openSUSE Leap 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.ppc64le",
"openSUSE Leap 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.s390x",
"openSUSE Leap 16.0:golang-github-prometheus-prometheus-3.5.0-160000.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-17T09:54:15Z",
"details": "important"
}
],
"title": "CVE-2026-25547"
}
]
}
RHSA-2026:6174
Vulnerability from csaf_redhat - Published: 2026-03-30 12:51 - Updated: 2026-03-30 17:27Summary
Red Hat Security Advisory: Red Hat Developer Hub 1.8.5 release.
Severity
Important
Notes
Topic: Red Hat Developer Hub 1.8.5 has been released.
Details: Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in jsonpath. The `value` function is vulnerable to Prototype Pollution, a type of vulnerability that allows an attacker to inject or modify properties of an object's prototype. This can lead to various impacts, including arbitrary code execution, privilege escalation, or denial of service (DoS).
8.8 (High)
Vendor Fix
For more about Red Hat Developer Hub, see References links
https://access.redhat.com/errata/RHSA-2026:6174
A flaw was found in the jsonpath component. This vulnerability allows a remote attacker to achieve arbitrary code execution by supplying a malicious JSON Path expression. The component's reliance on the `static-eval` module for processing user-supplied input leads to unsafe evaluation. Successful exploitation can result in Remote Code Execution (RCE) in Node.js environments or Cross-site Scripting (XSS) in browser contexts.
9.8 (Critical)
Vendor Fix
For more about Red Hat Developer Hub, see References links
https://access.redhat.com/errata/RHSA-2026:6174
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in Multer, a Node.js middleware for handling `multipart/form-data`. A remote attacker can exploit this vulnerability by intentionally dropping a connection during a file upload. This can lead to a Denial of Service (DoS) due to resource exhaustion on the affected system.
7.5 (High)
Vendor Fix
For more about Red Hat Developer Hub, see References links
https://access.redhat.com/errata/RHSA-2026:6174
A flaw was found in Multer, a Node.js middleware. A remote attacker could exploit this vulnerability by sending specially crafted malformed requests. This could lead to resource exhaustion, resulting in a Denial of Service (DoS) for the application using Multer.
7.5 (High)
Vendor Fix
For more about Red Hat Developer Hub, see References links
https://access.redhat.com/errata/RHSA-2026:6174
A denial of service flaw was found in Multer, a Node.js middleware for handling `multipart/form-data`. A remote attacker can send specially crafted malformed requests which may induce a stack overflow. This can lead to a Denial of Service (DoS) making the service unavailable.
7.5 (High)
Vendor Fix
For more about Red Hat Developer Hub, see References links
https://access.redhat.com/errata/RHSA-2026:6174
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in Backstage. A symlink-based path traversal issue can be exploited in multiple Scaffolder actions and archive extraction utilities during template execution via malicious symlinks. An attacker with access to create and execute Scaffolder templates can read sensitive files, delete arbitrary files or write files outside the intended workspace, resulting in unauthorized information disclosure or system compromise.
9.1 (Critical)
Vendor Fix
For more about Red Hat Developer Hub, see References links
https://access.redhat.com/errata/RHSA-2026:6174
Workaround
To mitigate this issue, consider implementing strict access controls for Backstage Scaffolder templates. Restrict the ability to create and execute Scaffolder templates to trusted users only, utilizing the Backstage permissions framework. Additionally, audit existing templates for any symlink usage and consider running Backstage within a containerized environment with a highly restricted filesystem to limit potential impact.
A code injection flaw has been discovered in the npm @backstage/plugin-techdocs-node library. When TechDocs is configured with `runIn: local`, a malicious actor who can submit or modify a repository's `mkdocs.yml` file can execute arbitrary Python code on the TechDocs build server via MkDocs hooks configuration.
7.7 (High)
Vendor Fix
For more about Red Hat Developer Hub, see References links
https://access.redhat.com/errata/RHSA-2026:6174
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.
