Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-21710 (GCVE-0-2026-21710)
Vulnerability from cvelistv5 – Published: 2026-03-30 19:07 – Updated: 2026-06-30 12:06
VLAI
EPSS
Summary
A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`.
When this occurs, `dest["__proto__"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`.
* This vulnerability affects all Node.js HTTP servers on **20.x, 22.x, 24.x, and v25.x**
Severity
7.5 (High)
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
16 references
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| nodejs | node |
Affected:
20.20.1 , ≤ 20.20.1
(semver)
Affected: 22.22.1 , ≤ 22.22.1 (semver) Affected: 24.14.0 , ≤ 24.14.0 (semver) Affected: 25.8.1 , ≤ 25.8.1 (semver) Affected: 4.0 , < 4.* (semver) Affected: 5.0 , < 5.* (semver) Affected: 6.0 , < 6.* (semver) Affected: 7.0 , < 7.* (semver) Affected: 8.0 , < 8.* (semver) Affected: 9.0 , < 9.* (semver) Affected: 10.0 , < 10.* (semver) Affected: 11.0 , < 11.* (semver) Affected: 12.0 , < 12.* (semver) Affected: 13.0 , < 13.* (semver) Affected: 14.0 , < 14.* (semver) Affected: 15.0 , < 15.* (semver) Affected: 16.0 , < 16.* (semver) Affected: 17.0 , < 17.* (semver) Affected: 18.0 , < 18.* (semver) Affected: 19.0 , < 19.* (semver) |
|
| Red Hat | Red Hat Enterprise Linux AppStream EUS (v. 10.0) |
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 10) |
cpe:/o:redhat:enterprise_linux:10.1 |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 8) |
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream EUS (v.9.4) |
cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream EUS (v.9.6) |
cpe:/a:redhat:rhel_eus:9.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 9) |
cpe:/a:redhat:enterprise_linux:9::appstream |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21710",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T13:55:20.665443Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T13:55:23.719Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.1"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 9)",
"vendor": "Red Hat"
}
],
"datePublic": "2026-03-30T19:07:28.558Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named `__proto__`. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an application crash. This can result in a Denial of Service (DoS), making the affected service unavailable to users."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T12:06:49.798Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-21710"
},
{
"name": "RHBZ#2453151",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453151"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21710.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7310"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7080"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7675"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8339"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7123"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7670"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9711"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9874"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7983"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7896"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7302"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:7310: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:7080: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:7675: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:8339: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:7123: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:7670: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:9711: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:9874: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:7983: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:7896: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:7302: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:7350: Red Hat Enterprise Linux AppStream (v. 9)"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-30T20:01:21.196Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-03-30T19:07:28.558Z",
"value": "Made public."
}
],
"title": "Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "node",
"vendor": "nodejs",
"versions": [
{
"lessThanOrEqual": "20.20.1",
"status": "affected",
"version": "20.20.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "22.22.1",
"status": "affected",
"version": "22.22.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "24.14.0",
"status": "affected",
"version": "24.14.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "25.8.1",
"status": "affected",
"version": "25.8.1",
"versionType": "semver"
},
{
"lessThan": "4.*",
"status": "affected",
"version": "4.0",
"versionType": "semver"
},
{
"lessThan": "5.*",
"status": "affected",
"version": "5.0",
"versionType": "semver"
},
{
"lessThan": "6.*",
"status": "affected",
"version": "6.0",
"versionType": "semver"
},
{
"lessThan": "7.*",
"status": "affected",
"version": "7.0",
"versionType": "semver"
},
{
"lessThan": "8.*",
"status": "affected",
"version": "8.0",
"versionType": "semver"
},
{
"lessThan": "9.*",
"status": "affected",
"version": "9.0",
"versionType": "semver"
},
{
"lessThan": "10.*",
"status": "affected",
"version": "10.0",
"versionType": "semver"
},
{
"lessThan": "11.*",
"status": "affected",
"version": "11.0",
"versionType": "semver"
},
{
"lessThan": "12.*",
"status": "affected",
"version": "12.0",
"versionType": "semver"
},
{
"lessThan": "13.*",
"status": "affected",
"version": "13.0",
"versionType": "semver"
},
{
"lessThan": "14.*",
"status": "affected",
"version": "14.0",
"versionType": "semver"
},
{
"lessThan": "15.*",
"status": "affected",
"version": "15.0",
"versionType": "semver"
},
{
"lessThan": "16.*",
"status": "affected",
"version": "16.0",
"versionType": "semver"
},
{
"lessThan": "17.*",
"status": "affected",
"version": "17.0",
"versionType": "semver"
},
{
"lessThan": "18.*",
"status": "affected",
"version": "18.0",
"versionType": "semver"
},
{
"lessThan": "19.*",
"status": "affected",
"version": "19.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`.\r\n\r\nWhen this occurs, `dest[\"__proto__\"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`.\r\n\r\n* This vulnerability affects all Node.js HTTP servers on **20.x, 22.x, 24.x, and v25.x**"
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T19:07:28.558Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2026-21710",
"datePublished": "2026-03-30T19:07:28.558Z",
"dateReserved": "2026-01-04T15:00:06.574Z",
"dateUpdated": "2026-06-30T12:06:49.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-21710",
"date": "2026-07-05",
"epss": "0.26356",
"percentile": "0.97755"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-21710\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2026-03-30T20:16:18.210\",\"lastModified\":\"2026-06-30T03:17:24.043\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`.\\r\\n\\r\\nWhen this occurs, `dest[\\\"__proto__\\\"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`.\\r\\n\\r\\n* This vulnerability affects all Node.js HTTP servers on **20.x, 22.x, 24.x, and v25.x**\"},{\"lang\":\"es\",\"value\":\"Un fallo en el manejo de solicitudes HTTP de Node.js provoca un \u0027TypeError\u0027 no capturado cuando se recibe una solicitud con un encabezado llamado \u0027__proto__\u0027 y la aplicaci\u00f3n accede a \u0027req.headersDistinct\u0027.\\n\\nCuando esto ocurre, \u0027dest[\\\"__proto__\\\"]\u0027 se resuelve como \u0027Object.prototype\u0027 en lugar de \u0027undefined\u0027, lo que provoca que se llame a \u0027.push()\u0027 en un no-array. Esta excepci\u00f3n se lanza sincr\u00f3nicamente dentro de un accesor de propiedad y no puede ser interceptada por los oyentes de eventos \u0027error\u0027, lo que significa que no puede ser manejada sin envolver cada acceso a \u0027req.headersDistinct\u0027 en un \u0027try/catch\u0027.\\n\\n* Esta vulnerabilidad afecta a todos los servidores HTTP de Node.js en 20.x, 22.x, 24.x y v25.x\"}],\"affected\":[{\"source\":\"support@hackerone.com\",\"affectedData\":[{\"vendor\":\"nodejs\",\"product\":\"node\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"20.20.1\",\"lessThanOrEqual\":\"20.20.1\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"22.22.1\",\"lessThanOrEqual\":\"22.22.1\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"24.14.0\",\"lessThanOrEqual\":\"24.14.0\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"25.8.1\",\"lessThanOrEqual\":\"25.8.1\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"4.0\",\"lessThan\":\"4.*\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"5.0\",\"lessThan\":\"5.*\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"6.0\",\"lessThan\":\"6.*\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"7.0\",\"lessThan\":\"7.*\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"8.0\",\"lessThan\":\"8.*\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"9.0\",\"lessThan\":\"9.*\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"10.0\",\"lessThan\":\"10.*\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"11.0\",\"lessThan\":\"11.*\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"12.0\",\"lessThan\":\"12.*\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"13.0\",\"lessThan\":\"13.*\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"14.0\",\"lessThan\":\"14.*\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"15.0\",\"lessThan\":\"15.*\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"16.0\",\"lessThan\":\"16.*\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"17.0\",\"lessThan\":\"17.*\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"18.0\",\"lessThan\":\"18.*\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"19.0\",\"lessThan\":\"19.*\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v. 10.0)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux_eus:10.0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 10)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:8::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v.9.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.4::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v.9.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.6::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 9)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::appstream\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV30\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-03-31T13:55:20.665443Z\",\"id\":\"CVE-2026-21710\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-843\"}]}],\"references\":[{\"url\":\"https://nodejs.org/en/blog/vulnerability/march-2026-security-releases\",\"source\":\"support@hackerone.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7080\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7123\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7302\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7310\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7350\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7670\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7675\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7896\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7983\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8339\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:9711\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:9874\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-21710\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2453151\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21710.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"cpes\": [\"cpe:/o:redhat:enterprise_linux_eus:10.0\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream EUS (v. 10.0)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10.1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 10)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 8)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.4::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream EUS (v.9.4)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.6::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream EUS (v.9.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 9)\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-03-30T20:01:21.196Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-03-30T19:07:28.558Z\", \"value\": \"Made public.\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"RHSA-2026:7310: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7080: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7675: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:8339: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7123: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7670: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:9711: Red Hat Enterprise Linux AppStream EUS (v.9.4)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:9874: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7983: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7896: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7302: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7350: Red Hat Enterprise Linux AppStream (v. 9)\"}], \"x_adpType\": \"supplier\", \"datePublic\": \"2026-03-30T19:07:28.558Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2026-21710\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2453151\", \"name\": \"RHBZ#2453151\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21710.json\", \"tags\": [\"x_sadp-csaf-vex\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7310\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7080\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7675\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:8339\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7123\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7670\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:9711\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:9874\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7983\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7896\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7302\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7350\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\"}], \"x_generator\": {\"engine\": \"sadp-cli 1.0.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named `__proto__`. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an application crash. This can result in a Denial of Service (DoS), making the affected service unavailable to users.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-843\", \"description\": \"Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\", \"shortName\": \"redhat-SADP\", \"dateUpdated\": \"2026-06-30T02:43:18.595Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-21710\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-31T13:55:20.665443Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770 Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-31T13:55:13.442Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\"}}], \"affected\": [{\"vendor\": \"nodejs\", \"product\": \"node\", \"versions\": [{\"status\": \"affected\", \"version\": \"20.20.1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"20.20.1\"}, {\"status\": \"affected\", \"version\": \"22.22.1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"22.22.1\"}, {\"status\": \"affected\", \"version\": \"24.14.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"24.14.0\"}, {\"status\": \"affected\", \"version\": \"25.8.1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"25.8.1\"}, {\"status\": \"affected\", \"version\": \"4.0\", \"lessThan\": \"4.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"5.0\", \"lessThan\": \"5.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"6.0\", \"lessThan\": \"6.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"7.0\", \"lessThan\": \"7.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"8.0\", \"lessThan\": \"8.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"9.0\", \"lessThan\": \"9.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"10.0\", \"lessThan\": \"10.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"11.0\", \"lessThan\": \"11.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"12.0\", \"lessThan\": \"12.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"13.0\", \"lessThan\": \"13.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"14.0\", \"lessThan\": \"14.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"15.0\", \"lessThan\": \"15.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"16.0\", \"lessThan\": \"16.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"17.0\", \"lessThan\": \"17.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"18.0\", \"lessThan\": \"18.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"19.0\", \"lessThan\": \"19.*\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://nodejs.org/en/blog/vulnerability/march-2026-security-releases\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`.\\r\\n\\r\\nWhen this occurs, `dest[\\\"__proto__\\\"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`.\\r\\n\\r\\n* This vulnerability affects all Node.js HTTP servers on **20.x, 22.x, 24.x, and v25.x**\"}], \"providerMetadata\": {\"orgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"shortName\": \"hackerone\", \"dateUpdated\": \"2026-03-30T19:07:28.558Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-21710\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-30T02:43:18.595Z\", \"dateReserved\": \"2026-01-04T15:00:06.574Z\", \"assignerOrgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"datePublished\": \"2026-03-30T19:07:28.558Z\", \"assignerShortName\": \"hackerone\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
SUSE-SU-2026:1371-1
Vulnerability from csaf_suse - Published: 2026-04-15 14:46 - Updated: 2026-04-15 14:46Summary
Security update for nodejs20
Severity
Important
Notes
Title of the patch: Security update for nodejs20
Description of the patch: This update for nodejs20 fixes the following issues:
Update to version 20.20.2.
- CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for
performance degradation via a crafted request (bsc#1260494).
- CVE-2026-21716: incomplete fix for CVE-2024-36137 allows promise-based FileHandle methods to be used to modify file
permissions and ownership on already-open file descriptors (bsc#1260462).
- CVE-2026-21715: flaw in the Permission Model filesystem enforcement allows for file existence disclosure and
filesystem path enumeration via `fs.realpathSync.native()` (bsc#1260482).
- CVE-2026-21714: memory leak in Node.js HTTP/2 server allows for resource exhaustion via `WINDOW_UPDATE` frames sent
on stream 0 (bsc#1260480).
- CVE-2026-21713: timing side-channel due to flaw in Node.js HMAC verification allows for discovery of HMAC values and
potential MAC forgery (bsc#1260463).
- CVE-2026-21710: uncaught `TypeError` when handling HTTP requests allows for a process crash via requests with a
header named `__proto__` when the application accesses `req.headersDistinct` (bsc#1260455).
- CVE-2026-21637: flaw in TLS error handling allows for resource exhaustion and crash when `pskCallback` or
`ALPNCallback` are in use (bsc#1256576).
