suse-sles-12-sp5-v20260527-x86_64 CVE scan on 2026-05-27T09:51:05+00:00

CVE-2024-12084 Severity: Critical CVSS3 score: 9.8

Description: A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
rsync < 3.1.3-3.43.1 (version in image is 3.1.3-3.37.1).

CVE-2015-1820 Severity: Moderate CVSS3 score: 9.8

Description: REST client for Ruby (aka rest-client) before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect.

Packages affected:

sle-module-adv-systems-management-release >= 12-0 (version in image is 12-4.3.1).
python3-requests > 0-0 (version in image is 2.24.0-8.20.1).

CVE-2020-14343 Severity: Important CVSS3 score: 8.8

Description: A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.

Packages affected:

sle-module-public-cloud-release >= 12-0 (version in image is 12-7.3.1).
python3-PyYAML < 5.3.1-28.6.1 (version in image is 5.3.1-3.14.1).

CVE-2024-12087 Severity: Important CVSS3 score: 8.8

Description: A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
rsync < 3.1.3-3.43.1 (version in image is 3.1.3-3.37.1).

CVE-2024-6174 Severity: Important CVSS3 score: 8.8

Description: When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration.

Packages affected:

sle-module-public-cloud-release >= 12-0 (version in image is 12-7.3.1).
cloud-init > 0-0 (version in image is 20.2-37.57.1).

CVE-2026-27820 Severity: Important CVSS3 score: 8.8

Description: zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstream_buffer_ungets function prepends caller-provided bytes ahead of previously produced output but fails to guarantee the backing Ruby string has enough capacity before the memmove shifts the existing data. This can lead to memory corruption when the buffer length exceeds capacity. This issue has been fixed in versions 3.0.1, 3.1.2 and 3.2.3.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libruby2_1-2_1 > 0-0 (version in image is 2.1.9-19.9.1).

CVE-2016-1286 Severity: Moderate CVSS3 score: 8.6

Description: named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.

Packages affected:

libbind9-161 > 0-0 (version in image is 9.11.22-3.68.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2026-33747 Severity: Important CVSS3 score: 8.4

Description: BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for the execution context. The issue has been fixed in v0.28.1. The vulnerability requires using an untrusted BuildKit frontend set with `#syntax` or `--build-arg BUILDKIT_SYNTAX`. Using these options with a well-known frontend image like `docker/dockerfile` is not affected.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
docker > 0-0 (version in image is 28.5.1_ce-98.151.1).

CVE-2026-33997 Severity: Important CVSS3 score: 8.4

Description: Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a privilege set that differs from the one approved by the user. Plugins that request exactly one privilege are also affected, because no comparison is performed at all. This issue has been patched in version 29.3.1.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
docker > 0-0 (version in image is 28.5.1_ce-98.151.1).

CVE-2026-34040 Severity: Important CVSS3 score: 8.4

Description: Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
docker > 0-0 (version in image is 28.5.1_ce-98.151.1).

CVE-2026-39832 Severity: Important CVSS3 score: 8.4

Description: When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
docker > 0-0 (version in image is 28.5.1_ce-98.151.1).

CVE-2015-7551 Severity: Moderate CVSS3 score: 8.4

Description: The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
ruby > 0-0 (version in image is 2.1-1.6).

CVE-2024-47220 Severity: Important CVSS3 score: 8.2

Description: An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webrick should not be used in production."

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libruby2_1-2_1 > 0-0 (version in image is 2.1.9-19.9.1).

CVE-2026-33845 Severity: Important CVSS3 score: 8.2

Description: A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libgnutls30 > 0-0 (version in image is 3.4.17-8.20.1).

CVE-2026-8177 Severity: Important CVSS3 score: 8.2

Description: XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences.A node name ending in the middle of a multi byte UTF-8 sequence causes the parser to read past the end of the input string into adjacent heap memory.Any Perl process that passes attacker controlled strings to XML::LibXML's DOM node-name methods can reach this path on the default API. The likely consequence is a crash, causing denial of service.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
perl-XML-LibXML > 0-0 (version in image is 2.0019-6.3.5).

CVE-2026-33186 Severity: Important CVSS3 score: 8.1

Description: gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, "deny" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback "allow" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific "deny" rules for canonical paths but allows other requests by default (a fallback "allow" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
containerd > 0-0 (version in image is 1.7.29-16.105.1).

CVE-2026-39828 Severity: Important CVSS3 score: 8.1

Description: When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
docker > 0-0 (version in image is 28.5.1_ce-98.151.1).

CVE-2026-39831 Severity: Important CVSS3 score: 8.1

Description: The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior, return a "no-touch-required" extension in Permissions.Extensions from PublicKeyCallback.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
docker > 0-0 (version in image is 28.5.1_ce-98.151.1).

CVE-2026-41316 Severity: Important CVSS3 score: 8.1

Description: ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was published on rubygems.org) introduced an `@_init` instance variable guard in `ERB#result` and `ERB#run` to prevent code execution when an ERB object is reconstructed via `Marshal.load` (deserialization). However, three other public methods that also evaluate `@src` via `eval()` were not given the same guard: `ERB#def_method`, `ERB#def_module`, and `ERB#def_class`. An attacker who can trigger `Marshal.load` on untrusted data in a Ruby application that has `erb` loaded can use `ERB#def_module` (zero-arg, default parameters) as a code execution sink, bypassing the `@_init` protection entirely. ERB 4.0.3.1, 4.0.4.1, 6.0.1.1, and 6.0.4 patch the issue.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
ruby > 0-0 (version in image is 2.1-1.6).

CVE-2026-42508 Severity: Important CVSS3 score: 8.1

Description: Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
docker > 0-0 (version in image is 28.5.1_ce-98.151.1).

CVE-2026-43618 Severity: Important CVSS3 score: 8.1

Description: Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended buffer bounds. Attackers can exploit this vulnerability to disclose process memory contents including environment variables, passwords, heap and stack data, and library memory pointers, significantly reducing ASLR effectiveness and facilitating further exploitation.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
rsync < 3.1.3-3.43.1 (version in image is 3.1.3-3.37.1).

CVE-2026-46595 Severity: Important CVSS3 score: 8.1

Description: Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
docker > 0-0 (version in image is 28.5.1_ce-98.151.1).

CVE-2026-6100 Severity: Important CVSS3 score: 8.1

Description: Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `MemoryError` and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling pointer in this specific error condition.The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libpython3_4m1_0 < 3.4.10-25.185.1 (version in image is 3.4.10-25.180.1).

CVE-2017-7435 Severity: Moderate CVSS3 score: 8.1

Description: In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.

Packages affected:

zypper > 0-0 (version in image is 1.13.67-21.64.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2026-46483 Severity: Important CVSS3 score: 7.8

Description: Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tar#Vimuntar() inruntime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip -d commands using shellescape(tartail) without the {special} flag, allowing a crafted archive filename to trigger Vim cmdline-special expansion and execute shell commands in the user's context. This vulnerability is fixed in 9.2.0479.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
vim > 0-0 (version in image is 9.2.0280-17.62.1).

CVE-2026-6846 Severity: Important CVSS3 score: 7.8

Description: A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution, allowing the attacker to run unauthorized commands, or cause a denial of service, making the system unavailable.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
binutils > 0-0 (version in image is 2.41-9.53.1).

CVE-2017-16828 Severity: Moderate CVSS3 score: 7.8

Description: The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame.

Packages affected:

libctf-nobfd0 > 0-0 (version in image is 2.41-9.53.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2019-12735 Severity: Moderate CVSS3 score: 7.8

Description: getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.

Packages affected:

vim-data-common > 0-0 (version in image is 9.2.0280-17.62.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2017-16830 Severity: Low CVSS3 score: 7.8

Description: The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file.

Packages affected:

libctf-nobfd0 > 0-0 (version in image is 2.41-9.53.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2026-39833 Severity: Important CVSS3 score: 7.7

Description: The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring() now returns an error when unsupported constraints are requested.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
docker > 0-0 (version in image is 28.5.1_ce-98.151.1).

CVE-2021-3449 Severity: Important CVSS3 score: 7.5

Description: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
openssl > 0-0 (version in image is 1.0.2p-1.13).

CVE-2023-47108 Severity: Important CVSS3 score: 7.5

Description: OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. An attacker can easily flood the peer address and port for requests. Version 0.46.0 contains a fix for this issue. As a workaround to stop being affected, a view removing the attributes can be used. The other possibility is to disable grpc metrics instrumentation by passing `otelgrpc.WithMeterProvider` option with `noop.NewMeterProvider`.

Packages affected:

sle-module-containers-release >= 12-0 (version in image is 12-6.9.1).
docker > 0-0 (version in image is 28.5.1_ce-98.151.1).

CVE-2024-1975 Severity: Important CVSS3 score: 7.5

Description: If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests.This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
bind-utils > 0-0 (version in image is 9.11.22-3.68.1).

CVE-2025-27144 Severity: Important CVSS3 score: 7.5

Description: Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code used strings.Split(token, ".") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. Version 4.0.5 fixes this issue. As a workaround, applications could pre-validate that payloads passed to Go JOSE do not contain an excessive number of `.` characters.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
containerd > 0-0 (version in image is 1.7.29-16.105.1).

CVE-2025-47913 Severity: Important CVSS3 score: 7.5

Description: SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
docker > 0-0 (version in image is 28.5.1_ce-98.151.1).

CVE-2026-21226 Severity: Important CVSS3 score: 7.5

Description: Unknown.

Packages affected:

sle-module-public-cloud-release >= 12-0 (version in image is 12-7.3.1).
python3-azure-core > 0-0 (version in image is 1.23.1-2.17.2).

CVE-2026-33748 Severity: Important CVSS3 score: 7.5

Description: BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is limited to files on the same mounted filesystem. The issue has been fixed in version v0.28.1 The issue affects only builds that use Git URLs with a subpath component. As a workaround, avoid building Dockerfiles from untrusted sources or using the subdir component from an untrusted Git repository where the subdir component could point to a symlink.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
docker > 0-0 (version in image is 28.5.1_ce-98.151.1).

CVE-2026-33814 Severity: Important CVSS3 score: 7.5

Description: When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
containerd > 0-0 (version in image is 1.7.29-16.105.1).

CVE-2026-33846 Severity: Important CVSS3 score: 7.5

Description: A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libgnutls30 > 0-0 (version in image is 3.4.17-8.20.1).

CVE-2026-34986 Severity: Important CVSS3 score: 7.5

Description: Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JWE) object will panic if the alg field indicates a key wrapping algorithm (one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW) and the encrypted_key field is empty. The panic happens when cipher.KeyUnwrap() in key_wrap.go attempts to allocate a slice with a zero or negative length based on the length of the encrypted_key. This code path is reachable from ParseEncrypted() / ParseEncryptedJSON() / ParseEncryptedCompact() followed by Decrypt() on the resulting object. Note that the parse functions take a list of accepted key algorithms. If the accepted key algorithms do not include any key wrapping algorithms, parsing will fail and the application will be unaffected. This panic is also reachable by calling cipher.KeyUnwrap() directly with any ciphertext parameter less than 16 bytes long, but calling this function directly is less common. Panics can lead to denial of service. This vulnerability is fixed in 4.1.4 and 3.0.5.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
containerd > 0-0 (version in image is 1.7.29-16.105.1).