7.5 (High)
Vendor Fix
For more about Red Hat Developer Hub, see References links
https://access.redhat.com/errata/RHSA-2026:6174
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in fast-xml-parser. A remote attacker can exploit this vulnerability by providing a specially crafted XML input. The system incorrectly interprets a dot in a DOCTYPE entity name as a regular expression wildcard during processing. This allows the attacker to bypass security measures and inject malicious scripts, resulting in Cross-Site Scripting (XSS) when the parsed output is displayed to users.
7.1 (High)
Vendor Fix
For more about Red Hat Developer Hub, see References links
https://access.redhat.com/errata/RHSA-2026:6174
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A denial of service flaw was found in fast-xml-parser. A remote attacker can exploit this vulnerability by providing a specially crafted, small XML input. This input can force the XML parser to perform an unlimited amount of entity expansion, consuming excessive resources. This can lead to the application freezing for an extended period, resulting in a Denial of Service (DoS).
7.5 (High)
Vendor Fix
For more about Red Hat Developer Hub, see References links
https://access.redhat.com/errata/RHSA-2026:6174
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in Rollup, a JavaScript module bundler. Insecure file name sanitization in the core engine allows an attacker to control output filenames, potentially through command-line interface (CLI) inputs, manual chunk aliases, or malicious plugins. By using directory traversal sequences (`../`), an attacker can overwrite files anywhere on the host filesystem where the build process has write permissions. This vulnerability can lead to persistent remote code execution (RCE) by overwriting critical system or user configuration files.
9.1 (Critical)
Vendor Fix
For more about Red Hat Developer Hub, see References links
https://access.redhat.com/errata/RHSA-2026:6174
A flaw was found in fast-xml-parser. A user can exploit this flaw by processing specially crafted XML data with the XML builder when the `preserveOrder` option is enabled. This can lead to a stack overflow, causing the application to crash and resulting in a Denial of Service (DoS).
7.5 (High)
Vendor Fix
For more about Red Hat Developer Hub, see References links
https://access.redhat.com/errata/RHSA-2026:6174
Workaround
To mitigate this vulnerability, configure applications using the `fast-xml-parser` XML builder to set the `preserveOrder` option to `false`. Alternatively, ensure that all XML input data is thoroughly validated before being passed to the builder to prevent the processing of malicious or malformed content.
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Developer Hub 1.8.5 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Developer Hub (RHDH) is Red Hat\u0027s enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:6174",
"url": "https://access.redhat.com/errata/RHSA-2026:6174"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61140",
"url": "https://access.redhat.com/security/cve/CVE-2025-61140"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-1615",
"url": "https://access.redhat.com/security/cve/CVE-2026-1615"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-2359",
"url": "https://access.redhat.com/security/cve/CVE-2026-2359"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24046",
"url": "https://access.redhat.com/security/cve/CVE-2026-24046"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25153",
"url": "https://access.redhat.com/security/cve/CVE-2026-25153"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25896",
"url": "https://access.redhat.com/security/cve/CVE-2026-25896"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26278",
"url": "https://access.redhat.com/security/cve/CVE-2026-26278"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27606",
"url": "https://access.redhat.com/security/cve/CVE-2026-27606"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27942",
"url": "https://access.redhat.com/security/cve/CVE-2026-27942"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-3304",
"url": "https://access.redhat.com/security/cve/CVE-2026-3304"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-3520",
"url": "https://access.redhat.com/security/cve/CVE-2026-3520"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh",
"url": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh"
},
{
"category": "external",
"summary": "https://developers.redhat.com/rhdh/overview",
"url": "https://developers.redhat.com/rhdh/overview"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_developer_hub",
"url": "https://docs.redhat.com/en/documentation/red_hat_developer_hub"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-11518",
"url": "https://issues.redhat.com/browse/RHIDP-11518"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-11639",
"url": "https://issues.redhat.com/browse/RHIDP-11639"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-11731",
"url": "https://issues.redhat.com/browse/RHIDP-11731"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-12108",
"url": "https://issues.redhat.com/browse/RHIDP-12108"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-12139",
"url": "https://issues.redhat.com/browse/RHIDP-12139"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-12323",
"url": "https://issues.redhat.com/browse/RHIDP-12323"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-12335",
"url": "https://issues.redhat.com/browse/RHIDP-12335"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-12392",
"url": "https://issues.redhat.com/browse/RHIDP-12392"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-12417",
"url": "https://issues.redhat.com/browse/RHIDP-12417"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-12444",
"url": "https://issues.redhat.com/browse/RHIDP-12444"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-12447",
"url": "https://issues.redhat.com/browse/RHIDP-12447"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-12480",
"url": "https://issues.redhat.com/browse/RHIDP-12480"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_6174.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Developer Hub 1.8.5 release.",