Patchnames: SUSE-2026-1371,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1371,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1371,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1371,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1371
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.6 (Medium)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
4.4 (Medium)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
32 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs20",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs20 fixes the following issues:\n\nUpdate to version 20.20.2.\n\n- CVE-2026-21717: trivially predictable hash collisions due to flaw in V8\u0027s string hashing mechanism allows for\n performance degradation via a crafted request (bsc#1260494).\n- CVE-2026-21716: incomplete fix for CVE-2024-36137 allows promise-based FileHandle methods to be used to modify file\n permissions and ownership on already-open file descriptors (bsc#1260462).\n- CVE-2026-21715: flaw in the Permission Model filesystem enforcement allows for file existence disclosure and\n filesystem path enumeration via `fs.realpathSync.native()` (bsc#1260482).\n- CVE-2026-21714: memory leak in Node.js HTTP/2 server allows for resource exhaustion via `WINDOW_UPDATE` frames sent\n on stream 0 (bsc#1260480).\n- CVE-2026-21713: timing side-channel due to flaw in Node.js HMAC verification allows for discovery of HMAC values and\n potential MAC forgery (bsc#1260463).\n- CVE-2026-21710: uncaught `TypeError` when handling HTTP requests allows for a process crash via requests with a\n header named `__proto__` when the application accesses `req.headersDistinct` (bsc#1260455).\n- CVE-2026-21637: flaw in TLS error handling allows for resource exhaustion and crash when `pskCallback` or\n `ALPNCallback` are in use (bsc#1256576).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1371,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1371,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1371,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1371,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1371",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1371-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1371-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261371-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1371-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045546.html"
},
{
"category": "self",
"summary": "SUSE Bug 1256576",
"url": "https://bugzilla.suse.com/1256576"
},
{
"category": "self",
"summary": "SUSE Bug 1260455",
"url": "https://bugzilla.suse.com/1260455"
},
{
"category": "self",
"summary": "SUSE Bug 1260462",
"url": "https://bugzilla.suse.com/1260462"
},
{
"category": "self",
"summary": "SUSE Bug 1260463",
"url": "https://bugzilla.suse.com/1260463"
},
{
"category": "self",
"summary": "SUSE Bug 1260480",
"url": "https://bugzilla.suse.com/1260480"
},
{
"category": "self",
"summary": "SUSE Bug 1260482",
"url": "https://bugzilla.suse.com/1260482"
},
{
"category": "self",
"summary": "SUSE Bug 1260494",
"url": "https://bugzilla.suse.com/1260494"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21637 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21637/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21710 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21710/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21713 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21714 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21715 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21716 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21716/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21717 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21717/"
}
],
"title": "Security update for nodejs20",
"tracking": {
"current_release_date": "2026-04-15T14:46:54Z",
"generator": {
"date": "2026-04-15T14:46:54Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1371-1",
"initial_release_date": "2026-04-15T14:46:54Z",
"revision_history": [
{
"date": "2026-04-15T14:46:54Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "corepack20-20.20.2-150500.11.27.1.aarch64",
"product": {
"name": "corepack20-20.20.2-150500.11.27.1.aarch64",
"product_id": "corepack20-20.20.2-150500.11.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs20-20.20.2-150500.11.27.1.aarch64",
"product": {
"name": "nodejs20-20.20.2-150500.11.27.1.aarch64",
"product_id": "nodejs20-20.20.2-150500.11.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"product": {
"name": "nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"product_id": "nodejs20-devel-20.20.2-150500.11.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "npm20-20.20.2-150500.11.27.1.aarch64",
"product": {
"name": "npm20-20.20.2-150500.11.27.1.aarch64",
"product_id": "npm20-20.20.2-150500.11.27.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack20-20.20.2-150500.11.27.1.i586",
"product": {
"name": "corepack20-20.20.2-150500.11.27.1.i586",
"product_id": "corepack20-20.20.2-150500.11.27.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs20-20.20.2-150500.11.27.1.i586",
"product": {
"name": "nodejs20-20.20.2-150500.11.27.1.i586",
"product_id": "nodejs20-20.20.2-150500.11.27.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs20-devel-20.20.2-150500.11.27.1.i586",
"product": {
"name": "nodejs20-devel-20.20.2-150500.11.27.1.i586",
"product_id": "nodejs20-devel-20.20.2-150500.11.27.1.i586"
}
},
{
"category": "product_version",
"name": "npm20-20.20.2-150500.11.27.1.i586",
"product": {
"name": "npm20-20.20.2-150500.11.27.1.i586",
"product_id": "npm20-20.20.2-150500.11.27.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"product": {
"name": "nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"product_id": "nodejs20-docs-20.20.2-150500.11.27.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack20-20.20.2-150500.11.27.1.ppc64le",
"product": {
"name": "corepack20-20.20.2-150500.11.27.1.ppc64le",
"product_id": "corepack20-20.20.2-150500.11.27.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs20-20.20.2-150500.11.27.1.ppc64le",
"product": {
"name": "nodejs20-20.20.2-150500.11.27.1.ppc64le",
"product_id": "nodejs20-20.20.2-150500.11.27.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"product": {
"name": "nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"product_id": "nodejs20-devel-20.20.2-150500.11.27.1.ppc64le"
}
},
{
"category": "product_version",
"name": "npm20-20.20.2-150500.11.27.1.ppc64le",
"product": {
"name": "npm20-20.20.2-150500.11.27.1.ppc64le",
"product_id": "npm20-20.20.2-150500.11.27.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack20-20.20.2-150500.11.27.1.s390x",
"product": {
"name": "corepack20-20.20.2-150500.11.27.1.s390x",
"product_id": "corepack20-20.20.2-150500.11.27.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs20-20.20.2-150500.11.27.1.s390x",
"product": {
"name": "nodejs20-20.20.2-150500.11.27.1.s390x",
"product_id": "nodejs20-20.20.2-150500.11.27.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"product": {
"name": "nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"product_id": "nodejs20-devel-20.20.2-150500.11.27.1.s390x"
}
},
{
"category": "product_version",
"name": "npm20-20.20.2-150500.11.27.1.s390x",
"product": {
"name": "npm20-20.20.2-150500.11.27.1.s390x",
"product_id": "npm20-20.20.2-150500.11.27.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack20-20.20.2-150500.11.27.1.x86_64",
"product": {
"name": "corepack20-20.20.2-150500.11.27.1.x86_64",
"product_id": "corepack20-20.20.2-150500.11.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs20-20.20.2-150500.11.27.1.x86_64",
"product": {
"name": "nodejs20-20.20.2-150500.11.27.1.x86_64",
"product_id": "nodejs20-20.20.2-150500.11.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"product": {
"name": "nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"product_id": "nodejs20-devel-20.20.2-150500.11.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm20-20.20.2-150500.11.27.1.x86_64",
"product": {
"name": "npm20-20.20.2-150500.11.27.1.x86_64",
"product_id": "npm20-20.20.2-150500.11.27.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.20.2-150500.11.27.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64"
},
"product_reference": "nodejs20-20.20.2-150500.11.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.20.2-150500.11.27.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64"
},
"product_reference": "nodejs20-20.20.2-150500.11.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.20.2-150500.11.27.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64"
},
"product_reference": "nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.20.2-150500.11.27.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64"
},
"product_reference": "nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-docs-20.20.2-150500.11.27.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch"
},
"product_reference": "nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.20.2-150500.11.27.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64"
},
"product_reference": "npm20-20.20.2-150500.11.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.20.2-150500.11.27.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64"
},
"product_reference": "npm20-20.20.2-150500.11.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.20.2-150500.11.27.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64"
},
"product_reference": "nodejs20-20.20.2-150500.11.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.20.2-150500.11.27.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64"
},
"product_reference": "nodejs20-20.20.2-150500.11.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.20.2-150500.11.27.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64"
},
"product_reference": "nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.20.2-150500.11.27.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64"
},
"product_reference": "nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-docs-20.20.2-150500.11.27.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch"
},
"product_reference": "nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.20.2-150500.11.27.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64"
},
"product_reference": "npm20-20.20.2-150500.11.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.20.2-150500.11.27.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64"
},
"product_reference": "npm20-20.20.2-150500.11.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.20.2-150500.11.27.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64"
},
"product_reference": "nodejs20-20.20.2-150500.11.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.20.2-150500.11.27.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le"
},
"product_reference": "nodejs20-20.20.2-150500.11.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.20.2-150500.11.27.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x"
},
"product_reference": "nodejs20-20.20.2-150500.11.27.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.20.2-150500.11.27.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64"
},
"product_reference": "nodejs20-20.20.2-150500.11.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.20.2-150500.11.27.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64"
},
"product_reference": "nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.20.2-150500.11.27.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le"
},
"product_reference": "nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.20.2-150500.11.27.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x"
},
"product_reference": "nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.20.2-150500.11.27.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64"
},
"product_reference": "nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-docs-20.20.2-150500.11.27.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch"
},
"product_reference": "nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.20.2-150500.11.27.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64"
},
"product_reference": "npm20-20.20.2-150500.11.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.20.2-150500.11.27.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le"
},
"product_reference": "npm20-20.20.2-150500.11.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.20.2-150500.11.27.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x"
},
"product_reference": "npm20-20.20.2-150500.11.27.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.20.2-150500.11.27.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64"
},
"product_reference": "npm20-20.20.2-150500.11.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.20.2-150500.11.27.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le"
},
"product_reference": "nodejs20-20.20.2-150500.11.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.20.2-150500.11.27.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64"
},
"product_reference": "nodejs20-20.20.2-150500.11.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.20.2-150500.11.27.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le"
},
"product_reference": "nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.20.2-150500.11.27.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64"
},
"product_reference": "nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-docs-20.20.2-150500.11.27.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch"
},
"product_reference": "nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.20.2-150500.11.27.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le"
},
"product_reference": "npm20-20.20.2-150500.11.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.20.2-150500.11.27.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
},
"product_reference": "npm20-20.20.2-150500.11.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-21637",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21637"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. This vulnerability affects TLS servers using PSK or ALPN callbacks across Node.js versions where these callbacks throw without being safely wrapped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21637",
"url": "https://www.suse.com/security/cve/CVE-2026-21637"
},
{
"category": "external",
"summary": "SUSE Bug 1256576 for CVE-2026-21637",
"url": "https://bugzilla.suse.com/1256576"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-15T14:46:54Z",
"details": "moderate"
}
],
"title": "CVE-2026-21637"
},
{
"cve": "CVE-2026-21710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21710"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`.\r\n\r\nWhen this occurs, `dest[\"__proto__\"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`.\r\n\r\n* This vulnerability affects all Node.js HTTP servers on **20.x, 22.x, 24.x, and v25.x**",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21710",
"url": "https://www.suse.com/security/cve/CVE-2026-21710"
},
{
"category": "external",
"summary": "SUSE Bug 1260455 for CVE-2026-21710",
"url": "https://bugzilla.suse.com/1260455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-15T14:46:54Z",
"details": "important"
}
],
"title": "CVE-2026-21710"
},
{
"cve": "CVE-2026-21713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21713"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior could be exploited as a timing oracle to infer HMAC values.\r\n\r\nNode.js already provides timing-safe comparison primitives used elsewhere in the codebase, indicating this is an oversight rather than an intentional design decision.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21713",
"url": "https://www.suse.com/security/cve/CVE-2026-21713"
},
{
"category": "external",
"summary": "SUSE Bug 1260463 for CVE-2026-21713",
"url": "https://bugzilla.suse.com/1260463"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-15T14:46:54Z",
"details": "moderate"
}
],
"title": "CVE-2026-21713"
},
{
"cve": "CVE-2026-21714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21714"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOW_UPDATE frames on stream 0 (connection-level) that cause the flow control window to exceed the maximum value of 2-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up.\r\n\r\nThis vulnerability affects HTTP2 users on Node.js 20, 22, 24 and 25.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21714",
"url": "https://www.suse.com/security/cve/CVE-2026-21714"
},
{
"category": "external",
"summary": "SUSE Bug 1260480 for CVE-2026-21714",
"url": "https://bugzilla.suse.com/1260480"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-15T14:46:54Z",
"details": "moderate"
}
],
"title": "CVE-2026-21714"
},
{
"cve": "CVE-2026-21715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21715"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, while all comparable filesystem functions correctly enforce them.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-read` can still use `fs.realpathSync.native()` to check file existence, resolve symlink targets, and enumerate filesystem paths outside of permitted directories.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-read` is intentionally restricted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21715",
"url": "https://www.suse.com/security/cve/CVE-2026-21715"
},
{
"category": "external",
"summary": "SUSE Bug 1260482 for CVE-2026-21715",
"url": "https://bugzilla.suse.com/1260482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-15T14:46:54Z",
"details": "low"
}
],
"title": "CVE-2026-21715"
},
{
"cve": "CVE-2026-21716",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21716"
}
],
"notes": [
{
"category": "general",
"text": "An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permission checks, while their callback-based equivalents (`fs.fchmod()`, `fs.fchown()`) were correctly patched.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-write` can still use promise-based `FileHandle` methods to modify file permissions and ownership on already-open file descriptors, bypassing the intended write restrictions.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-write` is intentionally restricted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21716",
"url": "https://www.suse.com/security/cve/CVE-2026-21716"
},
{
"category": "external",
"summary": "SUSE Bug 1260462 for CVE-2026-21716",
"url": "https://bugzilla.suse.com/1260462"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-15T14:46:54Z",
"details": "moderate"
}
],
"title": "CVE-2026-21716"
},
{
"cve": "CVE-2026-21717",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21717"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in V8\u0027s string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8\u0027s internal string table, an attacker can significantly degrade performance of the Node.js process.\r\n\r\nThe most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21717",
"url": "https://www.suse.com/security/cve/CVE-2026-21717"
},
{
"category": "external",
"summary": "SUSE Bug 1260494 for CVE-2026-21717",
"url": "https://bugzilla.suse.com/1260494"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.20.2-150500.11.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.20.2-150500.11.27.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.20.2-150500.11.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-15T14:46:54Z",
"details": "moderate"
}
],
"title": "CVE-2026-21717"
}
]
}
SUSE-SU-2026:1478-1
Vulnerability from csaf_suse - Published: 2026-04-20 10:09 - Updated: 2026-04-20 10:09Summary
Security update for nodejs22
Severity
Important
Notes
Title of the patch: Security update for nodejs22
Description of the patch: This update for nodejs22 fixes the following issues:
Update to version 22.22.2.
- CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for
performance degradation via a crafted request (bsc#1260494).
- CVE-2026-21716: incomplete fix for CVE-2024-36137 allows promise-based FileHandle methods to be used to modify file
permissions and ownership on already-open file descriptors (bsc#1260462).
- CVE-2026-21715: flaw in the Permission Model filesystem enforcement allows for file existence disclosure and
filesystem path enumeration via `fs.realpathSync.native()` (bsc#1260482).
- CVE-2026-21714: memory leak in Node.js HTTP/2 server allows for resource exhaustion via `WINDOW_UPDATE` frames sent
on stream 0 (bsc#1260480).
- CVE-2026-21713: timing side-channel due to flaw in Node.js HMAC verification allows for discovery of HMAC values and
potential MAC forgery (bsc#1260463).
- CVE-2026-21710: uncaught `TypeError` when handling HTTP requests allows for a process crash via requests with a
header named `__proto__` when the application accesses `req.headersDistinct` (bsc#1260455).
- CVE-2026-21637: flaw in TLS error handling allows for resource exhaustion and crash when `pskCallback` or
`ALPNCallback` are in use (bsc#1256576).