CVE-2026-35385 Severity: Important CVSS3 score: 7.5

Description: In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
openssh < 7.2p2-81.37.1 (version in image is 7.2p2-81.34.1).

CVE-2026-39829 Severity: Important CVSS3 score: 7.5

Description: The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
docker > 0-0 (version in image is 28.5.1_ce-98.151.1).

CVE-2026-39834 Severity: Important CVSS3 score: 7.5

Description: When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
docker > 0-0 (version in image is 28.5.1_ce-98.151.1).

CVE-2026-39835 Severity: Important CVSS3 score: 7.5

Description: SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
docker > 0-0 (version in image is 28.5.1_ce-98.151.1).

CVE-2026-4046 Severity: Important CVSS3 score: 7.5

Description: The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application.This vulnerability can be trivially mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
glibc > 0-0 (version in image is 2.22-114.43.1).

CVE-2026-42009 Severity: Important CVSS3 score: 7.5

Description: A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libgnutls30 > 0-0 (version in image is 3.4.17-8.20.1).

CVE-2026-44431 Severity: Important CVSS3 score: 7.5

Description: urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.

Packages affected:

sle-module-public-cloud-release >= 12-0 (version in image is 12-7.3.1).
python3-urllib3 > 0-0 (version in image is 1.25.10-3.48.4).

CVE-2026-46597 Severity: Important CVSS3 score: 7.5

Description: An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
docker > 0-0 (version in image is 28.5.1_ce-98.151.1).

CVE-2026-46598 Severity: Important CVSS3 score: 7.5

Description: For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
docker > 0-0 (version in image is 28.5.1_ce-98.151.1).

CVE-2026-7210 Severity: Important CVSS3 score: 7.5

Description: `xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
python > 0-0 (version in image is 2.7.18-33.74.1).

CVE-2017-15938 Severity: Moderate CVSS3 score: 7.5

Description: dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash).

Packages affected:

libctf-nobfd0 > 0-0 (version in image is 2.41-9.53.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2019-5010 Severity: Moderate CVSS3 score: 7.5

Description: An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.

Packages affected:

python3 > 0-0 (version in image is 3.4.10-25.180.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2019-9636 Severity: Moderate CVSS3 score: 7.5

Description: Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

Packages affected:

python3 > 0-0 (version in image is 3.4.10-25.180.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2015-5194 Severity: Low CVSS3 score: 7.5

Description: The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
ntp > 0-0 (version in image is 4.2.8p17-106.7.1).

CVE-2015-5195 Severity: Low CVSS3 score: 7.5

Description: ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
ntp > 0-0 (version in image is 4.2.8p17-106.7.1).

CVE-2026-34743 Severity: Important CVSS3 score: 7.4

Description: XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
liblzma5 < 5.0.5-6.10.1 (version in image is 5.0.5-6.7.1).

CVE-2019-1010180 Severity: Moderate CVSS3 score: 7.3

Description: GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet.

Packages affected:

libctf-nobfd0 > 0-0 (version in image is 2.41-9.53.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2026-41035 Severity: Important CVSS3 score: 7.2

Description: In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are more widely vulnerable.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
rsync < 3.1.3-3.43.1 (version in image is 3.1.3-3.37.1).

CVE-2024-52533 Severity: Important CVSS3 score: 7.1

Description: gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
glib2-tools > 0-0 (version in image is 2.48.2-12.58.1).

CVE-2026-42010 Severity: Important CVSS3 score: 7.1

Description: A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest-Shamir-Adleman - Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libgnutls30 > 0-0 (version in image is 3.4.17-8.20.1).

CVE-2026-4786 Severity: Important CVSS3 score: 7.1

Description: Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open()" API could have commands injected into the underlying shell. See CVE-2026-4519 for details.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libpython3_4m1_0 < 3.4.10-25.185.1 (version in image is 3.4.10-25.180.1).

CVE-2018-1000030 Severity: Important CVSS3 score: 7.0

Description: Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3->Malloc->Thread1->Free's->Thread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.

Packages affected:

sle-module-web-scripting-release >= 12-0 (version in image is 12-10.3.1).
python3 > 0-0 (version in image is 3.4.10-25.180.1).

CVE-2018-20346 Severity: Important CVSS3 score: 7.0

Description: SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
sqlite3-tcl > 0-0 (version in image is 3.51.3-9.47.1).

CVE-2026-29518 Severity: Important CVSS3 score: 7.0

Description: Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access to a module path can exploit this race condition to create or overwrite arbitrary files, potentially modifying sensitive system files and achieving privilege escalation when the daemon runs with elevated privileges. This vulnerability can only be triggered if the chroot setting is false.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
rsync < 3.1.3-3.43.1 (version in image is 3.1.3-3.37.1).

CVE-2015-8705 Severity: Moderate CVSS3 score: 7.0

Description: buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
bind-utils > 0-0 (version in image is 9.11.22-3.68.1).

CVE-2026-5958 Severity: Moderate CVSS3 score: 6.9

Description: When sed is invoked with both -i (in-place edit) and --follow-symlinks, the function open_next_file() performs two separate, non-atomic filesystem operations on the same path: 1. resolves symlink to its target and stores the resolved path for determining when output is written,2. opens the original symlink path (not the resolved one) to read the file. Between these two calls there is a race window. If an attacker atomically replaces the symlink with a different target during that window, sed will: read content from the new (attacker-chosen) symlink target and write the processed result to the path recorded in step 1. This can lead to arbitrary file overwrite with attacker-controlled content in the context of the sed process.This issue was fixed in version 4.10.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
sed > 0-0 (version in image is 4.2.2-7.3.1).

CVE-2016-1285 Severity: Moderate CVSS3 score: 6.8

Description: named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c.

Packages affected:

libbind9-161 > 0-0 (version in image is 9.11.22-3.68.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2016-2088 Severity: Moderate CVSS3 score: 6.8

Description: resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed packet with more than one cookie option.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
bind-utils > 0-0 (version in image is 9.11.22-3.68.1).

CVE-2025-6069 Severity: Moderate CVSS3 score: 6.8

Description: The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
python > 0-0 (version in image is 2.7.18-33.74.1).

CVE-2025-64505 Severity: Moderate CVSS3 score: 6.8

Description: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libpng16-16 > 0-0 (version in image is 1.6.8-15.24.1).

CVE-2025-64506 Severity: Moderate CVSS3 score: 6.8

Description: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libpng16-16 > 0-0 (version in image is 1.6.8-15.24.1).

CVE-2025-64720 Severity: Moderate CVSS3 score: 6.8

Description: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha x 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libpng16-16 > 0-0 (version in image is 1.6.8-15.24.1).

CVE-2025-65018 Severity: Moderate CVSS3 score: 6.8

Description: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libpng16-16 > 0-0 (version in image is 1.6.8-15.24.1).

CVE-2019-19232 Severity: Moderate CVSS3 score: 6.7

Description: In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability because running a command via sudo as a user not present in the local password database is an intentional feature. Because this behavior surprised some users, sudo 1.8.30 introduced an option to enable/disable this behavior with the default being disabled. However, this does not change the fact that sudo was behaving as intended, and as documented, in earlier versions

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
sudo > 0-0 (version in image is 1.8.27-4.54.1).

CVE-2019-17624 Severity: Moderate CVSS3 score: 6.6

Description: "" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. For example, by sending ct.c_char 1000 times, an attacker can cause a denial of service (application crash) or possibly have unspecified other impact. Note: It is disputed if the X.Org X Server is involved or if there is a stack overflow.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libX11-6 > 0-0 (version in image is 1.6.2-12.36.1).

CVE-2025-13151 Severity: Moderate CVSS3 score: 6.6

Description: Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libtasn1 > 0-0 (version in image is 4.9-3.19.1).

CVE-2025-46836 Severity: Moderate CVSS3 score: 6.6

Description: net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities (like ifconfig) from the net-tools package do not properly validate the structure of /proc files when showing interfaces. `get_name()` in `interface.c` copies interface labels from `/proc/net/dev` into a fixed 16-byte stack buffer without bounds checking, leading to possible arbitrary code execution or crash. The known attack path does not require privilege but also does not provide privilege escalation in this scenario. A patch is available and expected to be part of version 2.20.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
net-tools > 0-0 (version in image is 1.60-765.15.1).

CVE-2026-41411 Severity: Moderate CVSS3 score: 6.6

Description: Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and wildcards. If the filename field contains backtick syntax (e.g., `command`), Vim executes the embedded command via the system shell with the full privileges of the running user.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
vim > 0-0 (version in image is 9.2.0280-17.62.1).

CVE-2026-45130 Severity: Moderate CVSS3 score: 6.6

Description: Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section overflows a 32-bit signed integer multiplication, causing a small buffer to be allocated for a write loop that runs many iterations, overflowing the heap. Because the 'spelllang' option can be set from a modeline, a text file modeline can trigger spell file loading if a malicious .spl file has been planted on the runtimepath. This issue has been patched in version 9.2.0450.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
vim > 0-0 (version in image is 9.2.0280-17.62.1).

CVE-2026-39827 Severity: Important CVSS3 score: 6.5

Description: An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state and released for garbage collection.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
docker > 0-0 (version in image is 28.5.1_ce-98.151.1).

CVE-2026-39830 Severity: Important CVSS3 score: 6.5

Description: A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
docker > 0-0 (version in image is 28.5.1_ce-98.151.1).

CVE-2019-16168 Severity: Moderate CVSS3 score: 6.5

Description: In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
sqlite3-tcl > 0-0 (version in image is 3.51.3-9.47.1).

CVE-2023-28756 Severity: Moderate CVSS3 score: 6.5

Description: A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libruby2_1-2_1 > 0-0 (version in image is 2.1.9-19.9.1).

CVE-2023-40403 Severity: Moderate CVSS3 score: 6.5

Description: The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libxslt1 > 0-0 (version in image is 1.1.28-17.21.1).

CVE-2024-12086 Severity: Moderate CVSS3 score: 6.5

Description: A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
rsync < 3.1.3-3.43.1 (version in image is 3.1.3-3.37.1).

CVE-2024-12088 Severity: Moderate CVSS3 score: 6.5

Description: A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
rsync < 3.1.3-3.43.1 (version in image is 3.1.3-3.37.1).

CVE-2024-9287 Severity: Moderate CVSS3 score: 6.5

Description: A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
python3 > 0-0 (version in image is 3.4.10-25.180.1).

CVE-2025-12801 Severity: Moderate CVSS3 score: 6.5

Description: A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate theprivileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exported directory, regardless of the set file permissions, and regardless of any 'root_squash' or 'all_squash' attributes that would normally be expected to apply to that client.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
nfs-client > 0-0 (version in image is 1.3.0-34.53.5).

CVE-2025-13836 Severity: Moderate CVSS3 score: 6.5

Description: When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
python > 0-0 (version in image is 2.7.18-33.74.1).