"tracking": {
"current_release_date": "2026-03-30T17:27:06+00:00",
"generator": {
"date": "2026-03-30T17:27:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.4"
}
},
"id": "RHSA-2026:6174",
"initial_release_date": "2026-03-30T12:51:47+00:00",
"revision_history": [
{
"date": "2026-03-30T12:51:47+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-30T12:51:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-30T17:27:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Developer Hub 1.8",
"product": {
"name": "Red Hat Developer Hub 1.8",
"product_id": "Red Hat Developer Hub 1.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhdh:1.8::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Developer Hub"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-hub-rhel9@sha256%3A2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1774545605"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-rhel9-operator@sha256%3A72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1774544220"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-operator-bundle@sha256%3A400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1774549552"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64 as a component of Red Hat Developer Hub 1.8",
"product_id": "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64 as a component of Red Hat Developer Hub 1.8",
"product_id": "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64 as a component of Red Hat Developer Hub 1.8",
"product_id": "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61140",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2026-01-28T17:00:46.678419+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2433946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsonpath. The `value` function is vulnerable to Prototype Pollution, a type of vulnerability that allows an attacker to inject or modify properties of an object\u0027s prototype. This can lead to various impacts, including arbitrary code execution, privilege escalation, or denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsonpath: jsonpath: Prototype Pollution vulnerability in the value function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61140"
},
{
"category": "external",
"summary": "RHBZ#2433946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61140",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61140"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61140",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61140"
},
{
"category": "external",
"summary": "https://gist.github.com/Dremig/8105c189774217222a8ebea3ed4d341d",
"url": "https://gist.github.com/Dremig/8105c189774217222a8ebea3ed4d341d"
},
{
"category": "external",
"summary": "https://github.com/dchester/jsonpath",
"url": "https://github.com/dchester/jsonpath"
}
],
"release_date": "2026-01-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T12:51:47+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6174"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsonpath: jsonpath: Prototype Pollution vulnerability in the value function"
},
{
"cve": "CVE-2026-1615",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2026-02-09T11:10:57.572082+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437875"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the jsonpath component. This vulnerability allows a remote attacker to achieve arbitrary code execution by supplying a malicious JSON Path expression. The component\u0027s reliance on the `static-eval` module for processing user-supplied input leads to unsafe evaluation. Successful exploitation can result in Remote Code Execution (RCE) in Node.js environments or Cross-site Scripting (XSS) in browser contexts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsonpath: jsonpath: Arbitrary Code Execution via unsafe JSON Path expression evaluation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security team has rated this vulnerability as Important as it may allows arbitrary code execution when processing untrusted JSON Path expressions. This can lead to Remote Code Execution in Node.js environments or Cross-site Scripting in browser contexts. In some contexts it may be possible to remotely exploit this flaw without any privileges. However, within Red Hat products the jsonpath component is used as a transitive dependency or does not directly handle user input. This context reduces exposure and criticality of this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1615"
},
{
"category": "external",
"summary": "RHBZ#2437875",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437875"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1615",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1615"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1615",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1615"
},
{
"category": "external",
"summary": "https://github.com/dchester/jsonpath/blob/c1dd8ec74034fb0375233abb5fdbec51ac317b4b/lib/handlers.js%23L243",
"url": "https://github.com/dchester/jsonpath/blob/c1dd8ec74034fb0375233abb5fdbec51ac317b4b/lib/handlers.js%23L243"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-15141219",
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-15141219"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSONPATH-13645034",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSONPATH-13645034"
}
],
"release_date": "2026-02-09T05:00:09.050000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T12:51:47+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6174"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsonpath: jsonpath: Arbitrary Code Execution via unsafe JSON Path expression evaluation"
},
{
"cve": "CVE-2026-2359",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"discovery_date": "2026-02-27T16:01:27.340094+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2443350"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Multer, a Node.js middleware for handling `multipart/form-data`. A remote attacker can exploit this vulnerability by intentionally dropping a connection during a file upload. This can lead to a Denial of Service (DoS) due to resource exhaustion on the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "multer: Multer: Denial of Service via dropped file upload connections",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2359"