Patchnames: SUSE-2026-1478,SUSE-SLE-Module-Web-Scripting-15-SP7-2026-1478
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-docs-22.22.2-150700.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-docs-22.22.2-150700.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.6 (Medium)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-docs-22.22.2-150700.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-docs-22.22.2-150700.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-docs-22.22.2-150700.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
4.4 (Medium)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-docs-22.22.2-150700.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-docs-22.22.2-150700.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
32 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs22",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs22 fixes the following issues:\n\nUpdate to version 22.22.2.\n\n- CVE-2026-21717: trivially predictable hash collisions due to flaw in V8\u0027s string hashing mechanism allows for\n performance degradation via a crafted request (bsc#1260494).\n- CVE-2026-21716: incomplete fix for CVE-2024-36137 allows promise-based FileHandle methods to be used to modify file\n permissions and ownership on already-open file descriptors (bsc#1260462).\n- CVE-2026-21715: flaw in the Permission Model filesystem enforcement allows for file existence disclosure and\n filesystem path enumeration via `fs.realpathSync.native()` (bsc#1260482).\n- CVE-2026-21714: memory leak in Node.js HTTP/2 server allows for resource exhaustion via `WINDOW_UPDATE` frames sent\n on stream 0 (bsc#1260480).\n- CVE-2026-21713: timing side-channel due to flaw in Node.js HMAC verification allows for discovery of HMAC values and\n potential MAC forgery (bsc#1260463).\n- CVE-2026-21710: uncaught `TypeError` when handling HTTP requests allows for a process crash via requests with a\n header named `__proto__` when the application accesses `req.headersDistinct` (bsc#1260455).\n- CVE-2026-21637: flaw in TLS error handling allows for resource exhaustion and crash when `pskCallback` or\n `ALPNCallback` are in use (bsc#1256576).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1478,SUSE-SLE-Module-Web-Scripting-15-SP7-2026-1478",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1478-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1478-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261478-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1478-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045701.html"
},
{
"category": "self",
"summary": "SUSE Bug 1256576",
"url": "https://bugzilla.suse.com/1256576"
},
{
"category": "self",
"summary": "SUSE Bug 1260455",
"url": "https://bugzilla.suse.com/1260455"
},
{
"category": "self",
"summary": "SUSE Bug 1260462",
"url": "https://bugzilla.suse.com/1260462"
},
{
"category": "self",
"summary": "SUSE Bug 1260463",
"url": "https://bugzilla.suse.com/1260463"
},
{
"category": "self",
"summary": "SUSE Bug 1260480",
"url": "https://bugzilla.suse.com/1260480"
},
{
"category": "self",
"summary": "SUSE Bug 1260482",
"url": "https://bugzilla.suse.com/1260482"
},
{
"category": "self",
"summary": "SUSE Bug 1260494",
"url": "https://bugzilla.suse.com/1260494"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21637 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21637/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21710 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21710/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21713 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21714 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21715 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21716 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21716/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21717 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21717/"
}
],
"title": "Security update for nodejs22",
"tracking": {
"current_release_date": "2026-04-20T10:09:08Z",
"generator": {
"date": "2026-04-20T10:09:08Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1478-1",
"initial_release_date": "2026-04-20T10:09:08Z",
"revision_history": [
{
"date": "2026-04-20T10:09:08Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.22.2-150700.3.9.1.aarch64",
"product": {
"name": "corepack22-22.22.2-150700.3.9.1.aarch64",
"product_id": "corepack22-22.22.2-150700.3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs22-22.22.2-150700.3.9.1.aarch64",
"product": {
"name": "nodejs22-22.22.2-150700.3.9.1.aarch64",
"product_id": "nodejs22-22.22.2-150700.3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.22.2-150700.3.9.1.aarch64",
"product": {
"name": "nodejs22-devel-22.22.2-150700.3.9.1.aarch64",
"product_id": "nodejs22-devel-22.22.2-150700.3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "npm22-22.22.2-150700.3.9.1.aarch64",
"product": {
"name": "npm22-22.22.2-150700.3.9.1.aarch64",
"product_id": "npm22-22.22.2-150700.3.9.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.22.2-150700.3.9.1.i586",
"product": {
"name": "corepack22-22.22.2-150700.3.9.1.i586",
"product_id": "corepack22-22.22.2-150700.3.9.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs22-22.22.2-150700.3.9.1.i586",
"product": {
"name": "nodejs22-22.22.2-150700.3.9.1.i586",
"product_id": "nodejs22-22.22.2-150700.3.9.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.22.2-150700.3.9.1.i586",
"product": {
"name": "nodejs22-devel-22.22.2-150700.3.9.1.i586",
"product_id": "nodejs22-devel-22.22.2-150700.3.9.1.i586"
}
},
{
"category": "product_version",
"name": "npm22-22.22.2-150700.3.9.1.i586",
"product": {
"name": "npm22-22.22.2-150700.3.9.1.i586",
"product_id": "npm22-22.22.2-150700.3.9.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs22-docs-22.22.2-150700.3.9.1.noarch",
"product": {
"name": "nodejs22-docs-22.22.2-150700.3.9.1.noarch",
"product_id": "nodejs22-docs-22.22.2-150700.3.9.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.22.2-150700.3.9.1.ppc64le",
"product": {
"name": "corepack22-22.22.2-150700.3.9.1.ppc64le",
"product_id": "corepack22-22.22.2-150700.3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs22-22.22.2-150700.3.9.1.ppc64le",
"product": {
"name": "nodejs22-22.22.2-150700.3.9.1.ppc64le",
"product_id": "nodejs22-22.22.2-150700.3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.22.2-150700.3.9.1.ppc64le",
"product": {
"name": "nodejs22-devel-22.22.2-150700.3.9.1.ppc64le",
"product_id": "nodejs22-devel-22.22.2-150700.3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "npm22-22.22.2-150700.3.9.1.ppc64le",
"product": {
"name": "npm22-22.22.2-150700.3.9.1.ppc64le",
"product_id": "npm22-22.22.2-150700.3.9.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.22.2-150700.3.9.1.s390x",
"product": {
"name": "corepack22-22.22.2-150700.3.9.1.s390x",
"product_id": "corepack22-22.22.2-150700.3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs22-22.22.2-150700.3.9.1.s390x",
"product": {
"name": "nodejs22-22.22.2-150700.3.9.1.s390x",
"product_id": "nodejs22-22.22.2-150700.3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.22.2-150700.3.9.1.s390x",
"product": {
"name": "nodejs22-devel-22.22.2-150700.3.9.1.s390x",
"product_id": "nodejs22-devel-22.22.2-150700.3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "npm22-22.22.2-150700.3.9.1.s390x",
"product": {
"name": "npm22-22.22.2-150700.3.9.1.s390x",
"product_id": "npm22-22.22.2-150700.3.9.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.22.2-150700.3.9.1.x86_64",
"product": {
"name": "corepack22-22.22.2-150700.3.9.1.x86_64",
"product_id": "corepack22-22.22.2-150700.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs22-22.22.2-150700.3.9.1.x86_64",
"product": {
"name": "nodejs22-22.22.2-150700.3.9.1.x86_64",
"product_id": "nodejs22-22.22.2-150700.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.22.2-150700.3.9.1.x86_64",
"product": {
"name": "nodejs22-devel-22.22.2-150700.3.9.1.x86_64",
"product_id": "nodejs22-devel-22.22.2-150700.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm22-22.22.2-150700.3.9.1.x86_64",
"product": {
"name": "npm22-22.22.2-150700.3.9.1.x86_64",
"product_id": "npm22-22.22.2-150700.3.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.22.2-150700.3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.aarch64"
},
"product_reference": "nodejs22-22.22.2-150700.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.22.2-150700.3.9.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.ppc64le"
},
"product_reference": "nodejs22-22.22.2-150700.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.22.2-150700.3.9.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.s390x"
},
"product_reference": "nodejs22-22.22.2-150700.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.22.2-150700.3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.x86_64"
},
"product_reference": "nodejs22-22.22.2-150700.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.22.2-150700.3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.aarch64"
},
"product_reference": "nodejs22-devel-22.22.2-150700.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.22.2-150700.3.9.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.ppc64le"
},
"product_reference": "nodejs22-devel-22.22.2-150700.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.22.2-150700.3.9.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.s390x"
},
"product_reference": "nodejs22-devel-22.22.2-150700.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.22.2-150700.3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.x86_64"
},
"product_reference": "nodejs22-devel-22.22.2-150700.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-docs-22.22.2-150700.3.9.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-docs-22.22.2-150700.3.9.1.noarch"
},
"product_reference": "nodejs22-docs-22.22.2-150700.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.22.2-150700.3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.aarch64"
},
"product_reference": "npm22-22.22.2-150700.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.22.2-150700.3.9.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.ppc64le"
},
"product_reference": "npm22-22.22.2-150700.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.22.2-150700.3.9.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.s390x"
},
"product_reference": "npm22-22.22.2-150700.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.22.2-150700.3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.x86_64"
},
"product_reference": "npm22-22.22.2-150700.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-21637",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21637"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. This vulnerability affects TLS servers using PSK or ALPN callbacks across Node.js versions where these callbacks throw without being safely wrapped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-docs-22.22.2-150700.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21637",
"url": "https://www.suse.com/security/cve/CVE-2026-21637"
},
{
"category": "external",
"summary": "SUSE Bug 1256576 for CVE-2026-21637",
"url": "https://bugzilla.suse.com/1256576"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-docs-22.22.2-150700.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-docs-22.22.2-150700.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T10:09:08Z",
"details": "moderate"
}
],
"title": "CVE-2026-21637"
},
{
"cve": "CVE-2026-21710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21710"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`.\r\n\r\nWhen this occurs, `dest[\"__proto__\"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`.\r\n\r\n* This vulnerability affects all Node.js HTTP servers on **20.x, 22.x, 24.x, and v25.x**",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-docs-22.22.2-150700.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21710",
"url": "https://www.suse.com/security/cve/CVE-2026-21710"
},
{
"category": "external",
"summary": "SUSE Bug 1260455 for CVE-2026-21710",
"url": "https://bugzilla.suse.com/1260455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-docs-22.22.2-150700.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-docs-22.22.2-150700.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T10:09:08Z",
"details": "important"
}
],
"title": "CVE-2026-21710"
},
{
"cve": "CVE-2026-21713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21713"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior could be exploited as a timing oracle to infer HMAC values.\r\n\r\nNode.js already provides timing-safe comparison primitives used elsewhere in the codebase, indicating this is an oversight rather than an intentional design decision.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-docs-22.22.2-150700.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21713",
"url": "https://www.suse.com/security/cve/CVE-2026-21713"
},
{
"category": "external",
"summary": "SUSE Bug 1260463 for CVE-2026-21713",
"url": "https://bugzilla.suse.com/1260463"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-docs-22.22.2-150700.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-docs-22.22.2-150700.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T10:09:08Z",
"details": "moderate"
}
],
"title": "CVE-2026-21713"
},
{
"cve": "CVE-2026-21714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21714"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOW_UPDATE frames on stream 0 (connection-level) that cause the flow control window to exceed the maximum value of 2-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up.\r\n\r\nThis vulnerability affects HTTP2 users on Node.js 20, 22, 24 and 25.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-docs-22.22.2-150700.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21714",
"url": "https://www.suse.com/security/cve/CVE-2026-21714"
},
{
"category": "external",
"summary": "SUSE Bug 1260480 for CVE-2026-21714",
"url": "https://bugzilla.suse.com/1260480"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-docs-22.22.2-150700.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-docs-22.22.2-150700.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T10:09:08Z",
"details": "moderate"
}
],
"title": "CVE-2026-21714"
},
{
"cve": "CVE-2026-21715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21715"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, while all comparable filesystem functions correctly enforce them.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-read` can still use `fs.realpathSync.native()` to check file existence, resolve symlink targets, and enumerate filesystem paths outside of permitted directories.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-read` is intentionally restricted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-docs-22.22.2-150700.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21715",
"url": "https://www.suse.com/security/cve/CVE-2026-21715"
},
{
"category": "external",
"summary": "SUSE Bug 1260482 for CVE-2026-21715",
"url": "https://bugzilla.suse.com/1260482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-docs-22.22.2-150700.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-docs-22.22.2-150700.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T10:09:08Z",
"details": "low"
}
],
"title": "CVE-2026-21715"
},
{
"cve": "CVE-2026-21716",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21716"
}
],
"notes": [
{
"category": "general",
"text": "An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permission checks, while their callback-based equivalents (`fs.fchmod()`, `fs.fchown()`) were correctly patched.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-write` can still use promise-based `FileHandle` methods to modify file permissions and ownership on already-open file descriptors, bypassing the intended write restrictions.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-write` is intentionally restricted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-docs-22.22.2-150700.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21716",
"url": "https://www.suse.com/security/cve/CVE-2026-21716"
},
{
"category": "external",
"summary": "SUSE Bug 1260462 for CVE-2026-21716",
"url": "https://bugzilla.suse.com/1260462"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-docs-22.22.2-150700.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-docs-22.22.2-150700.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T10:09:08Z",
"details": "moderate"
}
],
"title": "CVE-2026-21716"
},
{
"cve": "CVE-2026-21717",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21717"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in V8\u0027s string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8\u0027s internal string table, an attacker can significantly degrade performance of the Node.js process.\r\n\r\nThe most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-docs-22.22.2-150700.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21717",
"url": "https://www.suse.com/security/cve/CVE-2026-21717"
},
{
"category": "external",
"summary": "SUSE Bug 1260494 for CVE-2026-21717",
"url": "https://bugzilla.suse.com/1260494"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-docs-22.22.2-150700.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-devel-22.22.2-150700.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:nodejs22-docs-22.22.2-150700.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:npm22-22.22.2-150700.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T10:09:08Z",
"details": "moderate"
}
],
"title": "CVE-2026-21717"
}
]
}
SUSE-SU-2026:1509-1
Vulnerability from csaf_suse - Published: 2026-04-21 06:27 - Updated: 2026-04-21 06:27Summary
Security update for nodejs22
Severity
Important
Notes
Title of the patch: Security update for nodejs22
Description of the patch: This update for nodejs22 fixes the following issues:
Update to version 22.22.2.
- CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for
performance degradation via a crafted request (bsc#1260494).
- CVE-2026-21716: incomplete fix for CVE-2024-36137 allows promise-based FileHandle methods to be used to modify file
permissions and ownership on already-open file descriptors (bsc#1260462).
- CVE-2026-21715: flaw in the Permission Model filesystem enforcement allows for file existence disclosure and
filesystem path enumeration via `fs.realpathSync.native()` (bsc#1260482).
- CVE-2026-21714: memory leak in Node.js HTTP/2 server allows for resource exhaustion via `WINDOW_UPDATE` frames sent
on stream 0 (bsc#1260480).
- CVE-2026-21713: timing side-channel due to flaw in Node.js HMAC verification allows for discovery of HMAC values and
potential MAC forgery (bsc#1260463).
- CVE-2026-21710: uncaught `TypeError` when handling HTTP requests allows for a process crash via requests with a
header named `__proto__` when the application accesses `req.headersDistinct` (bsc#1260455).
- CVE-2026-21637: flaw in TLS error handling allows for resource exhaustion and crash when `pskCallback` or
`ALPNCallback` are in use (bsc#1256576).