CVE-2025-24528 Severity: Moderate CVSS3 score: 6.5

Description: In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
krb5 > 0-0 (version in image is 1.16.3-46.21.1).

CVE-2025-6442 Severity: Moderate CVSS3 score: 6.5

Description: Ruby WEBrick read_header HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions.The specific flaw exists within the read_headers method. The issue results from the inconsistent parsing of terminators of HTTP headers. An attacker can leverage this vulnerability to smuggle arbitrary HTTP requests. Was ZDI-CAN-21876.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libruby2_1-2_1 > 0-0 (version in image is 2.1.9-19.9.1).

CVE-2025-68468 Severity: Moderate CVSS3 score: 6.5

Description: Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending unsolicited announcements containing CNAME resource records pointing it to resource records with short TTLs. As soon as they expire avahi-daemon crashes.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libavahi-client3 > 0-0 (version in image is 0.6.32-32.39.1).

CVE-2025-68471 Severity: Moderate CVSS3 score: 6.5

Description: Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending 2 unsolicited announcements with CNAME resource records 2 seconds apart.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libavahi-client3 > 0-0 (version in image is 0.6.32-32.39.1).

CVE-2025-8194 Severity: Moderate CVSS3 score: 6.5

Description: There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. This vulnerability can be mitigated by including the following patch after importing the “tarfile” module: https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
python > 0-0 (version in image is 2.7.18-33.74.1).

CVE-2026-0966 Severity: Moderate CVSS3 score: 6.5

Description: A flaw was found in libssh. The API function `ssh_get_hexa()` is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI (Generic Security Service Application Program Interface) authentication if the server's logging verbosity is set to `SSH_LOG_PACKET (3)` or higher. Successful exploitation could lead to a self-Denial of Service of the per-connection daemon process.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libssh-config > 0-0 (version in image is 0.9.8-3.21.1).

CVE-2026-24401 Severity: Moderate CVSS3 score: 6.5

Description: Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and below, avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response containing a recursive CNAME record, where the alias and canonical name point to the same domain (e.g., "h.local" as a CNAME for "h.local"). This causes unbounded recursion in the lookup_handle_cname function, leading to stack exhaustion. The vulnerability affects record browsers where AVAHI_LOOKUP_USE_MULTICAST is set explicitly, which includes record browsers created by resolvers used by nss-mdns. This issue is patched in commit 78eab31128479f06e30beb8c1cbf99dd921e2524.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libavahi-client3 > 0-0 (version in image is 0.6.32-32.39.1).

CVE-2026-25210 Severity: Moderate CVSS3 score: 6.5

Description: In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
expat > 0-0 (version in image is 2.7.1-21.52.1).

CVE-2026-3497 Severity: Moderate CVSS3 score: 6.5

Description: Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange to the server, which will call the underlying function and continue the execution of the program without setting the related connection variables. As the variables are not initialized to NULL the code later accesses those uninitialized variables, accessing random memory, which could lead to undefined behavior. The recommended workaround is to use ssh_packet_disconnect() instead, which does terminate the process. The impact of the vulnerability depends heavily on the compiler flag hardening configuration.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
openssh > 0-0 (version in image is 7.2p2-81.34.1).

CVE-2026-34978 Severity: Moderate CVSS3 score: 6.5

Description: OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri (e.g., rss:///../job.cache), letting a remote IPP client write RSS XML bytes outside CacheDir/rss (anywhere that is lp-writable). In particular, because CacheDir is group-writable by default (typically root:lp and mode 0770), the notifier (running as lp) can replace root-managed state files via temp-file + rename(). This PoC clobbers CacheDir/job.cache with RSS XML, and after restarting cupsd the scheduler fails to parse the job cache and previously queued jobs disappear. At time of publication, there are no publicly available patches.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
cups-libs > 0-0 (version in image is 1.7.5-20.62.1).

CVE-2026-35469 Severity: Moderate CVSS3 score: 6.5

Description: spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count, the header count in parseHeaderValueBlock, and individual header field sizes - all read as 32-bit integers and used directly as allocation sizes with no bounds checking. Because SPDY header blocks are zlib-compressed, a small on-the-wire payload can decompress into large attacker-controlled values. A remote peer that can send SPDY frames to a service using spdystream can exhaust process memory and cause an out-of-memory crash with a single crafted control frame. This issue has been fixed in version 0.5.1.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
containerd > 0-0 (version in image is 1.7.29-16.105.1).

CVE-2026-3833 Severity: Moderate CVSS3 score: 6.5

Description: A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can exploit this by crafting a leaf certificate with casing differences in the Subject Alternative Name (SAN), leading to a policy bypass where a certificate that should be rejected is instead accepted. This could result in unauthorized access or information disclosure.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libgnutls30 > 0-0 (version in image is 3.4.17-8.20.1).

CVE-2026-42013 Severity: Moderate CVSS3 score: 6.5

Description: Unknown.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libgnutls30 > 0-0 (version in image is 3.4.17-8.20.1).

CVE-2026-43620 Severity: Moderate CVSS3 score: 6.5

Description: Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recv_files() in receiver.c that allows a malicious rsync server to crash the rsync client process. Attackers can exploit the vulnerability by setting CF_INC_RECURSE in compatibility flags and sending a specially crafted file list where the first sorted entry is not the leading dot directory, followed by a transfer record with ndx=0 and an iflag word without ITEM_TRANSFER, causing the receiver to read 8 bytes before the allocated pointer array and dereference an invalid pointer at an unmapped address, resulting in a deterministic SIGSEGV crash of the rsync client.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
rsync < 3.1.3-3.43.1 (version in image is 3.1.3-3.37.1).

CVE-2026-44283 Severity: Moderate CVSS3 score: 6.5

Description: etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user without sufficient read or lease-related permissions may be able to access unauthorized data or attach leases by invoking transaction operations with these features enabled. This vulnerability is fixed in 3.4.44, 3.5.30, and 3.6.11.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
docker > 0-0 (version in image is 28.5.1_ce-98.151.1).

CVE-2026-5545 Severity: Moderate CVSS3 score: 6.5

Description: libcurl might in some circumstances reuse the wrong connection when asked todo an authenticated HTTP(S) request after a Negotiate-authenticated one, whenboth use the same host.libcurl features a pool of recent connections so that subsequent requests canreuse an existing connection to avoid overhead.When reusing a connection a range of criteria must be met. Due to a logicalerror in the code, a request that was issued by an application couldwrongfully reuse an existing connection to the same server that wasauthenticated using different credentials.An application that first uses Negotiate authentication to a server with`user1:password1` and then does another operation to the same server askingfor any authentication method but for `user2:password2` (while the previousconnection is still alive) - the second request gets confused and wronglyreuses the same connection and sends the new request over that connectionthinking it uses a mix of user1's and user2's credentials when it is in factstill using the connection authenticated for user1...

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
curl > 0-0 (version in image is 8.0.1-11.120.1).

CVE-2026-6732 Severity: Moderate CVSS3 score: 6.5

Description: A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libxml2-2 > 0-0 (version in image is 2.9.4-46.99.1).

CVE-2026-9149 Severity: Moderate CVSS3 score: 6.5

Description: A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS).

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libsolv-tools > 0-0 (version in image is 0.6.39-2.39.2).

CVE-2026-9150 Severity: Moderate CVSS3 score: 6.5

Description: A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libsolv-tools > 0-0 (version in image is 0.6.39-2.39.2).

CVE-2024-12747 Severity: Moderate CVSS3 score: 6.3

Description: A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
rsync < 3.1.3-3.43.1 (version in image is 3.1.3-3.37.1).

CVE-2025-14017 Severity: Moderate CVSS3 score: 6.3

Description: When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,changing TLS options in one thread would inadvertently change them globallyand therefore possibly also affect other concurrently setup transfers.Disabling certificate verification for a specific transfer couldunintentionally disable the feature for other threads as well.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
curl > 0-0 (version in image is 8.0.1-11.120.1).

CVE-2026-41989 Severity: Moderate CVSS3 score: 6.3

Description: Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
grub2 > 0-0 (version in image is 2.02-196.1).

CVE-2026-43619 Severity: Moderate CVSS3 score: 6.3

Description: Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat that allow local attackers to redirect operations to files outside the exported rsync module. Attackers with local filesystem access can exploit the timing window between path resolution and syscall execution by swapping symlinks to apply sender-supplied permissions, ownership, timestamps, or filenames to arbitrary files outside the intended module boundary on rsync daemons configured with 'use chroot = no'.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
rsync > 0-0 (version in image is 3.1.3-3.37.1).

CVE-2025-23022 Severity: Moderate CVSS3 score: 6.2

Description: FreeType 2.8.1 has a signed integer overflow in cf2_doFlex in cff/cf2intrp.c.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libfreetype6 > 0-0 (version in image is 2.6.3-7.24.1).

CVE-2025-40909 Severity: Moderate CVSS3 score: 6.2

Description: Perl threads have a working directory race condition where file operations may target unintended paths.If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit.The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
perl > 0-0 (version in image is 5.18.2-12.32.1).

CVE-2024-10524 Severity: Moderate CVSS3 score: 6.1

Description: Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
wget > 0-0 (version in image is 1.14-21.25.1).

CVE-2025-14104 Severity: Moderate CVSS3 score: 6.1

Description: A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libblkid1 > 0-0 (version in image is 2.33.2-4.51.1).

CVE-2026-42015 Severity: Moderate CVSS3 score: 6.1

Description: Unknown.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libgnutls30 > 0-0 (version in image is 3.4.17-8.20.1).

CVE-2019-11236 Severity: Low CVSS3 score: 6.1

Description: In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.

Packages affected:

python3-urllib3 > 0-0 (version in image is 1.25.10-3.48.4).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2025-46802 Severity: Moderate CVSS3 score: 6.0

Description: For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
screen > 0-0 (version in image is 4.0.4-23.9.1).

CVE-2025-61915 Severity: Moderate CVSS3 score: 6.0

Description: OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config and cause an out-of-bound write. This issue has been patched in version 2.4.15.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
cups-libs > 0-0 (version in image is 1.7.5-20.62.1).

CVE-2026-39881 Severity: Moderate CVSS3 score: 6.0

Description: Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and specialKeys protocol messages. This vulnerability is fixed in 9.2.0316.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
vim > 0-0 (version in image is 9.2.0280-17.62.1).

CVE-2018-0734 Severity: Moderate CVSS3 score: 5.9

Description: The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

Packages affected:

openssl > 0-0 (version in image is 1.0.2p-1.13).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2018-10845 Severity: Moderate CVSS3 score: 5.9

Description: It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.

Packages affected:

libgnutls30 > 0-0 (version in image is 3.4.17-8.20.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2019-1549 Severity: Moderate CVSS3 score: 5.9

Description: OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).

Packages affected:

openssl > 0-0 (version in image is 1.0.2p-1.13).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2024-47081 Severity: Moderate CVSS3 score: 5.9

Description: Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

Packages affected:

sle-module-public-cloud-release >= 12-0 (version in image is 12-7.3.1).
python3-requests < 2.24.0-8.23.1 (version in image is 2.24.0-8.20.1).