},
{
"category": "external",
"summary": "RHBZ#2443350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443350"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2359",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2359"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2359",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2359"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/expressjs/multer/commit/cccf0fe0e64150c4f42ccf6654165c0d66b9adab",
"url": "https://github.com/expressjs/multer/commit/cccf0fe0e64150c4f42ccf6654165c0d66b9adab"
},
{
"category": "external",
"summary": "https://github.com/expressjs/multer/security/advisories/GHSA-v52c-386h-88mc",
"url": "https://github.com/expressjs/multer/security/advisories/GHSA-v52c-386h-88mc"
}
],
"release_date": "2026-02-27T15:42:08.088000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T12:51:47+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6174"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "multer: Multer: Denial of Service via dropped file upload connections"
},
{
"cve": "CVE-2026-3304",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"discovery_date": "2026-02-27T16:01:39.674165+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2443353"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Multer, a Node.js middleware. A remote attacker could exploit this vulnerability by sending specially crafted malformed requests. This could lead to resource exhaustion, resulting in a Denial of Service (DoS) for the application using Multer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "multer: Multer: Denial of Service via malformed requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-3304"
},
{
"category": "external",
"summary": "RHBZ#2443353",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443353"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-3304",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3304"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-3304",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3304"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/expressjs/multer/commit/739919097dde3921ec31b930e4b9025036fa74ee",
"url": "https://github.com/expressjs/multer/commit/739919097dde3921ec31b930e4b9025036fa74ee"
},
{
"category": "external",
"summary": "https://github.com/expressjs/multer/security/advisories/GHSA-xf7r-hgr6-v32p",
"url": "https://github.com/expressjs/multer/security/advisories/GHSA-xf7r-hgr6-v32p"
}
],
"release_date": "2026-02-27T15:44:37.187000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T12:51:47+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6174"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "multer: Multer: Denial of Service via malformed requests"
},
{
"cve": "CVE-2026-3520",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-03-04T17:01:43.432970+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2444584"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw was found in Multer, a Node.js middleware for handling `multipart/form-data`. A remote attacker can send specially crafted malformed requests which may induce a stack overflow. This can lead to a Denial of Service (DoS) making the service unavailable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "multer: Multer: Denial of Service via malformed requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-3520"
},
{
"category": "external",
"summary": "RHBZ#2444584",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444584"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-3520",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3520"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-3520",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3520"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/expressjs/multer/commit/7e66481f8b2e6c54b982b34c152479e096ce2752",
"url": "https://github.com/expressjs/multer/commit/7e66481f8b2e6c54b982b34c152479e096ce2752"
},
{
"category": "external",
"summary": "https://github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2",
"url": "https://github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2"
}
],
"release_date": "2026-03-04T16:17:18.962000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T12:51:47+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6174"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "multer: Multer: Denial of Service via malformed requests"
},
{
"cve": "CVE-2026-24046",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2026-01-21T23:00:53.856026+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431878"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Backstage. A symlink-based path traversal issue can be exploited in multiple Scaffolder actions and archive extraction utilities during template execution via malicious symlinks. An attacker with access to create and execute Scaffolder templates can read sensitive files, delete arbitrary files or write files outside the intended workspace, resulting in unauthorized information disclosure or system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "backstage/backend-defaults: backstage/plugin-scaffolder-backend: backstage/plugin-scaffolder-node: possible symlink path traversal in scaffolder actions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to have access to create and execute Scaffolder actions, specifically the debug:log, fs:delete actions and archive extractions, limiting the exposure of this flaw. Additionally, file systems operations are constrained by the permissions of the process, limiting the impact to files that can be accessed by Backstage. Due to these reasons, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24046"
},
{
"category": "external",
"summary": "RHBZ#2431878",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431878"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24046",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24046"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24046",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24046"