Patchnames: SUSE-2026-1509,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1509,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1509
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.6 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
4.4 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
32 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs22",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs22 fixes the following issues:\n\nUpdate to version 22.22.2.\n\n- CVE-2026-21717: trivially predictable hash collisions due to flaw in V8\u0027s string hashing mechanism allows for\n performance degradation via a crafted request (bsc#1260494).\n- CVE-2026-21716: incomplete fix for CVE-2024-36137 allows promise-based FileHandle methods to be used to modify file\n permissions and ownership on already-open file descriptors (bsc#1260462).\n- CVE-2026-21715: flaw in the Permission Model filesystem enforcement allows for file existence disclosure and\n filesystem path enumeration via `fs.realpathSync.native()` (bsc#1260482).\n- CVE-2026-21714: memory leak in Node.js HTTP/2 server allows for resource exhaustion via `WINDOW_UPDATE` frames sent\n on stream 0 (bsc#1260480).\n- CVE-2026-21713: timing side-channel due to flaw in Node.js HMAC verification allows for discovery of HMAC values and\n potential MAC forgery (bsc#1260463).\n- CVE-2026-21710: uncaught `TypeError` when handling HTTP requests allows for a process crash via requests with a\n header named `__proto__` when the application accesses `req.headersDistinct` (bsc#1260455).\n- CVE-2026-21637: flaw in TLS error handling allows for resource exhaustion and crash when `pskCallback` or\n `ALPNCallback` are in use (bsc#1256576).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1509,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1509,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1509",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1509-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1509-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261509-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1509-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025509.html"
},
{
"category": "self",
"summary": "SUSE Bug 1256576",
"url": "https://bugzilla.suse.com/1256576"
},
{
"category": "self",
"summary": "SUSE Bug 1260455",
"url": "https://bugzilla.suse.com/1260455"
},
{
"category": "self",
"summary": "SUSE Bug 1260462",
"url": "https://bugzilla.suse.com/1260462"
},
{
"category": "self",
"summary": "SUSE Bug 1260463",
"url": "https://bugzilla.suse.com/1260463"
},
{
"category": "self",
"summary": "SUSE Bug 1260480",
"url": "https://bugzilla.suse.com/1260480"
},
{
"category": "self",
"summary": "SUSE Bug 1260482",
"url": "https://bugzilla.suse.com/1260482"
},
{
"category": "self",
"summary": "SUSE Bug 1260494",
"url": "https://bugzilla.suse.com/1260494"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21637 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21637/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21710 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21710/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21713 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21714 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21715 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21716 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21716/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21717 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21717/"
}
],
"title": "Security update for nodejs22",
"tracking": {
"current_release_date": "2026-04-21T06:27:53Z",
"generator": {
"date": "2026-04-21T06:27:53Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1509-1",
"initial_release_date": "2026-04-21T06:27:53Z",
"revision_history": [
{
"date": "2026-04-21T06:27:53Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.22.2-150600.13.15.1.aarch64",
"product": {
"name": "corepack22-22.22.2-150600.13.15.1.aarch64",
"product_id": "corepack22-22.22.2-150600.13.15.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs22-22.22.2-150600.13.15.1.aarch64",
"product": {
"name": "nodejs22-22.22.2-150600.13.15.1.aarch64",
"product_id": "nodejs22-22.22.2-150600.13.15.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"product": {
"name": "nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"product_id": "nodejs22-devel-22.22.2-150600.13.15.1.aarch64"
}
},
{
"category": "product_version",
"name": "npm22-22.22.2-150600.13.15.1.aarch64",
"product": {
"name": "npm22-22.22.2-150600.13.15.1.aarch64",
"product_id": "npm22-22.22.2-150600.13.15.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.22.2-150600.13.15.1.i586",
"product": {
"name": "corepack22-22.22.2-150600.13.15.1.i586",
"product_id": "corepack22-22.22.2-150600.13.15.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs22-22.22.2-150600.13.15.1.i586",
"product": {
"name": "nodejs22-22.22.2-150600.13.15.1.i586",
"product_id": "nodejs22-22.22.2-150600.13.15.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.22.2-150600.13.15.1.i586",
"product": {
"name": "nodejs22-devel-22.22.2-150600.13.15.1.i586",
"product_id": "nodejs22-devel-22.22.2-150600.13.15.1.i586"
}
},
{
"category": "product_version",
"name": "npm22-22.22.2-150600.13.15.1.i586",
"product": {
"name": "npm22-22.22.2-150600.13.15.1.i586",
"product_id": "npm22-22.22.2-150600.13.15.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"product": {
"name": "nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"product_id": "nodejs22-docs-22.22.2-150600.13.15.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.22.2-150600.13.15.1.ppc64le",
"product": {
"name": "corepack22-22.22.2-150600.13.15.1.ppc64le",
"product_id": "corepack22-22.22.2-150600.13.15.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs22-22.22.2-150600.13.15.1.ppc64le",
"product": {
"name": "nodejs22-22.22.2-150600.13.15.1.ppc64le",
"product_id": "nodejs22-22.22.2-150600.13.15.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"product": {
"name": "nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"product_id": "nodejs22-devel-22.22.2-150600.13.15.1.ppc64le"
}
},
{
"category": "product_version",
"name": "npm22-22.22.2-150600.13.15.1.ppc64le",
"product": {
"name": "npm22-22.22.2-150600.13.15.1.ppc64le",
"product_id": "npm22-22.22.2-150600.13.15.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.22.2-150600.13.15.1.s390x",
"product": {
"name": "corepack22-22.22.2-150600.13.15.1.s390x",
"product_id": "corepack22-22.22.2-150600.13.15.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs22-22.22.2-150600.13.15.1.s390x",
"product": {
"name": "nodejs22-22.22.2-150600.13.15.1.s390x",
"product_id": "nodejs22-22.22.2-150600.13.15.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"product": {
"name": "nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"product_id": "nodejs22-devel-22.22.2-150600.13.15.1.s390x"
}
},
{
"category": "product_version",
"name": "npm22-22.22.2-150600.13.15.1.s390x",
"product": {
"name": "npm22-22.22.2-150600.13.15.1.s390x",
"product_id": "npm22-22.22.2-150600.13.15.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.22.2-150600.13.15.1.x86_64",
"product": {
"name": "corepack22-22.22.2-150600.13.15.1.x86_64",
"product_id": "corepack22-22.22.2-150600.13.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs22-22.22.2-150600.13.15.1.x86_64",
"product": {
"name": "nodejs22-22.22.2-150600.13.15.1.x86_64",
"product_id": "nodejs22-22.22.2-150600.13.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"product": {
"name": "nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"product_id": "nodejs22-devel-22.22.2-150600.13.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm22-22.22.2-150600.13.15.1.x86_64",
"product": {
"name": "npm22-22.22.2-150600.13.15.1.x86_64",
"product_id": "npm22-22.22.2-150600.13.15.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.22.2-150600.13.15.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64"
},
"product_reference": "nodejs22-22.22.2-150600.13.15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.22.2-150600.13.15.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le"
},
"product_reference": "nodejs22-22.22.2-150600.13.15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.22.2-150600.13.15.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x"
},
"product_reference": "nodejs22-22.22.2-150600.13.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.22.2-150600.13.15.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64"
},
"product_reference": "nodejs22-22.22.2-150600.13.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.22.2-150600.13.15.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64"
},
"product_reference": "nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.22.2-150600.13.15.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le"
},
"product_reference": "nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.22.2-150600.13.15.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x"
},
"product_reference": "nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.22.2-150600.13.15.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64"
},
"product_reference": "nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-docs-22.22.2-150600.13.15.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch"
},
"product_reference": "nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.22.2-150600.13.15.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64"
},
"product_reference": "npm22-22.22.2-150600.13.15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.22.2-150600.13.15.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le"
},
"product_reference": "npm22-22.22.2-150600.13.15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.22.2-150600.13.15.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x"
},
"product_reference": "npm22-22.22.2-150600.13.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.22.2-150600.13.15.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64"
},
"product_reference": "npm22-22.22.2-150600.13.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.22.2-150600.13.15.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le"
},
"product_reference": "nodejs22-22.22.2-150600.13.15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.22.2-150600.13.15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64"
},
"product_reference": "nodejs22-22.22.2-150600.13.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.22.2-150600.13.15.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le"
},
"product_reference": "nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.22.2-150600.13.15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64"
},
"product_reference": "nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-docs-22.22.2-150600.13.15.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch"
},
"product_reference": "nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.22.2-150600.13.15.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le"
},
"product_reference": "npm22-22.22.2-150600.13.15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.22.2-150600.13.15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
},
"product_reference": "npm22-22.22.2-150600.13.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-21637",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21637"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. This vulnerability affects TLS servers using PSK or ALPN callbacks across Node.js versions where these callbacks throw without being safely wrapped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21637",
"url": "https://www.suse.com/security/cve/CVE-2026-21637"
},
{
"category": "external",
"summary": "SUSE Bug 1256576 for CVE-2026-21637",
"url": "https://bugzilla.suse.com/1256576"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-21T06:27:53Z",
"details": "moderate"
}
],
"title": "CVE-2026-21637"
},
{
"cve": "CVE-2026-21710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21710"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`.\r\n\r\nWhen this occurs, `dest[\"__proto__\"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`.\r\n\r\n* This vulnerability affects all Node.js HTTP servers on **20.x, 22.x, 24.x, and v25.x**",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21710",
"url": "https://www.suse.com/security/cve/CVE-2026-21710"
},
{
"category": "external",
"summary": "SUSE Bug 1260455 for CVE-2026-21710",
"url": "https://bugzilla.suse.com/1260455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-21T06:27:53Z",
"details": "important"
}
],
"title": "CVE-2026-21710"
},
{
"cve": "CVE-2026-21713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21713"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior could be exploited as a timing oracle to infer HMAC values.\r\n\r\nNode.js already provides timing-safe comparison primitives used elsewhere in the codebase, indicating this is an oversight rather than an intentional design decision.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21713",
"url": "https://www.suse.com/security/cve/CVE-2026-21713"
},
{
"category": "external",
"summary": "SUSE Bug 1260463 for CVE-2026-21713",
"url": "https://bugzilla.suse.com/1260463"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-21T06:27:53Z",
"details": "moderate"
}
],
"title": "CVE-2026-21713"
},
{
"cve": "CVE-2026-21714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21714"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOW_UPDATE frames on stream 0 (connection-level) that cause the flow control window to exceed the maximum value of 2-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up.\r\n\r\nThis vulnerability affects HTTP2 users on Node.js 20, 22, 24 and 25.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21714",
"url": "https://www.suse.com/security/cve/CVE-2026-21714"
},
{
"category": "external",
"summary": "SUSE Bug 1260480 for CVE-2026-21714",
"url": "https://bugzilla.suse.com/1260480"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-21T06:27:53Z",
"details": "moderate"
}
],
"title": "CVE-2026-21714"
},
{
"cve": "CVE-2026-21715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21715"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, while all comparable filesystem functions correctly enforce them.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-read` can still use `fs.realpathSync.native()` to check file existence, resolve symlink targets, and enumerate filesystem paths outside of permitted directories.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-read` is intentionally restricted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21715",
"url": "https://www.suse.com/security/cve/CVE-2026-21715"
},
{
"category": "external",
"summary": "SUSE Bug 1260482 for CVE-2026-21715",
"url": "https://bugzilla.suse.com/1260482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-21T06:27:53Z",
"details": "low"
}
],
"title": "CVE-2026-21715"
},
{
"cve": "CVE-2026-21716",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21716"
}
],
"notes": [
{
"category": "general",
"text": "An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permission checks, while their callback-based equivalents (`fs.fchmod()`, `fs.fchown()`) were correctly patched.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-write` can still use promise-based `FileHandle` methods to modify file permissions and ownership on already-open file descriptors, bypassing the intended write restrictions.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-write` is intentionally restricted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21716",
"url": "https://www.suse.com/security/cve/CVE-2026-21716"
},
{
"category": "external",
"summary": "SUSE Bug 1260462 for CVE-2026-21716",
"url": "https://bugzilla.suse.com/1260462"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-21T06:27:53Z",
"details": "moderate"
}
],
"title": "CVE-2026-21716"
},
{
"cve": "CVE-2026-21717",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21717"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in V8\u0027s string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8\u0027s internal string table, an attacker can significantly degrade performance of the Node.js process.\r\n\r\nThe most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21717",
"url": "https://www.suse.com/security/cve/CVE-2026-21717"
},
{
"category": "external",
"summary": "SUSE Bug 1260494 for CVE-2026-21717",
"url": "https://bugzilla.suse.com/1260494"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.22.2-150600.13.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.22.2-150600.13.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.22.2-150600.13.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-21T06:27:53Z",
"details": "moderate"
}
],
"title": "CVE-2026-21717"
}
]
}
SUSE-SU-2026:21181-1
Vulnerability from csaf_suse - Published: 2026-04-13 10:59 - Updated: 2026-04-13 10:59Summary
Security update for nodejs24
Severity
Important
Notes
Title of the patch: Security update for nodejs24
Description of the patch: This update for nodejs24 fixes the following issues:
Update to version 24.14.1.
Security issues fixed:
- CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for
performance degradation via a crafted request (bsc#1260494).
- CVE-2026-21716: incomplete fix for CVE-2024-36137 allows promise-based FileHandle methods to be used to modify file
permissions and ownership on already-open file descriptors (bsc#1260462).
- CVE-2026-21715: flaw in the Permission Model filesystem enforcement allows for file existence disclosure and
filesystem path enumeration via `fs.realpathSync.native()` (bsc#1260482).
- CVE-2026-21714: memory leak in Node.js HTTP/2 server allows for resource exhaustion via `WINDOW_UPDATE` frames sent
on stream 0 (bsc#1260480).
- CVE-2026-21713: timing side-channel due to flaw in Node.js HMAC verification allows for discovery of HMAC values and
potential MAC forgery (bsc#1260463).
- CVE-2026-21712: assertion error caused by flaw in URL processing allows for a process crash via a URL with a
malformed IDN (bsc#1260460).
- CVE-2026-21710: uncaught `TypeError` when handling HTTP requests allows for a process crash via requests with a
header named `__proto__` when the application accesses `req.headersDistinct` (bsc#1260455).
- CVE-2026-21637: flaw in TLS error handling allows for resource exhaustion and crash when `pskCallback` or
`ALPNCallback` are in use (bsc#1256576).
- CVE-2025-59464: memory leak allows for remote denial of service against applications processing TLS client
certificates (bsc#1256572).