CVE-2024-49761 Severity: Moderate CVSS3 score: 5.9

Description: REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML gem 3.3.9 or later include the patch to fix the vulnerability.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libruby2_1-2_1 > 0-0 (version in image is 2.1.9-19.9.1).

CVE-2024-50602 Severity: Moderate CVSS3 score: 5.9

Description: An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.

Packages affected:

expat > 0-0 (version in image is 2.7.1-21.52.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2025-3576 Severity: Moderate CVSS3 score: 5.9

Description: A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
krb5 > 0-0 (version in image is 1.16.3-46.21.1).

CVE-2025-68972 Severity: Moderate CVSS3 score: 5.9

Description: In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an "invalid armor" message is printed during verification). This is related to use of \f as a marker to denote truncation of a long plaintext line.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
gpg2 > 0-0 (version in image is 2.0.24-9.17.1).

CVE-2026-0990 Severity: Moderate CVSS3 score: 5.9

Description: A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libxml2-2 > 0-0 (version in image is 2.9.4-46.99.1).

CVE-2026-28390 Severity: Moderate CVSS3 score: 5.9

Description: Issue summary: During processing of a crafted CMS EnvelopedData messagewith KeyTransportRecipientInfo a NULL pointer dereference can happen.Impact summary: Applications that process attacker-controlled CMS data maycrash before authentication or cryptographic operations occur resulting inDenial of Service.When a CMS EnvelopedData message that uses KeyTransportRecipientInfo withRSA-OAEP encryption is processed, the optional parameters field ofRSA-OAEP SourceFunc algorithm identifier is examined without checkingfor its presence. This results in a NULL pointer dereference if the fieldis missing.Applications and services that call CMS_decrypt() on untrusted input(e.g., S/MIME processing or CMS-based protocols) are vulnerable.The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by thisissue, as the affected code is outside the OpenSSL FIPS module boundary.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libopenssl1_0_0 > 0-0 (version in image is 1.0.2p-3.106.1).

CVE-2026-40355 Severity: Moderate CVSS3 score: 5.9

Description: In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
krb5 > 0-0 (version in image is 1.16.3-46.21.1).

CVE-2026-40356 Severity: Moderate CVSS3 score: 5.9

Description: In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
krb5 > 0-0 (version in image is 1.16.3-46.21.1).

CVE-2026-41066 Severity: Moderate CVSS3 score: 5.9

Description: lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration (with resolve_entities=True) allows untrusted XML input to read local files. Setting the resolve_entities option explicitly to resolve_entities='internal' or resolve_entities=False disables the local file access. This vulnerability is fixed in 6.1.0.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
python3-lxml > 0-0 (version in image is 3.6.1-3.6.1).

CVE-2026-5260 Severity: Moderate CVSS3 score: 5.9

Description: Unknown.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libgnutls30 > 0-0 (version in image is 3.4.17-8.20.1).

CVE-2026-5450 Severity: Moderate CVSS3 score: 5.9

Description: Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
glibc > 0-0 (version in image is 2.22-114.43.1).

CVE-2026-6253 Severity: Moderate CVSS3 score: 5.9

Description: curl might erroneously pass on credentials for a first proxy to a secondproxy.This can happen when the following conditions are true:1. curl is setup to use specific different proxies for different URL schemes2. the first proxy needs credentials3. the second proxy uses no credentials4. while using the first proxy (using say `http://`), curl is asked to follow a redirect to a URL using another scheme (say `https://`), accessed using a second, different, proxy

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
curl > 0-0 (version in image is 8.0.1-11.120.1).

CVE-2026-6429 Severity: Moderate CVSS3 score: 5.9

Description: When asked to both use a `.netrc` file for credentials and to follow HTTPredirects, libcurl could leak the password used for the first host to thefollowed-to host under certain circumstances.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
curl > 0-0 (version in image is 8.0.1-11.120.1).

CVE-2026-7168 Severity: Moderate CVSS3 score: 5.9

Description: Successfully using libcurl to do a transfer over a specific HTTP proxy(`proxyA`) with **Digest** authentication and then changing the proxy host toa second one (`proxyB`) for a second transfer, reusing the same handle, makeslibcurl wrongly pass on the `Proxy-Authorization:` header field meant for`proxyA`, to `proxyB`.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
curl > 0-0 (version in image is 8.0.1-11.120.1).

CVE-2026-6357 Severity: Moderate CVSS3 score: 5.8

Description: pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run before wheels are installed to prevent newly-installed modules from being imported shortly after the installation of a wheel package. Users should still review package contents prior to installation.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
python > 0-0 (version in image is 2.7.18-33.74.1).

CVE-2026-5928 Severity: Moderate CVSS3 score: 5.7

Description: Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash.A bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp->_IO_read_ptr) instead of the actual wide-stream read pointer (fp->_wide_data->_IO_read_ptr). The program crash may happen in cases where fp->_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
glibc > 0-0 (version in image is 2.22-114.43.1).

CVE-2025-32414 Severity: Moderate CVSS3 score: 5.6

Description: In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libxml2-2 > 0-0 (version in image is 2.9.4-46.99.1).

CVE-2025-55158 Severity: Moderate CVSS3 score: 5.6

Description: Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1406, when processing nested tuples during Vim9 script import operations, an error during evaluation can trigger a double-free in Vim's internal typed value (typval_T) management. Specifically, the clear_tv() function may attempt to free memory that has already been deallocated, due to improper lifetime handling in the handle_import / ex_import code paths. The vulnerability can only be triggered if a user explicitly opens and executes a specially crafted Vim script. This issue has been patched in version 9.1.1406.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
vim > 0-0 (version in image is 9.2.0280-17.62.1).

CVE-2026-3184 Severity: Moderate CVSS3 score: 5.6

Description: A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libblkid1 > 0-0 (version in image is 2.33.2-4.51.1).

CVE-2017-15939 Severity: Moderate CVSS3 score: 5.5

Description: dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. NOTE: this issue is caused by an incomplete fix for CVE-2017-15023.

Packages affected:

libctf-nobfd0 > 0-0 (version in image is 2.41-9.53.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2018-6872 Severity: Moderate CVSS3 score: 5.5

Description: The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment.

Packages affected:

libctf-nobfd0 > 0-0 (version in image is 2.41-9.53.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2019-1547 Severity: Moderate CVSS3 score: 5.5

Description: Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).

Packages affected:

openssl > 0-0 (version in image is 1.0.2p-1.13).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2025-68276 Severity: Moderate CVSS3 score: 5.5

Description: Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, an unprivileged local users can crash avahi-daemon (with wide-area disabled) by creating record browsers with the AVAHI_LOOKUP_USE_WIDE_AREA flag set via D-Bus. This can be done by either callingthe RecordBrowserNew method directly or creating hostname/address/service resolvers/browsers that create those browsers internally themselves.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libavahi-client3 > 0-0 (version in image is 0.6.32-32.39.1).

CVE-2025-69644 Severity: Moderate CVSS3 score: 5.5

Description: An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. A logic flaw in the handling of DWARF location list headers can cause objdump to enter an unbounded loop and produce endless output until manually interrupted. This issue affects versions prior to the upstream fix and allows a local attacker to cause excessive resource consumption by supplying a malicious input file.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
binutils > 0-0 (version in image is 2.41-9.53.1).

CVE-2025-69646 Severity: Moderate CVSS3 score: 5.5

Description: Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug_rnglists data. A logic error in the handling of the debug_rnglists header can cause objdump to repeatedly print the same warning message and fail to terminate, resulting in an unbounded logging loop until the process is interrupted. The issue was observed in binutils 2.44. A local attacker can exploit this vulnerability by supplying a malicious input file, leading to excessive CPU and I/O usage and preventing completion of the objdump analysis.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
binutils > 0-0 (version in image is 2.41-9.53.1).

CVE-2025-69647 Severity: Moderate CVSS3 score: 5.5

Description: GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF loclists data. A logic flaw in the DWARF parsing code can cause readelf to repeatedly print the same table output without making forward progress, resulting in an unbounded output loop that never terminates unless externally interrupted. A local attacker can trigger this behavior by supplying a malicious input file, causing excessive CPU and I/O usage and preventing readelf from completing its analysis.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
binutils > 0-0 (version in image is 2.41-9.53.1).

CVE-2025-69648 Severity: Moderate CVSS3 score: 5.5

Description: GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debug_rnglists data. A logic flaw in the DWARF parsing path causes readelf to repeatedly print the same warning message without making forward progress, resulting in a non-terminating output loop that requires manual interruption. No evidence of memory corruption or code execution was observed.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
binutils > 0-0 (version in image is 2.41-9.53.1).

CVE-2025-8869 Severity: Moderate CVSS3 score: 5.5

Description: When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706.Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python version that implements PEP 706.Note that this is a vulnerability in pip's fallback implementation of tar extraction for Python versions that don't implement PEP 706and therefore are not secure to all vulnerabilities in the Python 'tarfile' module. If you're using a Python version that implements PEP 706then pip doesn't use the "vulnerable" fallback code.Mitigations include upgrading to a version of pip that includes the fix, upgrading to a Python version that implements PEP 706 (Python >=3.9.17, >=3.10.12, >=3.11.4, or >=3.12),applying the linked patch, or inspecting source distributions (sdists) before installation as is already a best-practice.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
python > 0-0 (version in image is 2.7.18-33.74.1).

CVE-2026-24515 Severity: Moderate CVSS3 score: 5.5

Description: In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
expat > 0-0 (version in image is 2.7.1-21.52.1).

CVE-2026-25645 Severity: Moderate CVSS3 score: 5.5

Description: Requests is a HTTP library. Prior to version 2.33.0, the `requests.utils.extract_zipped_paths()` utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker with write access to the temp directory could pre-create a malicious file that would be loaded in place of the legitimate one. Standard usage of the Requests library is not affected by this vulnerability. Only applications that call `extract_zipped_paths()` directly are impacted. Starting in version 2.33.0, the library extracts files to a non-deterministic location. If developers are unable to upgrade, they can set `TMPDIR` in their environment to a directory with restricted write access.

Packages affected:

sle-module-public-cloud-release >= 12-0 (version in image is 12-7.3.1).
python3-requests < 2.24.0-8.26.1 (version in image is 2.24.0-8.20.1).

CVE-2026-29111 Severity: Moderate CVSS3 score: 5.5

Description: systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libsystemd0 > 0-0 (version in image is 228-157.75.1).

CVE-2026-34933 Severity: Moderate CVSS3 score: 5.5

Description: Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any unprivileged local user can crash avahi-daemon by sending a single D-Bus method call with conflicting publish flags. This issue has been patched in version 0.9-rc4.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libavahi-client3 > 0-0 (version in image is 0.6.32-32.39.1).