},
{
"category": "external",
"summary": "https://github.com/backstage/backstage/commit/c641c147ab371a9a8a2f5f67fdb7cb9c97ef345d",
"url": "https://github.com/backstage/backstage/commit/c641c147ab371a9a8a2f5f67fdb7cb9c97ef345d"
},
{
"category": "external",
"summary": "https://github.com/backstage/backstage/security/advisories/GHSA-rq6q-wr2q-7pgp",
"url": "https://github.com/backstage/backstage/security/advisories/GHSA-rq6q-wr2q-7pgp"
}
],
"release_date": "2026-01-21T22:36:30.794000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T12:51:47+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6174"
},
{
"category": "workaround",
"details": "To mitigate this issue, consider implementing strict access controls for Backstage Scaffolder templates. Restrict the ability to create and execute Scaffolder templates to trusted users only, utilizing the Backstage permissions framework. Additionally, audit existing templates for any symlink usage and consider running Backstage within a containerized environment with a highly restricted filesystem to limit potential impact.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "backstage/backend-defaults: backstage/plugin-scaffolder-backend: backstage/plugin-scaffolder-node: possible symlink path traversal in scaffolder actions"
},
{
"cve": "CVE-2026-25153",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2026-01-30T22:00:57.084320+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2435576"
}
],
"notes": [
{
"category": "description",
"text": "A code injection flaw has been discovered in the npm @backstage/plugin-techdocs-node library. When TechDocs is configured with `runIn: local`, a malicious actor who can submit or modify a repository\u0027s `mkdocs.yml` file can execute arbitrary Python code on the TechDocs build server via MkDocs hooks configuration.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "@backstage/plugin-techdocs-node: @backstage/plugin-techdocs-node vulnerable to arbitrary code execution via MkDocs hooks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25153"
},
{
"category": "external",
"summary": "RHBZ#2435576",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435576"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25153",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25153"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25153",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25153"
},
{
"category": "external",
"summary": "https://github.com/backstage/backstage/security/advisories/GHSA-6jr7-99pf-8vgf",
"url": "https://github.com/backstage/backstage/security/advisories/GHSA-6jr7-99pf-8vgf"
}
],
"release_date": "2026-01-30T21:31:58.870000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T12:51:47+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6174"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "@backstage/plugin-techdocs-node: @backstage/plugin-techdocs-node vulnerable to arbitrary code execution via MkDocs hooks"
},
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T12:51:47+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6174"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
},
{
"cve": "CVE-2026-25896",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-02-20T22:01:59.622413+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441501"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in fast-xml-parser. A remote attacker can exploit this vulnerability by providing a specially crafted XML input. The system incorrectly interprets a dot in a DOCTYPE entity name as a regular expression wildcard during processing. This allows the attacker to bypass security measures and inject malicious scripts, resulting in Cross-Site Scripting (XSS) when the parsed output is displayed to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "fast-xml-parser: fast-xml-parser: Cross-Site Scripting (XSS) due to improper DOCTYPE entity handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has been assessed as IMPORTANT for Red Hat products. This vulnerability arises when the parsed XML output is subsequently rendered to users which requires the interaction of the user. The impact of this flaw is also limited to the user\u0027s browser context.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25896"
},
{
"category": "external",
"summary": "RHBZ#2441501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441501"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25896",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25896"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25896",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25896"
},
{
"category": "external",
"summary": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/943ef0eb1b2d3284e72dd74f44a042ee9f07026e",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/943ef0eb1b2d3284e72dd74f44a042ee9f07026e"
},
{
"category": "external",
"summary": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/ddcd0acf26ddd682cb0dc15a2bd6aa3b96bb1e69",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/ddcd0acf26ddd682cb0dc15a2bd6aa3b96bb1e69"
},
{
"category": "external",
"summary": "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.3.5",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.3.5"
},
{
"category": "external",
"summary": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-m7jm-9gc2-mpf2",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-m7jm-9gc2-mpf2"
}
],
"release_date": "2026-02-20T20:57:48.074000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T12:51:47+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6174"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "fast-xml-parser: fast-xml-parser: Cross-Site Scripting (XSS) due to improper DOCTYPE entity handling"
},
{