Other updates and bugfixes:
- Version 24.14.0:
* async_hooks: add trackPromises option to createHook()
* build,deps: replace cjs-module-lexer with merve
* deps: add LIEF as a dependency
* events: repurpose events.listenerCount() to accept EventTargets
* fs: add ignore option to fs.watch
* http: add http.setGlobalProxyFromEnv()
* module: allow subpath imports that start with #/
* process: preserve AsyncLocalStorage in queueMicrotask only when needed
* sea: split sea binary manipulation code
* sqlite: enable defensive mode by default
* sqlite: add sqlite prepare options args
* src: add initial support for ESM in embedder API
* stream: add bytes() method to node:stream/consumers
* stream: do not pass readable.compose() output via Readable.from()
* test: use fixture directories for sea tests
* test_runner: add env option to run function
* test_runner: support expecting a test-case to fail
* util: add convertProcessSignalToExitCode utility
* For details, see https://nodejs.org/en/blog/release/v24.14.0
Patchnames: SUSE-SLES-16.0-541
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.6 (Medium)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
4.4 (Medium)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
40 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs24",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs24 fixes the following issues:\n\nUpdate to version 24.14.1.\n\nSecurity issues fixed:\n\n- CVE-2026-21717: trivially predictable hash collisions due to flaw in V8\u0027s string hashing mechanism allows for\n performance degradation via a crafted request (bsc#1260494).\n- CVE-2026-21716: incomplete fix for CVE-2024-36137 allows promise-based FileHandle methods to be used to modify file\n permissions and ownership on already-open file descriptors (bsc#1260462).\n- CVE-2026-21715: flaw in the Permission Model filesystem enforcement allows for file existence disclosure and\n filesystem path enumeration via `fs.realpathSync.native()` (bsc#1260482).\n- CVE-2026-21714: memory leak in Node.js HTTP/2 server allows for resource exhaustion via `WINDOW_UPDATE` frames sent\n on stream 0 (bsc#1260480).\n- CVE-2026-21713: timing side-channel due to flaw in Node.js HMAC verification allows for discovery of HMAC values and\n potential MAC forgery (bsc#1260463).\n- CVE-2026-21712: assertion error caused by flaw in URL processing allows for a process crash via a URL with a\n malformed IDN (bsc#1260460).\n- CVE-2026-21710: uncaught `TypeError` when handling HTTP requests allows for a process crash via requests with a\n header named `__proto__` when the application accesses `req.headersDistinct` (bsc#1260455).\n- CVE-2026-21637: flaw in TLS error handling allows for resource exhaustion and crash when `pskCallback` or\n `ALPNCallback` are in use (bsc#1256576).\n- CVE-2025-59464: memory leak allows for remote denial of service against applications processing TLS client\n certificates (bsc#1256572).\n\nOther updates and bugfixes:\n\n- Version 24.14.0:\n * async_hooks: add trackPromises option to createHook()\n * build,deps: replace cjs-module-lexer with merve\n * deps: add LIEF as a dependency\n * events: repurpose events.listenerCount() to accept EventTargets\n * fs: add ignore option to fs.watch\n * http: add http.setGlobalProxyFromEnv()\n * module: allow subpath imports that start with #/\n * process: preserve AsyncLocalStorage in queueMicrotask only when needed\n * sea: split sea binary manipulation code\n * sqlite: enable defensive mode by default\n * sqlite: add sqlite prepare options args\n * src: add initial support for ESM in embedder API\n * stream: add bytes() method to node:stream/consumers\n * stream: do not pass readable.compose() output via Readable.from()\n * test: use fixture directories for sea tests\n * test_runner: add env option to run function\n * test_runner: support expecting a test-case to fail\n * util: add convertProcessSignalToExitCode utility\n * For details, see https://nodejs.org/en/blog/release/v24.14.0\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-541",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21181-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21181-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621181-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21181-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025537.html"
},
{
"category": "self",
"summary": "SUSE Bug 1256572",
"url": "https://bugzilla.suse.com/1256572"
},
{
"category": "self",
"summary": "SUSE Bug 1256576",
"url": "https://bugzilla.suse.com/1256576"
},
{
"category": "self",
"summary": "SUSE Bug 1260455",
"url": "https://bugzilla.suse.com/1260455"
},
{
"category": "self",
"summary": "SUSE Bug 1260460",
"url": "https://bugzilla.suse.com/1260460"
},
{
"category": "self",
"summary": "SUSE Bug 1260462",
"url": "https://bugzilla.suse.com/1260462"
},
{
"category": "self",
"summary": "SUSE Bug 1260463",
"url": "https://bugzilla.suse.com/1260463"
},
{
"category": "self",
"summary": "SUSE Bug 1260480",
"url": "https://bugzilla.suse.com/1260480"
},
{
"category": "self",
"summary": "SUSE Bug 1260482",
"url": "https://bugzilla.suse.com/1260482"
},
{
"category": "self",
"summary": "SUSE Bug 1260494",
"url": "https://bugzilla.suse.com/1260494"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-59464 page",
"url": "https://www.suse.com/security/cve/CVE-2025-59464/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21637 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21637/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21710 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21710/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21712 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21712/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21713 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21714 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21715 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21716 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21716/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21717 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21717/"
}
],
"title": "Security update for nodejs24",
"tracking": {
"current_release_date": "2026-04-13T10:59:52Z",
"generator": {
"date": "2026-04-13T10:59:52Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21181-1",
"initial_release_date": "2026-04-13T10:59:52Z",
"revision_history": [
{
"date": "2026-04-13T10:59:52Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "corepack24-24.14.1-160000.1.1.aarch64",
"product": {
"name": "corepack24-24.14.1-160000.1.1.aarch64",
"product_id": "corepack24-24.14.1-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs24-24.14.1-160000.1.1.aarch64",
"product": {
"name": "nodejs24-24.14.1-160000.1.1.aarch64",
"product_id": "nodejs24-24.14.1-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs24-devel-24.14.1-160000.1.1.aarch64",
"product": {
"name": "nodejs24-devel-24.14.1-160000.1.1.aarch64",
"product_id": "nodejs24-devel-24.14.1-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "npm24-24.14.1-160000.1.1.aarch64",
"product": {
"name": "npm24-24.14.1-160000.1.1.aarch64",
"product_id": "npm24-24.14.1-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs24-docs-24.14.1-160000.1.1.noarch",
"product": {
"name": "nodejs24-docs-24.14.1-160000.1.1.noarch",
"product_id": "nodejs24-docs-24.14.1-160000.1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack24-24.14.1-160000.1.1.ppc64le",
"product": {
"name": "corepack24-24.14.1-160000.1.1.ppc64le",
"product_id": "corepack24-24.14.1-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs24-24.14.1-160000.1.1.ppc64le",
"product": {
"name": "nodejs24-24.14.1-160000.1.1.ppc64le",
"product_id": "nodejs24-24.14.1-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"product": {
"name": "nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"product_id": "nodejs24-devel-24.14.1-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "npm24-24.14.1-160000.1.1.ppc64le",
"product": {
"name": "npm24-24.14.1-160000.1.1.ppc64le",
"product_id": "npm24-24.14.1-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack24-24.14.1-160000.1.1.s390x",
"product": {
"name": "corepack24-24.14.1-160000.1.1.s390x",
"product_id": "corepack24-24.14.1-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs24-24.14.1-160000.1.1.s390x",
"product": {
"name": "nodejs24-24.14.1-160000.1.1.s390x",
"product_id": "nodejs24-24.14.1-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs24-devel-24.14.1-160000.1.1.s390x",
"product": {
"name": "nodejs24-devel-24.14.1-160000.1.1.s390x",
"product_id": "nodejs24-devel-24.14.1-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "npm24-24.14.1-160000.1.1.s390x",
"product": {
"name": "npm24-24.14.1-160000.1.1.s390x",
"product_id": "npm24-24.14.1-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack24-24.14.1-160000.1.1.x86_64",
"product": {
"name": "corepack24-24.14.1-160000.1.1.x86_64",
"product_id": "corepack24-24.14.1-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs24-24.14.1-160000.1.1.x86_64",
"product": {
"name": "nodejs24-24.14.1-160000.1.1.x86_64",
"product_id": "nodejs24-24.14.1-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs24-devel-24.14.1-160000.1.1.x86_64",
"product": {
"name": "nodejs24-devel-24.14.1-160000.1.1.x86_64",
"product_id": "nodejs24-devel-24.14.1-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm24-24.14.1-160000.1.1.x86_64",
"product": {
"name": "npm24-24.14.1-160000.1.1.x86_64",
"product_id": "npm24-24.14.1-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack24-24.14.1-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64"
},
"product_reference": "corepack24-24.14.1-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack24-24.14.1-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le"
},
"product_reference": "corepack24-24.14.1-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack24-24.14.1-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x"
},
"product_reference": "corepack24-24.14.1-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack24-24.14.1-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64"
},
"product_reference": "corepack24-24.14.1-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-24.14.1-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64"
},
"product_reference": "nodejs24-24.14.1-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-24.14.1-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le"
},
"product_reference": "nodejs24-24.14.1-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-24.14.1-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x"
},
"product_reference": "nodejs24-24.14.1-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-24.14.1-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64"
},
"product_reference": "nodejs24-24.14.1-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-devel-24.14.1-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64"
},
"product_reference": "nodejs24-devel-24.14.1-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-devel-24.14.1-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le"
},
"product_reference": "nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-devel-24.14.1-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x"
},
"product_reference": "nodejs24-devel-24.14.1-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-devel-24.14.1-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64"
},
"product_reference": "nodejs24-devel-24.14.1-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-docs-24.14.1-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch"
},
"product_reference": "nodejs24-docs-24.14.1-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm24-24.14.1-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64"
},
"product_reference": "npm24-24.14.1-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm24-24.14.1-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le"
},
"product_reference": "npm24-24.14.1-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm24-24.14.1-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x"
},
"product_reference": "npm24-24.14.1-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm24-24.14.1-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64"
},
"product_reference": "npm24-24.14.1-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack24-24.14.1-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64"
},
"product_reference": "corepack24-24.14.1-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack24-24.14.1-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le"
},
"product_reference": "corepack24-24.14.1-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack24-24.14.1-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x"
},
"product_reference": "corepack24-24.14.1-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack24-24.14.1-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64"
},
"product_reference": "corepack24-24.14.1-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-24.14.1-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64"
},
"product_reference": "nodejs24-24.14.1-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-24.14.1-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le"
},
"product_reference": "nodejs24-24.14.1-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-24.14.1-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x"
},
"product_reference": "nodejs24-24.14.1-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-24.14.1-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64"
},
"product_reference": "nodejs24-24.14.1-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-devel-24.14.1-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64"
},
"product_reference": "nodejs24-devel-24.14.1-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-devel-24.14.1-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le"
},
"product_reference": "nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-devel-24.14.1-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x"
},
"product_reference": "nodejs24-devel-24.14.1-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-devel-24.14.1-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64"
},
"product_reference": "nodejs24-devel-24.14.1-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-docs-24.14.1-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch"
},
"product_reference": "nodejs24-docs-24.14.1-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm24-24.14.1-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64"
},
"product_reference": "npm24-24.14.1-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm24-24.14.1-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le"
},
"product_reference": "npm24-24.14.1-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm24-24.14.1-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x"
},
"product_reference": "npm24-24.14.1-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm24-24.14.1-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
},
"product_reference": "npm24-24.14.1-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-59464",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-59464"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak in Node.js\u0027s OpenSSL integration occurs when converting `X.509` certificate fields to UTF-8 without freeing the allocated buffer. When applications call `socket.getPeerCertificate(true)`, each certificate field leaks memory, allowing remote clients to trigger steady memory growth through repeated TLS connections. Over time this can lead to resource exhaustion and denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-59464",
"url": "https://www.suse.com/security/cve/CVE-2025-59464"
},
{
"category": "external",
"summary": "SUSE Bug 1256572 for CVE-2025-59464",
"url": "https://bugzilla.suse.com/1256572"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T10:59:52Z",
"details": "moderate"
}
],
"title": "CVE-2025-59464"
},
{
"cve": "CVE-2026-21637",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21637"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. This vulnerability affects TLS servers using PSK or ALPN callbacks across Node.js versions where these callbacks throw without being safely wrapped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21637",
"url": "https://www.suse.com/security/cve/CVE-2026-21637"
},
{
"category": "external",
"summary": "SUSE Bug 1256576 for CVE-2026-21637",
"url": "https://bugzilla.suse.com/1256576"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T10:59:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-21637"
},
{
"cve": "CVE-2026-21710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21710"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`.\r\n\r\nWhen this occurs, `dest[\"__proto__\"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`.\r\n\r\n* This vulnerability affects all Node.js HTTP servers on **20.x, 22.x, 24.x, and v25.x**",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21710",
"url": "https://www.suse.com/security/cve/CVE-2026-21710"
},
{
"category": "external",
"summary": "SUSE Bug 1260455 for CVE-2026-21710",
"url": "https://bugzilla.suse.com/1260455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T10:59:52Z",
"details": "important"
}
],
"title": "CVE-2026-21710"
},
{
"cve": "CVE-2026-21712",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21712"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js URL processing causes an assertion failure in native code when `url.format()` is called with a malformed internationalized domain name (IDN) containing invalid characters, crashing the Node.js process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21712",
"url": "https://www.suse.com/security/cve/CVE-2026-21712"
},
{
"category": "external",
"summary": "SUSE Bug 1260460 for CVE-2026-21712",
"url": "https://bugzilla.suse.com/1260460"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T10:59:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-21712"
},
{
"cve": "CVE-2026-21713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21713"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior could be exploited as a timing oracle to infer HMAC values.\r\n\r\nNode.js already provides timing-safe comparison primitives used elsewhere in the codebase, indicating this is an oversight rather than an intentional design decision.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21713",
"url": "https://www.suse.com/security/cve/CVE-2026-21713"
},
{
"category": "external",
"summary": "SUSE Bug 1260463 for CVE-2026-21713",
"url": "https://bugzilla.suse.com/1260463"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T10:59:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-21713"
},
{
"cve": "CVE-2026-21714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21714"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOW_UPDATE frames on stream 0 (connection-level) that cause the flow control window to exceed the maximum value of 2-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up.\r\n\r\nThis vulnerability affects HTTP2 users on Node.js 20, 22, 24 and 25.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21714",
"url": "https://www.suse.com/security/cve/CVE-2026-21714"
},
{
"category": "external",
"summary": "SUSE Bug 1260480 for CVE-2026-21714",
"url": "https://bugzilla.suse.com/1260480"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T10:59:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-21714"
},
{
"cve": "CVE-2026-21715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21715"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, while all comparable filesystem functions correctly enforce them.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-read` can still use `fs.realpathSync.native()` to check file existence, resolve symlink targets, and enumerate filesystem paths outside of permitted directories.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-read` is intentionally restricted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21715",
"url": "https://www.suse.com/security/cve/CVE-2026-21715"
},
{
"category": "external",
"summary": "SUSE Bug 1260482 for CVE-2026-21715",
"url": "https://bugzilla.suse.com/1260482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T10:59:52Z",
"details": "low"
}
],
"title": "CVE-2026-21715"
},
{
"cve": "CVE-2026-21716",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21716"
}
],
"notes": [
{
"category": "general",
"text": "An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permission checks, while their callback-based equivalents (`fs.fchmod()`, `fs.fchown()`) were correctly patched.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-write` can still use promise-based `FileHandle` methods to modify file permissions and ownership on already-open file descriptors, bypassing the intended write restrictions.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-write` is intentionally restricted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21716",
"url": "https://www.suse.com/security/cve/CVE-2026-21716"
},
{
"category": "external",
"summary": "SUSE Bug 1260462 for CVE-2026-21716",
"url": "https://bugzilla.suse.com/1260462"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T10:59:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-21716"
},
{
"cve": "CVE-2026-21717",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21717"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in V8\u0027s string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8\u0027s internal string table, an attacker can significantly degrade performance of the Node.js process.\r\n\r\nThe most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21717",
"url": "https://www.suse.com/security/cve/CVE-2026-21717"
},
{
"category": "external",
"summary": "SUSE Bug 1260494 for CVE-2026-21717",
"url": "https://bugzilla.suse.com/1260494"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-devel-24.14.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs24-docs-24.14.1-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm24-24.14.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T10:59:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-21717"
}
]
}
SUSE-SU-2026:22368-1
Vulnerability from csaf_suse - Published: 2026-06-25 12:57 - Updated: 2026-06-25 12:57Summary
Security update for nodejs22
Severity
Important
Notes
Title of the patch: Security update for nodejs22
Description of the patch: This update for nodejs22 fixes the following issues
Update to 22.23.0:
- CVE-2026-6733: undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response
delivery (bsc#1268479).