CVE-2026-39314 Severity: Moderate CVSS3 score: 5.5

Description: OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, an integer underflow vulnerability in _ppdCreateFromIPP() (cups/ppd-cache.c) allows any unprivileged local user to crash the cupsd root process by supplying a negative job-password-supported IPP attribute. The bounds check only caps the upper bound, so a negative value passes validation, is cast to size_t (wrapping to ~2^64), and is used as the length argument to memset() on a 33-byte stack buffer. This causes an immediate SIGSEGV in the cupsd root process. Combined with systemd's Restart=on-failure, an attacker can repeat the crash for sustained denial of service.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
cups-libs > 0-0 (version in image is 1.7.5-20.62.1).

CVE-2026-39316 Severity: Moderate CVSS3 score: 5.5

Description: OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a use-after-free vulnerability exists in the CUPS scheduler (cupsd) when temporary printers are automatically deleted. cupsdDeleteTemporaryPrinters() in scheduler/printers.c calls cupsdDeletePrinter() without first expiring subscriptions that reference the printer, leaving cupsd_subscription_t.dest as a dangling pointer to freed heap memory. The dangling pointer is subsequently dereferenced at multiple code sites, causing a crash (denial of service) of the cupsd daemon. With heap grooming, this can be leveraged for code execution.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
cups-libs > 0-0 (version in image is 1.7.5-20.62.1).

CVE-2026-40475 Severity: Moderate CVSS3 score: 5.5

Description: Unknown.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
python3-pyOpenSSL > 0-0 (version in image is 17.1.0-4.32.1).

CVE-2026-4897 Severity: Moderate CVSS3 score: 5.5

Description: A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for the system.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libpolkit0 > 0-0 (version in image is 0.113-5.35.1).

CVE-2026-5704 Severity: Moderate CVSS3 score: 5.5

Description: A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
tar > 0-0 (version in image is 1.27.1-15.24.1).

CVE-2026-6862 Severity: Moderate CVSS3 score: 5.5

Description: A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an EFI (Extensible Firmware Interface) device path node header. A local user could exploit this vulnerability by providing a specially crafted device path node. This can lead to infinite recursion, causing stack exhaustion and a process crash, resulting in a denial of service (DoS).

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libefivar1 > 0-0 (version in image is 31-3.3.1).

CVE-2019-9740 Severity: Moderate CVSS3 score: 5.4

Description: An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

Packages affected:

python3-urllib3 > 0-0 (version in image is 1.25.10-3.48.4).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2024-22195 Severity: Moderate CVSS3 score: 5.4

Description: Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.

Packages affected:

sle-module-adv-systems-management-release >= 12-0 (version in image is 12-4.3.1).
python3-Jinja2 > 0-0 (version in image is 2.8-22.11.1).

CVE-2025-7709 Severity: Moderate CVSS3 score: 5.4

Description: An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of bounds.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libsqlite3-0 > 0-0 (version in image is 3.51.3-9.47.1).

CVE-2018-1000802 Severity: Moderate CVSS3 score: 5.3

Description: Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace.

Packages affected:

python3 > 0-0 (version in image is 3.4.10-25.180.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2018-10534 Severity: Moderate CVSS3 score: 5.3

Description: The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c.

Packages affected:

libctf-nobfd0 > 0-0 (version in image is 2.41-9.53.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2018-10844 Severity: Moderate CVSS3 score: 5.3

Description: It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.

Packages affected:

libgnutls30 > 0-0 (version in image is 3.4.17-8.20.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2018-10846 Severity: Moderate CVSS3 score: 5.3

Description: A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.

Packages affected:

libgnutls30 > 0-0 (version in image is 3.4.17-8.20.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2018-14400 Severity: Moderate CVSS3 score: 5.3

Description: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none

Packages affected:

sle-module-public-cloud-release >= 12-0 (version in image is 12-7.3.1).
python-ply > 0-0 (version in image is 3.4-3.3.1).

CVE-2018-6543 Severity: Moderate CVSS3 score: 5.3

Description: In GNU Binutils 2.30, there's an integer overflow in the function load_specific_debug_section() in objdump.c, which results in `malloc()` with 0 size. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

Packages affected:

libctf-nobfd0 > 0-0 (version in image is 2.41-9.53.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2018-6759 Severity: Moderate CVSS3 score: 5.3

Description: The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file.

Packages affected:

libctf-nobfd0 > 0-0 (version in image is 2.41-9.53.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2024-12085 Severity: Moderate CVSS3 score: 5.3

Description: A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
rsync < 3.1.3-3.43.1 (version in image is 3.1.3-3.37.1).

CVE-2024-12243 Severity: Moderate CVSS3 score: 5.3

Description: A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libgnutls30 > 0-0 (version in image is 3.4.17-8.20.1).

CVE-2024-35176 Severity: Moderate CVSS3 score: 5.3

Description: REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many `<`s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this vulnerability. As a workaround, don't parse untrusted XMLs.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libruby2_1-2_1 > 0-0 (version in image is 2.1.9-19.9.1).

CVE-2024-52615 Severity: Moderate CVSS3 score: 5.3

Description: A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libavahi-client3 > 0-0 (version in image is 0.6.32-32.39.1).

CVE-2024-52616 Severity: Moderate CVSS3 score: 5.3

Description: A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libavahi-client3 > 0-0 (version in image is 0.6.32-32.39.1).

CVE-2024-9681 Severity: Moderate CVSS3 score: 5.3

Description: When curl is asked to use HSTS, the expiry time for a subdomain mightoverwrite a parent domain's cache entry, making it end sooner or later thanotherwise intended.This affects curl using applications that enable HSTS and use URLs with theinsecure `HTTP://` scheme and perform transfers with hosts like`x.example.com` as well as `example.com` where the first host is a subdomainof the second host.(The HSTS cache either needs to have been populated manually or there needs tohave been previous HTTPS accesses done as the cache needs to have entries forthe domains involved to trigger this problem.)When `x.example.com` responds with `Strict-Transport-Security:` headers, thisbug can make the subdomain's expiry timeout *bleed over* and get set for theparent domain `example.com` in curl's HSTS cache.The result of a triggered bug is that HTTP accesses to `example.com` getconverted to HTTPS for a different period of time than what was asked for bythe origin server. If `example.com` for example stops supporting HTTPS at itsexpiry time, curl might then fail to access `http://example.com` until the(wrongly set) timeout expires. This bug can also expire the parent's entry*earlier*, thus making curl inadvertently switch back to insecure HTTP earlierthan otherwise intended.

Packages affected:

curl > 0-0 (version in image is 8.0.1-11.120.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2025-14524 Severity: Moderate CVSS3 score: 5.3

Description: When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transferperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the newtarget host.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
curl > 0-0 (version in image is 8.0.1-11.120.1).

CVE-2025-14819 Severity: Moderate CVSS3 score: 5.3

Description: When doing TLS related transfers with reused easy or multi handles andaltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentallyreuse a CA store cached in memory for which the partial chain option wasreversed. Contrary to the user's wishes and expectations. This could makelibcurl find and accept a trust chain that it otherwise would not.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
curl > 0-0 (version in image is 8.0.1-11.120.1).

CVE-2025-14831 Severity: Moderate CVSS3 score: 5.3

Description: A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libgnutls30 > 0-0 (version in image is 3.4.17-8.20.1).

CVE-2025-15079 Severity: Moderate CVSS3 score: 5.3

Description: When doing SSH-based transfers using either SCP or SFTP, and setting theknown_hosts file, libcurl could still mistakenly accept connecting to hosts*not present* in the specified file if they were added as recognized in thelibssh *global* known_hosts file.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
curl > 0-0 (version in image is 8.0.1-11.120.1).

CVE-2025-24294 Severity: Moderate CVSS3 score: 5.3

Description: The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet.An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name.This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libruby2_1-2_1 > 0-0 (version in image is 2.1.9-19.9.1).

CVE-2025-27219 Severity: Moderate CVSS3 score: 5.3

Description: In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libruby2_1-2_1 > 0-0 (version in image is 2.1.9-19.9.1).

CVE-2025-27220 Severity: Moderate CVSS3 score: 5.3

Description: In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libruby2_1-2_1 > 0-0 (version in image is 2.1.9-19.9.1).

CVE-2025-27221 Severity: Moderate CVSS3 score: 5.3

Description: In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libruby2_1-2_1 > 0-0 (version in image is 2.1.9-19.9.1).

CVE-2025-47911 Severity: Moderate CVSS3 score: 5.3

Description: The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
docker > 0-0 (version in image is 28.5.1_ce-98.151.1).

CVE-2025-47914 Severity: Moderate CVSS3 score: 5.3

Description: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
docker > 0-0 (version in image is 28.5.1_ce-98.151.1).

CVE-2025-50181 Severity: Moderate CVSS3 score: 5.3

Description: urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
python3-urllib3 > 0-0 (version in image is 1.25.10-3.48.4).

CVE-2025-58181 Severity: Moderate CVSS3 score: 5.3

Description: SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
docker > 0-0 (version in image is 28.5.1_ce-98.151.1).

CVE-2025-66418 Severity: Moderate CVSS3 score: 5.3

Description: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
python3-urllib3 > 0-0 (version in image is 1.25.10-3.48.4).

CVE-2025-66471 Severity: Moderate CVSS3 score: 5.3

Description: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
python3-urllib3 > 0-0 (version in image is 1.25.10-3.48.4).

CVE-2026-0992 Severity: Moderate CVSS3 score: 5.3

Description: A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libxml2-2 > 0-0 (version in image is 2.9.4-46.99.1).

CVE-2026-33936 Severity: Moderate CVSS3 score: 5.3

Description: The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman). Prior to version 0.19.2, an issue in the low-level DER parsing functions can cause unexpected exceptions to be raised from the public API functions. `ecdsa.der.remove_octet_string()` accepts truncated DER where the encoded length exceeds the available buffer. For example, an OCTET STRING that declares a length of 4096 bytes but provides only 3 bytes is parsed successfully instead of being rejected. Because of that, a crafted DER input can cause `SigningKey.from_der()` to raise an internal exception (`IndexError: index out of bounds on dimension 1`) rather than cleanly rejecting malformed DER (e.g., raising `UnexpectedDER` or `ValueError`). Applications that parse untrusted DER private keys may crash if they do not handle unexpected exceptions, resulting in a denial of service. Version 0.19.2 patches the issue.

Packages affected:

sle-module-public-cloud-release >= 12-0 (version in image is 12-7.3.1).
python3-ecdsa > 0-0 (version in image is 0.13.3-5.10.1).

CVE-2026-3446 Severity: Moderate CVSS3 score: 5.3

Description: When calling base64.b64decode() or related functions the decoding process would stop after encountering the first padded quad regardless of whether there was more information to be processed. This can lead to data being accepted which may be processed differently by other implementations. Use "validate=True" to enable stricter processing of base64 data.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libpython3_4m1_0 < 3.4.10-25.185.1 (version in image is 3.4.10-25.180.1).

CVE-2026-34979 Severity: Moderate CVSS3 score: 5.3

Description: OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a heap-based buffer overflow in the CUPS scheduler when building filter option strings from job attribute. At time of publication, there are no publicly available patches.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
cups-libs > 0-0 (version in image is 1.7.5-20.62.1).