"cve": "CVE-2026-26278",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2026-02-19T21:03:33.363864+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441120"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw was found in fast-xml-parser. A remote attacker can exploit this vulnerability by providing a specially crafted, small XML input. This input can force the XML parser to perform an unlimited amount of entity expansion, consuming excessive resources. This can lead to the application freezing for an extended period, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "fast-xml-parser: fast-xml-parser: Denial of Service via unlimited XML entity expansion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26278"
},
{
"category": "external",
"summary": "RHBZ#2441120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441120"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26278",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26278"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26278",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26278"
},
{
"category": "external",
"summary": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/910dae5be2de2955e968558fadf6e8f74f117a77",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/910dae5be2de2955e968558fadf6e8f74f117a77"
},
{
"category": "external",
"summary": "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.3.6",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.3.6"
},
{
"category": "external",
"summary": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-jmr7-xgp7-cmfj",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-jmr7-xgp7-cmfj"
}
],
"release_date": "2026-02-19T19:40:55.842000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T12:51:47+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6174"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "fast-xml-parser: fast-xml-parser: Denial of Service via unlimited XML entity expansion"
},
{
"cve": "CVE-2026-27606",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-02-25T04:01:24.449922+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442530"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Rollup, a JavaScript module bundler. Insecure file name sanitization in the core engine allows an attacker to control output filenames, potentially through command-line interface (CLI) inputs, manual chunk aliases, or malicious plugins. By using directory traversal sequences (`../`), an attacker can overwrite files anywhere on the host filesystem where the build process has write permissions. This vulnerability can lead to persistent remote code execution (RCE) by overwriting critical system or user configuration files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rollup: Rollup: Remote Code Execution via Path Traversal Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27606"
},
{
"category": "external",
"summary": "RHBZ#2442530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442530"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27606",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27606"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27606",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27606"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2",
"url": "https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e",
"url": "https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3",
"url": "https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/releases/tag/v2.80.0",
"url": "https://github.com/rollup/rollup/releases/tag/v2.80.0"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/releases/tag/v3.30.0",
"url": "https://github.com/rollup/rollup/releases/tag/v3.30.0"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/releases/tag/v4.59.0",
"url": "https://github.com/rollup/rollup/releases/tag/v4.59.0"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/security/advisories/GHSA-mw96-cpmx-2vgc",
"url": "https://github.com/rollup/rollup/security/advisories/GHSA-mw96-cpmx-2vgc"
}
],
"release_date": "2026-02-25T02:08:06.682000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T12:51:47+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6174"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rollup: Rollup: Remote Code Execution via Path Traversal Vulnerability"
},
{
"cve": "CVE-2026-27942",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2026-02-26T03:01:53.367202+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442938"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in fast-xml-parser. A user can exploit this flaw by processing specially crafted XML data with the XML builder when the `preserveOrder` option is enabled. This can lead to a stack overflow, causing the application to crash and resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "fast-xml-parser: fast-xml-parser: Stack overflow leads to Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27942"
},
{
"category": "external",
"summary": "RHBZ#2442938",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442938"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27942",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27942"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27942",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27942"
},
{
"category": "external",
"summary": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/c13a961910f14986295dd28484eee830fa1a0e8a",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/c13a961910f14986295dd28484eee830fa1a0e8a"
},
{
"category": "external",
"summary": "https://github.com/NaturalIntelligence/fast-xml-parser/pull/791",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/pull/791"
},
{
"category": "external",
"summary": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-fj3w-jwp8-x2g3",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-fj3w-jwp8-x2g3"
}
],
"release_date": "2026-02-26T01:22:11.383000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T12:51:47+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6174"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, configure applications using the `fast-xml-parser` XML builder to set the `preserveOrder` option to `false`. Alternatively, ensure that all XML input data is thoroughly validated before being passed to the builder to prevent the processing of malicious or malformed content.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "fast-xml-parser: fast-xml-parser: Stack overflow leads to Denial of Service"
}
]
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…