- CVE-2026-9496: pacote: excessive CPU consumption in `addGitSha` when processing a specially crafted `spec.rawSpec`
value can lead to DoS (bsc#1266318).
- CVE-2026-9679: undici: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding (bsc#1268477).
- CVE-2026-11525: undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header
(bsc#1268481).
- CVE-2026-12151: undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames (bsc#1268482).
- CVE-2026-21637: synchronous exceptions thrown during certain callbacks bypass the standard TLS error handling paths
and can cause a denial of service (bsc#1256576).
- CVE-2026-21710: uncaught TypeError exception can cause a denial of service (bsc#1260455).
- CVE-2026-21713: timing side-channel in HMAC verification via memcmp can lead to potential MAC forgery (bsc#1260463).
- CVE-2026-21714: WINDOW_UPDATE frames on stream 0 can lead to memory leak (bsc#1260480).
- CVE-2026-21715: permission model bypass in realpathSync.native can allow file existence disclosure (bsc#1260482).
- CVE-2026-21716: promise-based FileHandle methods can be used to modify file permissions and ownership (bsc#1260462).
- CVE-2026-21717: crafted request can lead to hash collisions trivially predictable (bsc#1260494).
- CVE-2026-27135: nghttp2: assertion failure due to missing state validation can lead to DoS (bsc#1259853).
- CVE-2026-40170: ngtcp2: qlog parameters_set stack buffer overflow (bsc#1262274).
- CVE-2026-42338: ip-address: Cross-site scripting via improper HTML escaping of untrusted input (bsc#1268097).
- CVE-2026-48615: Proxy credentials leaked in ERR_PROXY_TUNNEL error message (bsc#1268598).
- CVE-2026-48617: permission model enforcement bypass via `process.report.writeReport()` path misvalidation
(bsc#1268554).
- CVE-2026-48618: Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to
resolver and verifier hostname normalization mismatch (bsc#1268593).
- CVE-2026-48619: Unbounded memory growth in node:http2 clients via attacker-controlled ORIGIN frames (bsc#1268618).
- CVE-2026-48928: Uppercase sni context matching can lead to mtls authorization bypass due to case-sensitive hostname
matching (bsc#1268605).
- CVE-2026-48930: Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver
bindings (bsc#1268606).
- CVE-2026-48931: HTTP Response Queue Poisoning via TOCTOU Race Condition in http.Agent (bsc#1268611).
- CVE-2026-48933: Node.js WebCrypto AES Integer Overflow Leads to Remote Process Abort (bsc#1268592).
- CVE-2026-48934: TLS host identity verification bypass via session reuse with different servername leads to
unauthorized connections (bsc#1268608).
- CVE-2026-48935: Permission Model bypass via FileHandle.utimes() in the promises API (bsc#1268609).
- CVE-2026-48937: servers keep accepting data even after sending a `GOAWAY` frame (bsc#1268555).
Patchnames: SUSE-SLES-16.0-1079
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5.9 (Medium)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.6 (Medium)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
4.4 (Medium)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.5 (High)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4 (Medium)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5.5 (Medium)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
113 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs22",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs22 fixes the following issues\n\nUpdate to 22.23.0:\n\n- CVE-2026-6733: undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response\n delivery (bsc#1268479).\n- CVE-2026-9496: pacote: excessive CPU consumption in `addGitSha` when processing a specially crafted `spec.rawSpec`\n value can lead to DoS (bsc#1266318).\n- CVE-2026-9679: undici: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding (bsc#1268477).\n- CVE-2026-11525: undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header\n (bsc#1268481).\n- CVE-2026-12151: undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames (bsc#1268482).\n- CVE-2026-21637: synchronous exceptions thrown during certain callbacks bypass the standard TLS error handling paths\n and can cause a denial of service (bsc#1256576).\n- CVE-2026-21710: uncaught TypeError exception can cause a denial of service (bsc#1260455).\n- CVE-2026-21713: timing side-channel in HMAC verification via memcmp can lead to potential MAC forgery (bsc#1260463).\n- CVE-2026-21714: WINDOW_UPDATE frames on stream 0 can lead to memory leak (bsc#1260480).\n- CVE-2026-21715: permission model bypass in realpathSync.native can allow file existence disclosure (bsc#1260482).\n- CVE-2026-21716: promise-based FileHandle methods can be used to modify file permissions and ownership (bsc#1260462).\n- CVE-2026-21717: crafted request can lead to hash collisions trivially predictable (bsc#1260494).\n- CVE-2026-27135: nghttp2: assertion failure due to missing state validation can lead to DoS (bsc#1259853).\n- CVE-2026-40170: ngtcp2: qlog parameters_set stack buffer overflow (bsc#1262274).\n- CVE-2026-42338: ip-address: Cross-site scripting via improper HTML escaping of untrusted input (bsc#1268097).\n- CVE-2026-48615: Proxy credentials leaked in ERR_PROXY_TUNNEL error message (bsc#1268598).\n- CVE-2026-48617: permission model enforcement bypass via `process.report.writeReport()` path misvalidation\n (bsc#1268554).\n- CVE-2026-48618: Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to\n resolver and verifier hostname normalization mismatch (bsc#1268593).\n- CVE-2026-48619: Unbounded memory growth in node:http2 clients via attacker-controlled ORIGIN frames (bsc#1268618).\n- CVE-2026-48928: Uppercase sni context matching can lead to mtls authorization bypass due to case-sensitive hostname\n matching (bsc#1268605).\n- CVE-2026-48930: Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver\n bindings (bsc#1268606).\n- CVE-2026-48931: HTTP Response Queue Poisoning via TOCTOU Race Condition in http.Agent (bsc#1268611).\n- CVE-2026-48933: Node.js WebCrypto AES Integer Overflow Leads to Remote Process Abort (bsc#1268592).\n- CVE-2026-48934: TLS host identity verification bypass via session reuse with different servername leads to\n unauthorized connections (bsc#1268608).\n- CVE-2026-48935: Permission Model bypass via FileHandle.utimes() in the promises API (bsc#1268609).\n- CVE-2026-48937: servers keep accepting data even after sending a `GOAWAY` frame (bsc#1268555).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-1079",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22368-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22368-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622368-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22368-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-July/047771.html"
},
{
"category": "self",
"summary": "SUSE Bug 1256576",
"url": "https://bugzilla.suse.com/1256576"
},
{
"category": "self",
"summary": "SUSE Bug 1259853",
"url": "https://bugzilla.suse.com/1259853"
},
{
"category": "self",
"summary": "SUSE Bug 1260455",
"url": "https://bugzilla.suse.com/1260455"
},
{
"category": "self",
"summary": "SUSE Bug 1260462",
"url": "https://bugzilla.suse.com/1260462"
},
{
"category": "self",
"summary": "SUSE Bug 1260463",
"url": "https://bugzilla.suse.com/1260463"
},
{
"category": "self",
"summary": "SUSE Bug 1260480",
"url": "https://bugzilla.suse.com/1260480"
},
{
"category": "self",
"summary": "SUSE Bug 1260482",
"url": "https://bugzilla.suse.com/1260482"
},
{
"category": "self",
"summary": "SUSE Bug 1260494",
"url": "https://bugzilla.suse.com/1260494"
},
{
"category": "self",
"summary": "SUSE Bug 1262274",
"url": "https://bugzilla.suse.com/1262274"
},
{
"category": "self",
"summary": "SUSE Bug 1266318",
"url": "https://bugzilla.suse.com/1266318"
},
{
"category": "self",
"summary": "SUSE Bug 1268097",
"url": "https://bugzilla.suse.com/1268097"
},
{
"category": "self",
"summary": "SUSE Bug 1268477",
"url": "https://bugzilla.suse.com/1268477"
},
{
"category": "self",
"summary": "SUSE Bug 1268479",
"url": "https://bugzilla.suse.com/1268479"
},
{
"category": "self",
"summary": "SUSE Bug 1268481",
"url": "https://bugzilla.suse.com/1268481"
},
{
"category": "self",
"summary": "SUSE Bug 1268482",
"url": "https://bugzilla.suse.com/1268482"
},
{
"category": "self",
"summary": "SUSE Bug 1268554",
"url": "https://bugzilla.suse.com/1268554"
},
{
"category": "self",
"summary": "SUSE Bug 1268555",
"url": "https://bugzilla.suse.com/1268555"
},
{
"category": "self",
"summary": "SUSE Bug 1268592",
"url": "https://bugzilla.suse.com/1268592"
},
{
"category": "self",
"summary": "SUSE Bug 1268593",
"url": "https://bugzilla.suse.com/1268593"
},
{
"category": "self",
"summary": "SUSE Bug 1268598",
"url": "https://bugzilla.suse.com/1268598"
},
{
"category": "self",
"summary": "SUSE Bug 1268605",
"url": "https://bugzilla.suse.com/1268605"
},
{
"category": "self",
"summary": "SUSE Bug 1268606",
"url": "https://bugzilla.suse.com/1268606"
},
{
"category": "self",
"summary": "SUSE Bug 1268608",
"url": "https://bugzilla.suse.com/1268608"
},
{
"category": "self",
"summary": "SUSE Bug 1268609",
"url": "https://bugzilla.suse.com/1268609"
},
{
"category": "self",
"summary": "SUSE Bug 1268611",
"url": "https://bugzilla.suse.com/1268611"
},
{
"category": "self",
"summary": "SUSE Bug 1268618",
"url": "https://bugzilla.suse.com/1268618"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-11525 page",
"url": "https://www.suse.com/security/cve/CVE-2026-11525/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-12151 page",
"url": "https://www.suse.com/security/cve/CVE-2026-12151/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21637 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21637/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21710 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21710/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21713 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21714 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21715 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21716 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21716/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21717 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21717/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27135 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-40170 page",
"url": "https://www.suse.com/security/cve/CVE-2026-40170/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42338 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42338/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48615 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48615/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48617 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48617/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48618 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48619 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48619/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48928 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48928/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48930 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48930/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48931 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48931/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48933 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48933/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48934 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48935 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48935/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48937 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48937/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-6733 page",
"url": "https://www.suse.com/security/cve/CVE-2026-6733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-9496 page",
"url": "https://www.suse.com/security/cve/CVE-2026-9496/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-9679 page",
"url": "https://www.suse.com/security/cve/CVE-2026-9679/"
}
],
"title": "Security update for nodejs22",
"tracking": {
"current_release_date": "2026-06-25T12:57:12Z",
"generator": {
"date": "2026-06-25T12:57:12Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22368-1",
"initial_release_date": "2026-06-25T12:57:12Z",
"revision_history": [
{
"date": "2026-06-25T12:57:12Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.23.0-160000.1.1.aarch64",
"product": {
"name": "corepack22-22.23.0-160000.1.1.aarch64",
"product_id": "corepack22-22.23.0-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs22-22.23.0-160000.1.1.aarch64",
"product": {
"name": "nodejs22-22.23.0-160000.1.1.aarch64",
"product_id": "nodejs22-22.23.0-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.23.0-160000.1.1.aarch64",
"product": {
"name": "nodejs22-devel-22.23.0-160000.1.1.aarch64",
"product_id": "nodejs22-devel-22.23.0-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "npm22-22.23.0-160000.1.1.aarch64",
"product": {
"name": "npm22-22.23.0-160000.1.1.aarch64",
"product_id": "npm22-22.23.0-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs22-docs-22.23.0-160000.1.1.noarch",
"product": {
"name": "nodejs22-docs-22.23.0-160000.1.1.noarch",
"product_id": "nodejs22-docs-22.23.0-160000.1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.23.0-160000.1.1.ppc64le",
"product": {
"name": "corepack22-22.23.0-160000.1.1.ppc64le",
"product_id": "corepack22-22.23.0-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs22-22.23.0-160000.1.1.ppc64le",
"product": {
"name": "nodejs22-22.23.0-160000.1.1.ppc64le",
"product_id": "nodejs22-22.23.0-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"product": {
"name": "nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"product_id": "nodejs22-devel-22.23.0-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "npm22-22.23.0-160000.1.1.ppc64le",
"product": {
"name": "npm22-22.23.0-160000.1.1.ppc64le",
"product_id": "npm22-22.23.0-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.23.0-160000.1.1.s390x",
"product": {
"name": "corepack22-22.23.0-160000.1.1.s390x",
"product_id": "corepack22-22.23.0-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs22-22.23.0-160000.1.1.s390x",
"product": {
"name": "nodejs22-22.23.0-160000.1.1.s390x",
"product_id": "nodejs22-22.23.0-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.23.0-160000.1.1.s390x",
"product": {
"name": "nodejs22-devel-22.23.0-160000.1.1.s390x",
"product_id": "nodejs22-devel-22.23.0-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "npm22-22.23.0-160000.1.1.s390x",
"product": {
"name": "npm22-22.23.0-160000.1.1.s390x",
"product_id": "npm22-22.23.0-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.23.0-160000.1.1.x86_64",
"product": {
"name": "corepack22-22.23.0-160000.1.1.x86_64",
"product_id": "corepack22-22.23.0-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs22-22.23.0-160000.1.1.x86_64",
"product": {
"name": "nodejs22-22.23.0-160000.1.1.x86_64",
"product_id": "nodejs22-22.23.0-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.23.0-160000.1.1.x86_64",
"product": {
"name": "nodejs22-devel-22.23.0-160000.1.1.x86_64",
"product_id": "nodejs22-devel-22.23.0-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm22-22.23.0-160000.1.1.x86_64",
"product": {
"name": "npm22-22.23.0-160000.1.1.x86_64",
"product_id": "npm22-22.23.0-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack22-22.23.0-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64"
},
"product_reference": "corepack22-22.23.0-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack22-22.23.0-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le"
},
"product_reference": "corepack22-22.23.0-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack22-22.23.0-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x"
},
"product_reference": "corepack22-22.23.0-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack22-22.23.0-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64"
},
"product_reference": "corepack22-22.23.0-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64"
},
"product_reference": "nodejs22-22.23.0-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le"
},
"product_reference": "nodejs22-22.23.0-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x"
},
"product_reference": "nodejs22-22.23.0-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64"
},
"product_reference": "nodejs22-22.23.0-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64"
},
"product_reference": "nodejs22-devel-22.23.0-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le"
},
"product_reference": "nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x"
},
"product_reference": "nodejs22-devel-22.23.0-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64"
},
"product_reference": "nodejs22-devel-22.23.0-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-docs-22.23.0-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch"
},
"product_reference": "nodejs22-docs-22.23.0-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64"
},
"product_reference": "npm22-22.23.0-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le"
},
"product_reference": "npm22-22.23.0-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x"
},
"product_reference": "npm22-22.23.0-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64"
},
"product_reference": "npm22-22.23.0-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack22-22.23.0-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64"
},
"product_reference": "corepack22-22.23.0-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack22-22.23.0-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le"
},
"product_reference": "corepack22-22.23.0-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack22-22.23.0-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x"
},
"product_reference": "corepack22-22.23.0-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack22-22.23.0-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64"
},
"product_reference": "corepack22-22.23.0-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64"
},
"product_reference": "nodejs22-22.23.0-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le"
},
"product_reference": "nodejs22-22.23.0-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x"
},
"product_reference": "nodejs22-22.23.0-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64"
},