CVE-2026-3731 Severity: Moderate CVSS3 score: 5.3

Description: A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftp_extensions_get_name/sftp_extensions_get_data of the file src/sftp.c of the component SFTP Extension Name Handler. Executing a manipulation of the argument idx can lead to out-of-bounds read. The attack may be performed from remote. Upgrading to version 0.11.4 and 0.12.0 is sufficient to resolve this issue. This patch is called 855a0853ad3abd4a6cd85ce06fce6d8d4c7a0b60. You should upgrade the affected component.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libssh-config > 0-0 (version in image is 0.9.8-3.21.1).

CVE-2026-45409 Severity: Moderate CVSS3 score: 5.3

Description: Unknown.

Packages affected:

sle-module-public-cloud-release >= 12-0 (version in image is 12-7.3.1).
python3-idna > 0-0 (version in image is 2.5-3.13.1).

CVE-2026-5435 Severity: Moderate CVSS3 score: 5.3

Description: The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
glibc > 0-0 (version in image is 2.22-114.43.1).

CVE-2026-6238 Severity: Moderate CVSS3 score: 5.3

Description: The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory.These functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
glibc > 0-0 (version in image is 2.22-114.43.1).

CVE-2026-8328 Severity: Moderate CVSS3 score: 5.3

Description: The ftpcp() function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv() was patched to replace server-supplied PASV host addresses with the actual peer address (getpeername()[0]), ftpcp() still calls parse227() directly and passes the raw attacker-controllable IP address and port to target.sendport(). This patch is related to CVE-2021-4189.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
python > 0-0 (version in image is 2.7.18-33.74.1).

CVE-2026-34757 Severity: Moderate CVSS3 score: 5.1

Description: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from png_get_PLTE, png_get_tRNS, or png_get_hIST back into the corresponding setter on the same png_struct/png_info pair causes the setter to read from freed memory and copy its contents into the replacement buffer. The setter frees the internal buffer before copying from the caller-supplied pointer, which now dangles. The freed region may contain stale data (producing silently corrupted chunk metadata) or data from subsequent heap allocations (leaking unrelated heap contents into the chunk struct). This vulnerability is fixed in 1.6.57.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libpng16-16 > 0-0 (version in image is 1.6.8-15.24.1).

CVE-2026-0964 Severity: Moderate CVSS3 score: 5.0

Description: A malicious SCP server can send unexpected paths that could make theclient application override local files outside of working directory.This could be misused to create malicious executable or configurationfiles and make the user execute them under specific consequences.This is the same issue as in OpenSSH, tracked as CVE-2019-6111.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libssh-config > 0-0 (version in image is 0.9.8-3.21.1).

CVE-2025-54771 Severity: Moderate CVSS3 score: 4.9

Description: A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
grub2 > 0-0 (version in image is 2.02-196.1).

CVE-2025-61662 Severity: Moderate CVSS3 score: 4.9

Description: A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
grub2 > 0-0 (version in image is 2.02-196.1).

CVE-2025-61663 Severity: Moderate CVSS3 score: 4.9

Description: A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the normal command is not properly unregistered when the module is unloaded. An attacker who can execute this command can force the system to access memory locations that are no longer valid. Successful exploitation leads directly to system instability, which can result in a complete crash and halt system availability. Impact on the data integrity and confidentiality is also not discarded.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
grub2 > 0-0 (version in image is 2.02-196.1).

CVE-2025-61664 Severity: Moderate CVSS3 score: 4.9

Description: A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normal_exit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking the command after the module has been removed, causing the system to improperly access a previously freed memory location. This leads to a system crash or possible impacts in data confidentiality and integrity.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
grub2 > 0-0 (version in image is 2.02-196.1).

CVE-2025-7039 Severity: Moderate CVSS3 score: 4.9

Description: A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
glib2-tools > 0-0 (version in image is 2.48.2-12.58.1).

CVE-2026-1502 Severity: Moderate CVSS3 score: 4.9

Description: CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libpython3_4m1_0 < 3.4.10-25.185.1 (version in image is 3.4.10-25.180.1).

CVE-2024-5642 Severity: Moderate CVSS3 score: 4.8

Description: CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of low severity due to NPN being not widely used and specifying an empty list likely being uncommon in-practice (typically a protocol name would be configured).

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
python > 0-0 (version in image is 2.7.18-33.74.1).

CVE-2025-4373 Severity: Moderate CVSS3 score: 4.8

Description: A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
glib2-tools > 0-0 (version in image is 2.48.2-12.58.1).

CVE-2025-61661 Severity: Moderate CVSS3 score: 4.8

Description: A vulnerability has been identified in the GRUB (Grand Unified Bootloader) component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a maliciously configured USB device during the boot sequence to trigger this issue. A successful exploitation may lead GRUB to crash, leading to a Denial of Service. Data corruption may be also possible, although given the complexity of the exploit the impact is most likely limited.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
grub2 > 0-0 (version in image is 2.02-196.1).

CVE-2026-27447 Severity: Moderate CVSS3 score: 4.8

Description: OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon (cupsd) contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an unprivileged user to gain unauthorized access to restricted operations by using a user with a username that differs only in case from an authorized user. At time of publication, there are no publicly available patches.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
cups-libs > 0-0 (version in image is 1.7.5-20.62.1).

CVE-2026-42011 Severity: Moderate CVSS3 score: 4.8

Description: A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate validation. This bypass could lead to the acceptance of invalid certificates, potentially enabling spoofing or man-in-the-middle attacks against affected systems.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libgnutls30 > 0-0 (version in image is 3.4.17-8.20.1).

CVE-2026-43617 Severity: Moderate CVSS3 score: 4.8

Description: Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP address, allowing connections from hostnames that administrators intended to deny when reverse DNS resolution fails and defaults to UNKNOWN.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
rsync < 3.1.3-3.43.1 (version in image is 3.1.3-3.37.1).

CVE-2026-43961 Severity: Moderate CVSS3 score: 4.8

Description: Unknown.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
vim > 0-0 (version in image is 9.2.0280-17.62.1).

CVE-2026-44405 Severity: Moderate CVSS3 score: 4.8

Description: In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm.

Packages affected:

sle-module-public-cloud-release >= 12-0 (version in image is 12-7.3.1).
python3-paramiko > 0-0 (version in image is 2.4.0-10.9.1).

CVE-2024-10041 Severity: Moderate CVSS3 score: 4.7

Description: A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
pam > 0-0 (version in image is 1.1.8-24.77.1).

CVE-2024-56738 Severity: Moderate CVSS3 score: 4.7

Description: GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
grub2 > 0-0 (version in image is 2.02-196.1).

CVE-2025-4598 Severity: Moderate CVSS3 score: 4.7

Description: A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libsystemd0 > 0-0 (version in image is 228-157.75.1).

CVE-2025-8114 Severity: Moderate CVSS3 score: 4.7

Description: A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libssh-config > 0-0 (version in image is 0.9.8-3.21.1).

CVE-2026-27456 Severity: Moderate CVSS3 score: 4.7

Description: util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libblkid1 > 0-0 (version in image is 2.33.2-4.51.1).

CVE-2024-40635 Severity: Moderate CVSS3 score: 4.6

Description: containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a `UID:GID` larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This could cause unexpected behavior for environments that require containers to run as a non-root user. This bug has been fixed in containerd 1.6.38, 1.7.27, and 2.04. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
containerd > 0-0 (version in image is 1.7.29-16.105.1).

CVE-2024-43790 Severity: Moderate CVSS3 score: 4.5

Description: Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set shm+=S), the search pattern is displayed at the bottom of the screen in a buffer (msgbuf). When right-left mode (:set rl) is enabled, the search pattern is reversed. This happens by allocating a new buffer. If the search pattern contains some ASCII NUL characters, the buffer allocated will be smaller than the original allocated buffer (because for allocating the reversed buffer, the strlen() function is called, which only counts until it notices an ASCII NUL byte ) and thus the original length indicator is wrong. This causes an overflow when accessing characters inside the msgbuf by the previously (now wrong) length of the msgbuf. The issue has been fixed as of Vim patch v9.1.0689.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
vim > 0-0 (version in image is 9.2.0280-17.62.1).

CVE-2024-43802 Severity: Moderate CVSS3 score: 4.5

Description: Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters. So this may lead to the tb_off position within the typebuf variable to point outside of the valid buffer size, which can then later lead to a heap-buffer overflow in e.g. ins_typebuf(). Therefore, when flushing the typeahead buffer, check if there is enough space left before advancing the off position. If not, fall back to flush current typebuf contents. It's not quite clear yet, what can lead to this situation. It seems to happen when error messages occur (which will cause Vim to flush the typeahead buffer) in comnination with several long mappgins and so it may eventually move the off position out of a valid buffer size. Impact is low since it is not easily reproducible and requires to have several mappings active and run into some error condition. But when this happens, this will cause a crash. The issue has been fixed as of Vim patch v9.1.0697. Users are advised to upgrade. There are no known workarounds for this issue.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
vim > 0-0 (version in image is 9.2.0280-17.62.1).

CVE-2025-0840 Severity: Moderate CVSS3 score: 4.5

Description: A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemble_bytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.44 is able to address this issue. The identifier of the patch is baac6c221e9d69335bf41366a1c7d87d8ab2f893. It is recommended to upgrade the affected component.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
binutils > 0-0 (version in image is 2.41-9.53.1).

CVE-2025-11065 Severity: Moderate CVSS3 score: 4.5

Description: A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in security-critical contexts.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
docker > 0-0 (version in image is 28.5.1_ce-98.151.1).

CVE-2025-1182 Severity: Moderate CVSS3 score: 4.5

Description: A vulnerability, which was classified as critical, was found in GNU Binutils 2.43. Affected is the function bfd_elf_reloc_symbol_deleted_p of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The patch is identified as b425859021d17adf62f06fb904797cf8642986ad. It is recommended to apply a patch to fix this issue.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
binutils > 0-0 (version in image is 2.41-9.53.1).

CVE-2024-45306 Severity: Moderate CVSS3 score: 4.4

Description: Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end ofa line. Back then we assumed this loop is unnecessary. However, this change made it possible that the cursor position stays invalid and points beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer atthe specified cursor position. It's not quite clear yet, what can lead to this situation that the cursor points to an invalid position. That's why patch v9.1.0707 does not include a test case. The only observed impact has been a program crash. This issue has been addressed in with the patch v9.1.0707. All users are advised to upgrade.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
vim > 0-0 (version in image is 9.2.0280-17.62.1).

CVE-2025-22870 Severity: Moderate CVSS3 score: 4.4

Description: Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
containerd > 0-0 (version in image is 1.7.29-16.105.1).

CVE-2025-32990 Severity: Moderate CVSS3 score: 4.4

Description: A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libgnutls30 > 0-0 (version in image is 3.4.17-8.20.1).

CVE-2025-69720 Severity: Moderate CVSS3 score: 4.4

Description: The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libncurses5 > 0-0 (version in image is 5.9-91.1).

CVE-2026-44656 Severity: Moderate CVSS3 score: 4.4

Description: Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick-enclosed shell commands, those commands are executed during file name completion. Because the path option lacks the P_SECURE flag, it can be set from a modeline, allowing an attacker who controls the contents of a file to execute arbitrary shell commands when the user opens that file in Vim and triggers :find completion. This issue has been patched in version 9.2.0435.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
vim > 0-0 (version in image is 9.2.0280-17.62.1).

CVE-2018-18605 Severity: Low CVSS3 score: 4.4

Description: A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.

Packages affected:

libctf-nobfd0 > 0-0 (version in image is 2.41-9.53.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2018-17985 Severity: Moderate CVSS3 score: 4.3

Description: An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P' characters.

Packages affected:

libctf-nobfd0 > 0-0 (version in image is 2.41-9.53.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2018-18483 Severity: Moderate CVSS3 score: 4.3

Description: The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.

Packages affected:

libctf-nobfd0 > 0-0 (version in image is 2.41-9.53.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2018-18484 Severity: Moderate CVSS3 score: 4.3

Description: An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_function_type.

Packages affected:

libctf-nobfd0 > 0-0 (version in image is 2.41-9.53.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2024-35221 Severity: Moderate CVSS3 score: 4.3

Description: Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote DoS when publishing a Gem. This is due to how Ruby reads the Manifest of Gem files when using Gem::Specification.from_yaml. from_yaml makes use of SafeYAML.load which allows YAML aliases inside the YAML-based metadata of a gem. YAML aliases allow for Denial of Service attacks with so-called `YAML-bombs` (comparable to Billion laughs attacks). This was patched. There is is no action required by users. This issue is also tracked as GHSL-2024-001 and was discovered by the GitHub security lab.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libruby2_1-2_1 > 0-0 (version in image is 2.1.9-19.9.1).

CVE-2025-10158 Severity: Moderate CVSS3 score: 4.3

Description: A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
rsync < 3.1.3-3.43.1 (version in image is 3.1.3-3.37.1).

CVE-2025-12084 Severity: Moderate CVSS3 score: 4.3

Description: When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
python > 0-0 (version in image is 2.7.18-33.74.1).

CVE-2025-70873 Severity: Moderate CVSS3 score: 4.3

Description: An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libsqlite3-0 > 0-0 (version in image is 3.51.3-9.47.1).

CVE-2026-21441 Severity: Moderate CVSS3 score: 4.3

Description: urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
python3-urllib3 > 0-0 (version in image is 1.25.10-3.48.4).

CVE-2025-22134 Severity: Moderate CVSS3 score: 4.2

Description: When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won't try to access a position if the position is greater than the corresponding buffer line. Impact is medium since the user must have switched on visual mode when executing the :all ex command. The Vim project would like to thank github user gandalf4a for reporting this issue. The issue has been fixed as of Vim patch v9.1.1003

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
vim > 0-0 (version in image is 9.2.0280-17.62.1).

CVE-2025-24014 Severity: Moderate CVSS3 score: 4.2

Description: Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
vim > 0-0 (version in image is 9.2.0280-17.62.1).

CVE-2026-35414 Severity: Moderate CVSS3 score: 4.2

Description: OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
openssh < 7.2p2-81.37.1 (version in image is 7.2p2-81.34.1).

CVE-2026-45232 Severity: Moderate CVSS3 score: 4.2

Description: Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP proxy response. Attackers can exploit this by positioning themselves between the client and proxy or controlling the proxy server to send a response line of 1023 or more bytes without a newline terminator, causing a null byte to be written to an out-of-bounds stack address when the RSYNC_PROXY environment variable is set.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
rsync < 3.1.3-3.43.1 (version in image is 3.1.3-3.37.1).

CVE-2025-53905 Severity: Moderate CVSS3 score: 4.1

Description: Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim's tar.vim plugin can allow overwriting of arbitrary files when opening specially crafted tar archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1552 contains a patch for the vulnerability.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
vim > 0-0 (version in image is 9.2.0280-17.62.1).

CVE-2018-17359 Severity: Moderate CVSS3 score: 4.0

Description: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in bfd_zalloc in opncls.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file.

Packages affected:

libctf-nobfd0 > 0-0 (version in image is 2.41-9.53.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2025-0938 Severity: Moderate CVSS3 score: 4.0

Description: The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
python > 0-0 (version in image is 2.7.18-33.74.1).

CVE-2025-13837 Severity: Moderate CVSS3 score: 4.0

Description: When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
python3 > 0-0 (version in image is 3.4.10-25.180.1).

CVE-2025-5245 Severity: Moderate CVSS3 score: 4.0

Description: A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
binutils > 0-0 (version in image is 2.41-9.53.1).

CVE-2025-66382 Severity: Moderate CVSS3 score: 4.0

Description: In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
expat > 0-0 (version in image is 2.7.1-21.52.1).

CVE-2025-9820 Severity: Moderate CVSS3 score: 4.0

Description: A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libgnutls30 > 0-0 (version in image is 3.4.17-8.20.1).

CVE-2026-42014 Severity: Moderate CVSS3 score: 4.0

Description: Unknown.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libgnutls30 > 0-0 (version in image is 3.4.17-8.20.1).

CVE-2017-16832 Severity: Low CVSS3 score: 4.0

Description: The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file.

Packages affected:

libctf-nobfd0 > 0-0 (version in image is 2.41-9.53.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2018-20651 Severity: Low CVSS3 score: 4.0

Description: A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows remote attackers to cause a denial of service, as demonstrated by ld.

Packages affected:

libctf-nobfd0 > 0-0 (version in image is 2.41-9.53.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2018-8740 Severity: Low CVSS3 score: 4.0

Description: In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
sqlite3-tcl > 0-0 (version in image is 3.51.3-9.47.1).

CVE-2019-11324 Severity: Low CVSS3 score: 4.0

Description: The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.

Packages affected:

python3-urllib3 > 0-0 (version in image is 1.25.10-3.48.4).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2024-47814 Severity: Low CVSS3 score: 3.9

Description: Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a window) a BufWinLeave auto command can cause an use-after-free if this auto command happens to re-open the same buffer in a new split window. Impact is low since the user must have intentionally set up such a strange auto command and run some buffer unload commands. However this may lead to a crash. This issue has been addressed in version 9.1.0764 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
vim > 0-0 (version in image is 9.2.0280-17.62.1).

CVE-2026-6019 Severity: Low CVSS3 score: 3.8

Description: http.cookies.Morsel.js_output() returns an inline inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libpython3_4m1_0 < 3.4.10-25.185.1 (version in image is 3.4.10-25.180.1).

CVE-2017-16826 Severity: Moderate CVSS3 score: 3.7

Description: The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file.

Packages affected:

libctf-nobfd0 > 0-0 (version in image is 2.41-9.53.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2026-0989 Severity: Moderate CVSS3 score: 3.7

Description: A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libxml2-2 > 0-0 (version in image is 2.9.4-46.99.1).

CVE-2026-5419 Severity: Moderate CVSS3 score: 3.7

Description: Unknown.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libgnutls30 > 0-0 (version in image is 3.4.17-8.20.1).

CVE-2024-11168 Severity: Low CVSS3 score: 3.7

Description: The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
python > 0-0 (version in image is 2.7.18-33.74.1).

CVE-2026-0988 Severity: Low CVSS3 score: 3.7

Description: A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
glib2-tools > 0-0 (version in image is 2.48.2-12.58.1).

CVE-2026-27448 Severity: Low CVSS3 score: 3.7

Description: pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to `set_tlsext_servername_callback` raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for any security-sensitive behavior, this could allow bypassing it. Starting in version 26.0.0, unhandled exceptions now result in rejecting the connection.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
python3-pyOpenSSL > 0-0 (version in image is 17.1.0-4.32.1).

CVE-2026-4873 Severity: Low CVSS3 score: 3.7

Description: A vulnerability exists where a connection requiring TLS incorrectly reuses anexisting unencrypted connection from the same connection pool. If an initialtransfer is made in clear-text (via IMAP, SMTP, or POP3), a subsequent requestto that same host bypasses the TLS requirement and instead transmit dataunencrypted.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
curl > 0-0 (version in image is 8.0.1-11.120.1).

CVE-2026-5773 Severity: Low CVSS3 score: 3.7

Description: libcurl might in some circumstances reuse the wrong connection for SMB(S)transfers.libcurl features a pool of recent connections so that subsequent requests canreuse an existing connection to avoid overhead.When reusing a connection a range of criteria must be met. Due to a logicalerror in the code, a network transfer operation that was requested by anapplication could wrongfully reuse an existing SMB connection to the sameserver that was using a different 'share' than the new subsequent transfershould.This could in unlucky situations lead to the download of the wrong file or theupload of a file to the wrong place. When this happens, the same credentialsare used and the server name is the same.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
curl > 0-0 (version in image is 8.0.1-11.120.1).

CVE-2026-6276 Severity: Low CVSS3 score: 3.7

Description: Using libcurl, when a custom `Host:` header is first set for an HTTP requestand a second request is subsequently done using the same *easy handle* butwithout the custom `Host:` header set, the second request would use staleinformation and pass on cookies meant for the first host in the secondrequest. Leak them.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
curl > 0-0 (version in image is 8.0.1-11.120.1).

CVE-2017-10989 Severity: Moderate CVSS3 score: 3.6

Description: The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
sqlite3-tcl > 0-0 (version in image is 3.51.3-9.47.1).

CVE-2025-1147 Severity: Low CVSS3 score: 3.6

Description: A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
binutils > 0-0 (version in image is 2.41-9.53.1).

CVE-2026-35386 Severity: Low CVSS3 score: 3.6

Description: In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
openssh > 0-0 (version in image is 7.2p2-81.34.1).

CVE-2026-41079 Severity: Low CVSS3 score: 3.5

Description: OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP backend that causes an out-of-bounds read of up to 176 bytes past a stack buffer. The leaked memory is converted from UTF-16 to UTF-8 and stored as printer supply description strings, which are subsequently visible to authenticated users via IPP Get-Printer-Attributes responses and the CUPS web interface. This vulnerability is fixed in 2.4.17.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
cups-libs > 0-0 (version in image is 1.7.5-20.62.1).

CVE-2017-15996 Severity: Moderate CVSS3 score: 3.3

Description: elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a "buffer overflow on fuzzed archive header," related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions.

Packages affected:

libctf-nobfd0 > 0-0 (version in image is 2.41-9.53.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2018-17358 Severity: Moderate CVSS3 score: 3.3

Description: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in _bfd_stab_section_find_nearest_line in syms.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file.

Packages affected:

libctf-nobfd0 > 0-0 (version in image is 2.41-9.53.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2018-20671 Severity: Moderate CVSS3 score: 3.3

Description: load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size.

Packages affected:

libctf-nobfd0 > 0-0 (version in image is 2.41-9.53.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2018-7568 Severity: Moderate CVSS3 score: 3.3

Description: The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm.

Packages affected:

libctf-nobfd0 > 0-0 (version in image is 2.41-9.53.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2018-7642 Severity: Moderate CVSS3 score: 3.3

Description: The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy.

Packages affected:

libctf-nobfd0 > 0-0 (version in image is 2.41-9.53.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2018-7643 Severity: Moderate CVSS3 score: 3.3

Description: The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump.