"product_reference": "nodejs22-22.23.0-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64"
},
"product_reference": "nodejs22-devel-22.23.0-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le"
},
"product_reference": "nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x"
},
"product_reference": "nodejs22-devel-22.23.0-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64"
},
"product_reference": "nodejs22-devel-22.23.0-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-docs-22.23.0-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch"
},
"product_reference": "nodejs22-docs-22.23.0-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64"
},
"product_reference": "npm22-22.23.0-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le"
},
"product_reference": "npm22-22.23.0-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x"
},
"product_reference": "npm22-22.23.0-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
},
"product_reference": "npm22-22.23.0-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-11525",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-11525"
}
],
"notes": [
{
"category": "general",
"text": "Impact:\nWhen undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring, rather than the case-insensitive exact match specified by RFC 6265. Non-spec values are silently mapped to one of the three standard tokens. For example, SameSite=NoneOfYourBusiness is parsed as None (the most permissive setting), and SameSite=StrictLax is parsed as Lax (a downgrade from Strict).\n\nAffected applications are those that consume Set-Cookie headers from server responses (for example via undici\u0027s fetch or proxy code paths) and then forward or rely on the parsed sameSite attribute. A malicious or non-compliant server can coerce the consumer\u0027s view of a cookie\u0027s SameSite policy to a weaker value, silently degrading the SameSite enforcement the cookie is supposed to provide.\n\nThis was introduced in undici 5.15.0 when the cookies feature was added.\n\nPatches:\nUpgrade to undici v6.26.0, v7.28.0 or v8.5.0.\n\nWorkarounds:\nAfter parsing a Set-Cookie header, validate that the resulting sameSite attribute is one of \u0027Strict\u0027, \u0027Lax\u0027, or \u0027None\u0027 (exact, case-insensitive) before forwarding or relying on it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-11525",
"url": "https://www.suse.com/security/cve/CVE-2026-11525"
},
{
"category": "external",
"summary": "SUSE Bug 1268481 for CVE-2026-11525",
"url": "https://bugzilla.suse.com/1268481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "low"
}
],
"title": "CVE-2026-11525"
},
{
"cve": "CVE-2026-12151",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-12151"
}
],
"notes": [
{
"category": "general",
"text": "Impact:\nThe undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSocket server can stream many small or empty continuation frames that each pass per-frame and cumulative-size validation, collectively causing unbounded memory growth in the client process. The result is memory exhaustion and a denial of service.\n\nAffected applications are those using the undici WebSocket client (new WebSocket(...)) or the WebSocketStream API that can be induced to connect to an attacker-controlled or compromised WebSocket endpoint.\n\nAll releases starting at undici 6.17.0 are affected.\n\nPatches: Upgrade to undici \u003e= 6.26.0, \u003e= 7.28.0, or \u003e= 8.5.0. Workarounds:\nNo workaround is available. The fix must be applied through an upgrade.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-12151",
"url": "https://www.suse.com/security/cve/CVE-2026-12151"
},
{
"category": "external",
"summary": "SUSE Bug 1268482 for CVE-2026-12151",
"url": "https://bugzilla.suse.com/1268482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-12151"
},
{
"cve": "CVE-2026-21637",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21637"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. This vulnerability affects TLS servers using PSK or ALPN callbacks across Node.js versions where these callbacks throw without being safely wrapped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21637",
"url": "https://www.suse.com/security/cve/CVE-2026-21637"
},
{
"category": "external",
"summary": "SUSE Bug 1256576 for CVE-2026-21637",
"url": "https://bugzilla.suse.com/1256576"
},
{
"category": "external",
"summary": "SUSE Bug 1260482 for CVE-2026-21637",
"url": "https://bugzilla.suse.com/1260482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-21637"
},
{
"cve": "CVE-2026-21710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21710"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`.\r\n\r\nWhen this occurs, `dest[\"__proto__\"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`.\r\n\r\n* This vulnerability affects all Node.js HTTP servers on **20.x, 22.x, 24.x, and v25.x**",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21710",
"url": "https://www.suse.com/security/cve/CVE-2026-21710"
},
{
"category": "external",
"summary": "SUSE Bug 1260455 for CVE-2026-21710",
"url": "https://bugzilla.suse.com/1260455"
},
{
"category": "external",
"summary": "SUSE Bug 1260482 for CVE-2026-21710",
"url": "https://bugzilla.suse.com/1260482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "important"
}
],
"title": "CVE-2026-21710"
},
{
"cve": "CVE-2026-21713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21713"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior could be exploited as a timing oracle to infer HMAC values.\r\n\r\nNode.js already provides timing-safe comparison primitives used elsewhere in the codebase, indicating this is an oversight rather than an intentional design decision.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21713",
"url": "https://www.suse.com/security/cve/CVE-2026-21713"
},
{
"category": "external",
"summary": "SUSE Bug 1260463 for CVE-2026-21713",
"url": "https://bugzilla.suse.com/1260463"
},
{
"category": "external",
"summary": "SUSE Bug 1260482 for CVE-2026-21713",
"url": "https://bugzilla.suse.com/1260482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-21713"
},
{
"cve": "CVE-2026-21714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21714"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOW_UPDATE frames on stream 0 (connection-level) that cause the flow control window to exceed the maximum value of 2-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up.\r\n\r\nThis vulnerability affects HTTP2 users on Node.js 20, 22, 24 and 25.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21714",
"url": "https://www.suse.com/security/cve/CVE-2026-21714"
},
{
"category": "external",
"summary": "SUSE Bug 1260480 for CVE-2026-21714",
"url": "https://bugzilla.suse.com/1260480"
},
{
"category": "external",
"summary": "SUSE Bug 1260482 for CVE-2026-21714",
"url": "https://bugzilla.suse.com/1260482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-21714"
},
{
"cve": "CVE-2026-21715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21715"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, while all comparable filesystem functions correctly enforce them.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-read` can still use `fs.realpathSync.native()` to check file existence, resolve symlink targets, and enumerate filesystem paths outside of permitted directories.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-read` is intentionally restricted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21715",
"url": "https://www.suse.com/security/cve/CVE-2026-21715"
},
{
"category": "external",
"summary": "SUSE Bug 1260482 for CVE-2026-21715",
"url": "https://bugzilla.suse.com/1260482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "low"
}
],
"title": "CVE-2026-21715"
},
{
"cve": "CVE-2026-21716",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21716"
}
],
"notes": [
{
"category": "general",
"text": "An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permission checks, while their callback-based equivalents (`fs.fchmod()`, `fs.fchown()`) were correctly patched.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-write` can still use promise-based `FileHandle` methods to modify file permissions and ownership on already-open file descriptors, bypassing the intended write restrictions.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-write` is intentionally restricted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21716",
"url": "https://www.suse.com/security/cve/CVE-2026-21716"
},
{
"category": "external",
"summary": "SUSE Bug 1260462 for CVE-2026-21716",
"url": "https://bugzilla.suse.com/1260462"
},
{
"category": "external",
"summary": "SUSE Bug 1260482 for CVE-2026-21716",
"url": "https://bugzilla.suse.com/1260482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-21716"
},
{
"cve": "CVE-2026-21717",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21717"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in V8\u0027s string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8\u0027s internal string table, an attacker can significantly degrade performance of the Node.js process.\r\n\r\nThe most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21717",
"url": "https://www.suse.com/security/cve/CVE-2026-21717"
},
{
"category": "external",
"summary": "SUSE Bug 1260494 for CVE-2026-21717",
"url": "https://bugzilla.suse.com/1260494"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-21717"
},
{
"cve": "CVE-2026-27135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27135"
}
],
"notes": [
{
"category": "general",
"text": "nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27135",
"url": "https://www.suse.com/security/cve/CVE-2026-27135"
},
{
"category": "external",
"summary": "SUSE Bug 1259835 for CVE-2026-27135",
"url": "https://bugzilla.suse.com/1259835"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "important"
}
],
"title": "CVE-2026-27135"
},
{
"cve": "CVE-2026-40170",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-40170"
}
],
"notes": [
{
"category": "general",
"text": "ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport parameters during the QUIC handshake to cause writes beyond the buffer boundary, resulting in a stack buffer overflow. This affects deployments that enable the qlog callback and process untrusted peer transport parameters. This issue has been fixed in version 1.22.1. If developers are unable to immediately upgrade, they can disable the qlog on client.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-40170",
"url": "https://www.suse.com/security/cve/CVE-2026-40170"
},
{
"category": "external",
"summary": "SUSE Bug 1262273 for CVE-2026-40170",
"url": "https://bugzilla.suse.com/1262273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "important"
}
],
"title": "CVE-2026-40170"
},
{
"cve": "CVE-2026-42338",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42338"
}
],
"notes": [
{
"category": "general",
"text": "ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group() and Address6.link() do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage (emitted by the Address6 constructor for invalid input) can contain unescaped attacker-controlled content in one branch. An application that (1) passes untrusted input to Address6 and (2) renders the output of these methods, or the thrown error\u0027s parseMessage, as HTML (e.g. via innerHTML) is vulnerable to cross-site scripting. This vulnerability is fixed in 10.1.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42338",
"url": "https://www.suse.com/security/cve/CVE-2026-42338"
},
{
"category": "external",
"summary": "SUSE Bug 1268097 for CVE-2026-42338",
"url": "https://bugzilla.suse.com/1268097"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-42338"
},
{
"cve": "CVE-2026-48615",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48615"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL` error messages.\r\n\r\nWhen proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48615",
"url": "https://www.suse.com/security/cve/CVE-2026-48615"
},
{
"category": "external",
"summary": "SUSE Bug 1268598 for CVE-2026-48615",
"url": "https://bugzilla.suse.com/1268598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "important"
}
],
"title": "CVE-2026-48615"
},
{
"cve": "CVE-2026-48617",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48617"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js Permission Model enforcement allows Bypass via `process.report.writeReport()` Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48617",
"url": "https://www.suse.com/security/cve/CVE-2026-48617"
},
{
"category": "external",
"summary": "SUSE Bug 1268554 for CVE-2026-48617",
"url": "https://bugzilla.suse.com/1268554"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-48617"
},
{
"cve": "CVE-2026-48618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48618"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat.\r\n\r\nThis can lead to confidentiality impact or bypass of the intended security boundary under affected configurations.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48618",
"url": "https://www.suse.com/security/cve/CVE-2026-48618"
},
{
"category": "external",
"summary": "SUSE Bug 1268593 for CVE-2026-48618",
"url": "https://bugzilla.suse.com/1268593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "important"
}
],
"title": "CVE-2026-48618"
},
{
"cve": "CVE-2026-48619",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48619"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48619",
"url": "https://www.suse.com/security/cve/CVE-2026-48619"
},
{
"category": "external",
"summary": "SUSE Bug 1268618 for CVE-2026-48619",
"url": "https://bugzilla.suse.com/1268618"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-48619"
},
{
"cve": "CVE-2026-48928",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48928"
}
],
"notes": [
{
"category": "general",
"text": "A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48928",
"url": "https://www.suse.com/security/cve/CVE-2026-48928"
},
{
"category": "external",
"summary": "SUSE Bug 1268605 for CVE-2026-48928",
"url": "https://bugzilla.suse.com/1268605"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-48928"
},
{
"cve": "CVE-2026-48930",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48930"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48930",
"url": "https://www.suse.com/security/cve/CVE-2026-48930"
},
{
"category": "external",
"summary": "SUSE Bug 1268606 for CVE-2026-48930",
"url": "https://bugzilla.suse.com/1268606"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-48930"
},
{
"cve": "CVE-2026-48931",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48931"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48931",
"url": "https://www.suse.com/security/cve/CVE-2026-48931"
},
{
"category": "external",
"summary": "SUSE Bug 1268611 for CVE-2026-48931",
"url": "https://bugzilla.suse.com/1268611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "low"
}
],
"title": "CVE-2026-48931"
},
{
"cve": "CVE-2026-48933",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48933"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js WebCrypto implementation can crash the process if the input of `subtle.encrypt()` is a multiple of 2GiB.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48933",
"url": "https://www.suse.com/security/cve/CVE-2026-48933"
},
{
"category": "external",
"summary": "SUSE Bug 1268592 for CVE-2026-48933",
"url": "https://bugzilla.suse.com/1268592"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "important"
}
],
"title": "CVE-2026-48933"
},
{
"cve": "CVE-2026-48934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48934"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48934",
"url": "https://www.suse.com/security/cve/CVE-2026-48934"
},
{
"category": "external",
"summary": "SUSE Bug 1268608 for CVE-2026-48934",
"url": "https://bugzilla.suse.com/1268608"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-48934"
},
{
"cve": "CVE-2026-48935",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48935"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. `--allow-fs-read`.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48935",
"url": "https://www.suse.com/security/cve/CVE-2026-48935"
},
{
"category": "external",
"summary": "SUSE Bug 1268609 for CVE-2026-48935",
"url": "https://bugzilla.suse.com/1268609"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-48935"
},
{
"cve": "CVE-2026-48937",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48937"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js HTTP/2 server API can cause servers to keep accepting data even after sending a `GOAWAY` frame. This vulnerability affects two supported release lines: **Node.js 22** and **Node.js 24**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48937",
"url": "https://www.suse.com/security/cve/CVE-2026-48937"
},
{
"category": "external",
"summary": "SUSE Bug 1268555 for CVE-2026-48937",
"url": "https://bugzilla.suse.com/1268555"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-48937"
},
{
"cve": "CVE-2026-6733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-6733"
}
],
"notes": [
{
"category": "general",
"text": "Impact:\nUndici\u0027s HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client dispatches the next request on that socket, it associates the injected response with the new request, causing responses to be delivered to the wrong requests.\n\nThis requires an attacker-controlled or compromised upstream HTTP/1.1 server and keep-alive connection reuse.\n\nPatches:\nUpgrade to undici v6.26.0, v7.28.0 or v8.5.0.\n\nWorkarounds:\nDisable keep-alive connection reuse by setting keepAliveTimeout: 0 on the Client or Pool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-6733",
"url": "https://www.suse.com/security/cve/CVE-2026-6733"
},
{
"category": "external",
"summary": "SUSE Bug 1268479 for CVE-2026-6733",
"url": "https://bugzilla.suse.com/1268479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "low"
}
],
"title": "CVE-2026-6733"
},
{
"cve": "CVE-2026-9496",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-9496"
}
],
"notes": [
{
"category": "general",
"text": "Versions of the package pacote from 11.2.7 and before 21.5.1 are vulnerable to Denial of Service (DoS) via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function\u0027s regex replacement and string-manipulation logic, causing excessive CPU consumption and potentially stalling or crashing the process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-9496",
"url": "https://www.suse.com/security/cve/CVE-2026-9496"
},
{
"category": "external",
"summary": "SUSE Bug 1266318 for CVE-2026-9496",
"url": "https://bugzilla.suse.com/1266318"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-9496"
},
{
"cve": "CVE-2026-9679",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-9679"
}
],
"notes": [
{
"category": "general",
"text": "Impact:\nundici\u0027s cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turning encoded sequences like %0D%0A, %00, %3B, and %3D into their literal byte equivalents. RFC 6265 5.4 does not specify any decoding and browsers do not decode either.\n\nApplications that parse a Set-Cookie header and then forward the parsed value into a response header (proxies, middleware, SSR frameworks) become vulnerable to HTTP response header injection: an attacker-controlled upstream can inject arbitrary Set-Cookie, Location, or Cache-Control headers into the application\u0027s downstream response, enabling session fixation, open redirect, or cache poisoning.\n\nAffected applications are those that use undici\u0027s cookie parsing (parseSetCookie, parseCookie, getSetCookies) and forward the parsed cookie value into a response header.\n\nThis was introduced in undici 7.0.0 via PR #3789.\n\nPatches:\nUpgrade to undici v6.26.0, v7.28.0 or v8.5.0.\n\nWorkarounds:\nIf upgrade is not immediately possible, do not forward values returned by parseSetCookie/parseCookie/getSetCookies directly into response headers; sanitize the value first to strip or reject CR, LF, NUL, ;, and = bytes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-9679",
"url": "https://www.suse.com/security/cve/CVE-2026-9679"
},
{
"category": "external",
"summary": "SUSE Bug 1268477 for CVE-2026-9679",
"url": "https://bugzilla.suse.com/1268477"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-9679"
}
]
}
WID-SEC-W-2026-0843
Vulnerability from csaf_certbund - Published: 2026-03-24 23:00 - Updated: 2026-05-25 22:00Summary
Node.js: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Node.js ist eine Plattform zur Entwicklung von Netzwerkanwendungen.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Node.js ausnutzen, um einen Denial of Service zu verursachen, Sicherheitsmaßnahmen zu umgehen und Informationen offenzulegen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Open Source Node.js <24.14.1
Open Source / Node.js
|
<24.14.1 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Open Source Node.js <25.8.2
Open Source / Node.js
|
<25.8.2 | ||
|
Open Source Node.js <20.20.2
Open Source / Node.js
|
<20.20.2 | ||
|
Open Source Node.js <22.22.2
Open Source / Node.js
|
<22.22.2 |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Open Source Node.js <24.14.1
Open Source / Node.js
|
<24.14.1 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Open Source Node.js <25.8.2
Open Source / Node.js
|
<25.8.2 | ||
|
Open Source Node.js <20.20.2
Open Source / Node.js
|
<20.20.2 | ||
|
Open Source Node.js <22.22.2
Open Source / Node.js
|
<22.22.2 |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Open Source Node.js <24.14.1
Open Source / Node.js
|
<24.14.1 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Open Source Node.js <25.8.2
Open Source / Node.js
|
<25.8.2 | ||
|
Open Source Node.js <20.20.2
Open Source / Node.js
|
<20.20.2 | ||
|
Open Source Node.js <22.22.2
Open Source / Node.js
|
<22.22.2 |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Open Source Node.js <24.14.1
Open Source / Node.js
|
<24.14.1 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Open Source Node.js <25.8.2
Open Source / Node.js
|
<25.8.2 | ||
|
Open Source Node.js <20.20.2
Open Source / Node.js
|
<20.20.2 | ||
|
Open Source Node.js <22.22.2
Open Source / Node.js
|
<22.22.2 |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Open Source Node.js <24.14.1
Open Source / Node.js
|
<24.14.1 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Open Source Node.js <25.8.2
Open Source / Node.js
|
<25.8.2 | ||
|
Open Source Node.js <20.20.2
Open Source / Node.js
|
<20.20.2 | ||
|
Open Source Node.js <22.22.2
Open Source / Node.js
|
<22.22.2 |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Open Source Node.js <24.14.1
Open Source / Node.js
|
<24.14.1 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Open Source Node.js <25.8.2
Open Source / Node.js
|
<25.8.2 | ||
|
Open Source Node.js <20.20.2
Open Source / Node.js
|
<20.20.2 | ||
|
Open Source Node.js <22.22.2
Open Source / Node.js
|
<22.22.2 |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Open Source Node.js <24.14.1
Open Source / Node.js
|
<24.14.1 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Open Source Node.js <25.8.2
Open Source / Node.js
|
<25.8.2 | ||
|
Open Source Node.js <20.20.2
Open Source / Node.js
|
<20.20.2 | ||
|
Open Source Node.js <22.22.2
Open Source / Node.js
|
<22.22.2 |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Open Source Node.js <24.14.1
Open Source / Node.js
|
<24.14.1 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Open Source Node.js <25.8.2
Open Source / Node.js
|
<25.8.2 | ||
|
Open Source Node.js <20.20.2
Open Source / Node.js
|
<20.20.2 | ||
|
Open Source Node.js <22.22.2
Open Source / Node.js
|
<22.22.2 |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Open Source Node.js <24.14.1
Open Source / Node.js
|
<24.14.1 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Open Source Node.js <25.8.2
Open Source / Node.js
|
<25.8.2 | ||
|
Open Source Node.js <20.20.2
Open Source / Node.js
|
<20.20.2 | ||
|
Open Source Node.js <22.22.2
Open Source / Node.js
|
<22.22.2 |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Open Source Node.js <24.14.1
Open Source / Node.js
|
<24.14.1 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Open Source Node.js <25.8.2
Open Source / Node.js
|
<25.8.2 | ||
|
Open Source Node.js <20.20.2
Open Source / Node.js
|
<20.20.2 | ||
|
Open Source Node.js <22.22.2
Open Source / Node.js
|
<22.22.2 |
References
44 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Node.js ist eine Plattform zur Entwicklung von Netzwerkanwendungen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Node.js ausnutzen, um einen Denial of Service zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen und Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0843 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0843.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0843 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0843"
},
{
"category": "external",
"summary": "Node.js Security Releases vom 2026-03-24",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-6183 vom 2026-03-29",
"url": "https://lists.debian.org/debian-security-announce/2026/msg00092.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:7123 vom 2026-04-09",
"url": "https://errata.build.resf.org/RLSA-2026:7123"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:7123 vom 2026-04-08",
"url": "https://access.redhat.com/errata/RHSA-2026:7123"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:7080 vom 2026-04-08",
"url": "https://access.redhat.com/errata/RHSA-2026:7080"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:7302 vom 2026-04-09",
"url": "https://errata.build.resf.org/RLSA-2026:7302"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:7310 vom 2026-04-09",
"url": "https://access.redhat.com/errata/RHSA-2026:7310"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:7302 vom 2026-04-09",
"url": "https://access.redhat.com/errata/RHSA-2026:7302"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:7350 vom 2026-04-10",
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-7123 vom 2026-04-10",
"url": "https://linux.oracle.com/errata/ELSA-2026-7123.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:10504-1 vom 2026-04-09",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4GLUZJOSPBAG2HKNV2YSYYK4DULF2TNN/"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:7350 vom 2026-04-10",
"url": "https://errata.build.resf.org/RLSA-2026:7350"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-7080 vom 2026-04-09",
"url": "https://linux.oracle.com/errata/ELSA-2026-7080.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-7350 vom 2026-04-10",
"url": "https://linux.oracle.com/errata/ELSA-2026-7350.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-7302 vom 2026-04-10",
"url": "https://linux.oracle.com/errata/ELSA-2026-7302.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:7080 vom 2026-04-12",
"url": "https://errata.build.resf.org/RLSA-2026:7080"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:7670 vom 2026-04-13",
"url": "https://errata.build.resf.org/RLSA-2026:7670"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:7675 vom 2026-04-13",
"url": "https://access.redhat.com/errata/RHSA-2026:7675"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:7670 vom 2026-04-13",
"url": "https://access.redhat.com/errata/RHSA-2026:7670"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1299-1 vom 2026-04-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025315.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:7896 vom 2026-04-14",
"url": "https://errata.build.resf.org/RLSA-2026:7896"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-7670 vom 2026-04-14",
"url": "https://linux.oracle.com/errata/ELSA-2026-7670.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:7896 vom 2026-04-13",
"url": "https://access.redhat.com/errata/RHSA-2026:7896"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-7675 vom 2026-04-13",
"url": "https://linux.oracle.com/errata/ELSA-2026-7675.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:7983 vom 2026-04-14",
"url": "https://access.redhat.com/errata/RHSA-2026:7983"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1363-1 vom 2026-04-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025357.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:8339 vom 2026-04-15",
"url": "https://access.redhat.com/errata/RHSA-2026:8339"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:7675 vom 2026-04-15",
"url": "https://errata.build.resf.org/RLSA-2026:7675"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1371-1 vom 2026-04-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025349.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:8339 vom 2026-04-16",
"url": "https://errata.build.resf.org/RLSA-2026:8339"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-7896 vom 2026-04-16",
"url": "https://oss.oracle.com/pipermail/el-errata/2026-April/020203.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-8339 vom 2026-04-19",
"url": "http://linux.oracle.com/errata/ELSA-2026-8339.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1478-1 vom 2026-04-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025465.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1509-1 vom 2026-04-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025509.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:20519-1 vom 2026-04-21",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DEWSWDYUVHXHGYX7GDASLURQNA7TBIAA/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21181-1 vom 2026-04-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025537.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:9711 vom 2026-04-22",
"url": "https://access.redhat.com/errata/RHSA-2026:9711"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:9874 vom 2026-04-22",
"url": "https://access.redhat.com/errata/RHSA-2026:9874"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7272299 vom 2026-05-07",
"url": "https://www.ibm.com/support/pages/node/7272299"
},
{
"category": "external",
"summary": "HCL Security Bulletin",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0130587"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-6272 vom 2026-05-15",
"url": "https://lists.debian.org/debian-security-announce/2026/msg00183.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4598 vom 2026-05-24",
"url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00043.html"
}
],
"source_lang": "en-US",
"title": "Node.js: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-05-25T22:00:00.000+00:00",
"generator": {
"date": "2026-05-26T12:15:40.905+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-0843",
"initial_release_date": "2026-03-24T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-03-24T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-03-29T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2026-03-30T22:00:00.000+00:00",
"number": "3",
"summary": "Referenz(en) aufgenommen: EUVD-2026-17093, EUVD-2026-17174, EUVD-2026-17176, EUVD-2026-17178, EUVD-2026-17182, EUVD-2026-17170, EUVD-2026-17172"
},
{
"date": "2026-04-08T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Rocky Enterprise Software Foundation und Red Hat aufgenommen"
},
{
"date": "2026-04-09T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Rocky Enterprise Software Foundation, Red Hat, Oracle Linux und openSUSE aufgenommen"
},
{
"date": "2026-04-12T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Oracle Linux, Rocky Enterprise Software Foundation und Red Hat aufgenommen"
},
{
"date": "2026-04-13T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE, Rocky Enterprise Software Foundation, Oracle Linux und Red Hat aufgenommen"
},
{
"date": "2026-04-15T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE, Red Hat und Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2026-04-16T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2026-04-19T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2026-04-20T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-04-21T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von SUSE und openSUSE aufgenommen"
},
{
"date": "2026-04-22T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-07T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-05-10T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von HCL aufgenommen"
},
{
"date": "2026-05-14T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2026-05-25T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Debian aufgenommen"
}
],
"status": "final",
"version": "17"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "WebUI",
"product": {
"name": "HCL BigFix WebUI",
"product_id": "T036098",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:webui"
}
}
}
],
"category": "product_name",
"name": "BigFix"
}
],
"category": "vendor",
"name": "HCL"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM App Connect Enterprise",
"product": {
"name": "IBM App Connect Enterprise",
"product_id": "T051349",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c20.20.2",
"product": {
"name": "Open Source Node.js \u003c20.20.2",
"product_id": "T052111"
}
},
{
"category": "product_version",
"name": "20.20.2",
"product": {
"name": "Open Source Node.js 20.20.2",
"product_id": "T052111-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nodejs:nodejs:20.20.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c22.22.2",
"product": {
"name": "Open Source Node.js \u003c22.22.2",
"product_id": "T052112"
}
},
{
"category": "product_version",
"name": "22.22.2",
"product": {
"name": "Open Source Node.js 22.22.2",
"product_id": "T052112-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nodejs:nodejs:22.22.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c24.14.1",
"product": {
"name": "Open Source Node.js \u003c24.14.1",
"product_id": "T052113"
}
},
{
"category": "product_version",
"name": "24.14.1",
"product": {
"name": "Open Source Node.js 24.14.1",
"product_id": "T052113-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nodejs:nodejs:24.14.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c25.8.2",
"product": {
"name": "Open Source Node.js \u003c25.8.2",
"product_id": "T052114"
}
},
{
"category": "product_version",
"name": "25.8.2",
"product": {
"name": "Open Source Node.js 25.8.2",
"product_id": "T052114-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nodejs:nodejs:25.8.2"
}
}
}
],
"category": "product_name",
"name": "Node.js"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-36137",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T051349",
"T027843",
"T004914",
"T036098",
"T052113",
"T032255",
"T052114",
"T052111",
"T052112"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2024-36137"
},
{
"cve": "CVE-2026-21637",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T051349",
"T027843",
"T004914",
"T036098",
"T052113",
"T032255",
"T052114",
"T052111",
"T052112"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-21637"
},
{
"cve": "CVE-2026-21710",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T051349",
"T027843",
"T004914",
"T036098",
"T052113",
"T032255",
"T052114",
"T052111",
"T052112"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-21710"
},
{
"cve": "CVE-2026-21711",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T051349",
"T027843",
"T004914",
"T036098",
"T052113",
"T032255",
"T052114",
"T052111",
"T052112"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-21711"
},
{
"cve": "CVE-2026-21712",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T051349",
"T027843",
"T004914",
"T036098",
"T052113",
"T032255",
"T052114",
"T052111",
"T052112"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-21712"
},
{
"cve": "CVE-2026-21713",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T051349",
"T027843",
"T004914",
"T036098",
"T052113",
"T032255",
"T052114",
"T052111",
"T052112"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-21713"
},
{
"cve": "CVE-2026-21714",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T051349",
"T027843",
"T004914",
"T036098",
"T052113",
"T032255",
"T052114",
"T052111",
"T052112"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-21714"
},
{
"cve": "CVE-2026-21715",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T051349",
"T027843",
"T004914",
"T036098",
"T052113",
"T032255",
"T052114",
"T052111",
"T052112"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-21715"
},
{
"cve": "CVE-2026-21716",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T051349",
"T027843",
"T004914",
"T036098",
"T052113",
"T032255",
"T052114",
"T052111",
"T052112"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-21716"
},
{
"cve": "CVE-2026-21717",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T051349",
"T027843",
"T004914",
"T036098",
"T052113",
"T032255",
"T052114",
"T052111",
"T052112"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-21717"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…