Packages affected:

libctf-nobfd0 > 0-0 (version in image is 2.41-9.53.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2019-6293 Severity: Moderate CVSS3 score: 3.3

Description: An issue was discovered in the function mark_beginning_as_normal in nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of '*' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libfl2 > 0-0 (version in image is 2.6.4-9.7.1).

CVE-2024-43374 Severity: Moderate CVSS3 score: 3.3

Description: The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the argument list that we are actually modifying. Once the autocommands are completed, the references to the window and argument list are no longer valid and as such cause an use-after-free. Impact is low since the user must either intentionally add some unusual autocommands that wipe a buffer during creation (either manually or by sourcing a malicious plugin), but it will crash Vim. The issue has been fixed as of Vim patch v9.1.0678.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
vim > 0-0 (version in image is 9.2.0280-17.62.1).

CVE-2025-3198 Severity: Moderate CVSS3 score: 3.3

Description: A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
binutils > 0-0 (version in image is 2.41-9.53.1).

CVE-2026-3219 Severity: Moderate CVSS3 score: 3.3

Description: pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds with installation if the file identifies uniquely as a ZIP or tar archive, not as both.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
python > 0-0 (version in image is 2.7.18-33.74.1).

CVE-2016-6131 Severity: Low CVSS3 score: 3.3

Description: The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
crash > 0-0 (version in image is 7.2.1-8.19.2).

CVE-2017-16829 Severity: Low CVSS3 score: 3.3

Description: The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file.

Packages affected:

libctf-nobfd0 > 0-0 (version in image is 2.41-9.53.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2017-16831 Severity: Low CVSS3 score: 3.3

Description: coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file.

Packages affected:

libctf-nobfd0 > 0-0 (version in image is 2.41-9.53.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2018-10372 Severity: Low CVSS3 score: 3.3

Description: process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf.

Packages affected:

libctf-nobfd0 > 0-0 (version in image is 2.41-9.53.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2018-10373 Severity: Low CVSS3 score: 3.3

Description: concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new.

Packages affected:

libctf-nobfd0 > 0-0 (version in image is 2.41-9.53.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2018-10535 Severity: Low CVSS3 score: 3.3

Description: The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy.

Packages affected:

libctf-nobfd0 > 0-0 (version in image is 2.41-9.53.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2018-18309 Severity: Low CVSS3 score: 3.3

Description: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, as demonstrated by objdump, because of missing _bfd_clear_contents bounds checking.

Packages affected:

libctf-nobfd0 > 0-0 (version in image is 2.41-9.53.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2018-18606 Severity: Low CVSS3 score: 3.3

Description: An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.

Packages affected:

libctf-nobfd0 > 0-0 (version in image is 2.41-9.53.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2018-18607 Severity: Low CVSS3 score: 3.3

Description: An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.

Packages affected:

libctf-nobfd0 > 0-0 (version in image is 2.41-9.53.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2018-8945 Severity: Low CVSS3 score: 3.3

Description: The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section.

Packages affected:

libctf-nobfd0 > 0-0 (version in image is 2.41-9.53.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2025-11839 Severity: Low CVSS3 score: 3.3

Description: A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing a manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be used for attacks.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
binutils > 0-0 (version in image is 2.41-9.53.1).

CVE-2025-11840 Severity: Low CVSS3 score: 3.3

Description: A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing a manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. This patch is called 16357. It is best practice to apply a patch to resolve this issue.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
binutils > 0-0 (version in image is 2.41-9.53.1).

CVE-2025-11961 Severity: Low CVSS3 score: 3.3

Description: pcap_ether_aton() is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement has been poorly documented. If an application calls the function with an argument that deviates from the expected format, the function can read data beyond the end of the provided string and write data beyond the end of the allocated buffer.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libpcap1 > 0-0 (version in image is 1.8.1-10.9.1).

CVE-2025-2588 Severity: Low CVSS3 score: 3.3

Description: A vulnerability has been found in Hercules Augeas 1.14.1 and classified as problematic. This vulnerability affects the function re_case_expand of the file src/fa.c. The manipulation of the argument re leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
augeas > 0-0 (version in image is 1.10.1-4.6.1).

CVE-2025-69645 Severity: Low CVSS3 score: 3.3

Description: Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offset_size value being used inside byte_get_little_endian, leading to an abort (SIGABRT). The issue was observed in binutils 2.44. A local attacker can trigger the crash by supplying a malicious input file.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
binutils > 0-0 (version in image is 2.41-9.53.1).

CVE-2025-8225 Severity: Low CVSS3 score: 3.3

Description: A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
binutils > 0-0 (version in image is 2.41-9.53.1).

CVE-2025-8291 Severity: Low CVSS3 score: 3.3

Description: The 'zipfile' module would not check the validity of the ZIP64 End ofCentral Directory (EOCD) Locator record offset value would not be used tolocate the ZIP64 EOCD record, instead the ZIP64 EOCD record would beassumed to be the previous record in the ZIP archive. This could be abusedto create ZIP archives that are handled differently by the 'zipfile' modulecompared to other ZIP implementations.Remediation maintains this behavior, but checks that the offset specifiedin the ZIP64 EOCD Locator record matches the expected value.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
python > 0-0 (version in image is 2.7.18-33.74.1).

CVE-2025-8732 Severity: Low CVSS3 score: 3.3

Description: A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains, that "[t]he issue can only be triggered with untrusted SGML catalogs and it makes absolutely no sense to use untrusted catalogs. I also doubt that anyone is still using SGML catalogs at all."

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libxml2-2 > 0-0 (version in image is 2.9.4-46.99.1).

CVE-2026-0965 Severity: Low CVSS3 score: 3.3

Description: A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service (DoS) by causing the system to try and access dangerous files, such as block devices or large system files, which can disrupt normal operations.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libssh-config > 0-0 (version in image is 0.9.8-3.21.1).

CVE-2026-1757 Severity: Low CVSS3 score: 3.3

Description: A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libxml2-2 > 0-0 (version in image is 2.9.4-46.99.1).

CVE-2026-4539 Severity: Low CVSS3 score: 3.3

Description: A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Packages affected:

sle-module-public-cloud-release >= 12-0 (version in image is 12-7.3.1).
python3-Pygments > 0-0 (version in image is 2.4.2-10.7.1).

CVE-2025-15224 Severity: Moderate CVSS3 score: 3.1

Description: When doing SSH-based transfers using either SCP or SFTP, and asked to dopublic key authentication, curl would wrongly still ask and authenticate usinga locally running SSH agent.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
curl > 0-0 (version in image is 8.0.1-11.120.1).

CVE-2025-8277 Severity: Low CVSS3 score: 3.1

Description: A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libssh-config > 0-0 (version in image is 0.9.8-3.21.1).

CVE-2026-1703 Severity: Low CVSS3 score: 3.1

Description: When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
python3-pip > 0-0 (version in image is 10.0.1-13.17.1).

CVE-2026-35387 Severity: Low CVSS3 score: 3.1

Description: OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
openssh > 0-0 (version in image is 7.2p2-81.34.1).

CVE-2018-20406 Severity: Moderate CVSS3 score: 2.9

Description: Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1, v3.6.7rc2, v3.6.8, v3.6.8rc1, v3.6.9, v3.6.9rc1; v3.7.1, v3.7.1rc1, v3.7.1rc2, v3.7.2, v3.7.2rc1, v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

Packages affected:

python3 > 0-0 (version in image is 3.4.10-25.180.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2025-32415 Severity: Low CVSS3 score: 2.9

Description: In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libxml2-2 > 0-0 (version in image is 2.9.4-46.99.1).

CVE-2026-45186 Severity: Low CVSS3 score: 2.9

Description: In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
expat > 0-0 (version in image is 2.7.1-21.52.1).

CVE-2024-58251 Severity: Low CVSS3 score: 2.8

Description: In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
iproute2 > 0-0 (version in image is 4.12-16.6.1).

CVE-2025-1215 Severity: Low CVSS3 score: 2.8

Description: A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory corruption. It is possible to launch the attack on the local host. Upgrading to version 9.1.1097 is able to address this issue. The patch is identified as c5654b84480822817bb7b69ebc97c174c91185e9. It is recommended to upgrade the affected component.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
vim > 0-0 (version in image is 9.2.0280-17.62.1).

CVE-2018-20060 Severity: Moderate CVSS3 score: 2.6

Description: urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.

Packages affected:

python3-urllib3 > 0-0 (version in image is 1.25.10-3.48.4).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2024-7592 Severity: Moderate CVSS3 score: 2.6

Description: There is a LOW severity vulnerability affecting CPython, specifically the'http.cookies' standard library module.When parsing cookies that contained backslashes for quoted characters inthe cookie value, the parser would use an algorithm with quadraticcomplexity, resulting in excess CPU resources being used while parsing thevalue.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
python > 0-0 (version in image is 2.7.18-33.74.1).

CVE-2018-7569 Severity: Moderate CVSS3 score: 2.5

Description: dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm.

Packages affected:

libctf-nobfd0 > 0-0 (version in image is 2.41-9.53.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2018-7570 Severity: Moderate CVSS3 score: 2.5

Description: The assign_file_positions_for_non_load_sections function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy.

Packages affected:

libctf-nobfd0 > 0-0 (version in image is 2.41-9.53.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2025-66863 Severity: Moderate CVSS3 score: 2.5

Description: An issue was discovered in function d_discriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
binutils > 0-0 (version in image is 2.41-9.53.1).

CVE-2025-66866 Severity: Moderate CVSS3 score: 2.5

Description: An issue was discovered in function d_abi_tags in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
binutils > 0-0 (version in image is 2.41-9.53.1).

CVE-2025-6075 Severity: Low CVSS3 score: 2.5

Description: If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
python3 > 0-0 (version in image is 3.4.10-25.180.1).

CVE-2025-66861 Severity: Low CVSS3 score: 2.5

Description: An issue was discovered in function d_unqualified_name in file cp-demangle.c in BinUtils 2.26 allowing attackers to cause a denial of service via crafted PE file.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
binutils > 0-0 (version in image is 2.41-9.53.1).

CVE-2025-66864 Severity: Low CVSS3 score: 2.5

Description: An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
binutils > 0-0 (version in image is 2.41-9.53.1).

CVE-2025-66865 Severity: Low CVSS3 score: 2.5

Description: An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
binutils > 0-0 (version in image is 2.41-9.53.1).

CVE-2026-35388 Severity: Low CVSS3 score: 2.5

Description: OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
openssh > 0-0 (version in image is 7.2p2-81.34.1).

CVE-2026-41080 Severity: Low CVSS3 score: 2.5

Description: libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
expat > 0-0 (version in image is 2.7.1-21.52.1).

CVE-2026-0967 Severity: Low CVSS3 score: 2.2

Description: A flaw was found in libssh. A remote attacker, by controlling client configuration files or known_hosts files, could craft specific hostnames that when processed by the `match_pattern()` function can lead to inefficient regular expression backtracking. This can cause timeouts and resource exhaustion, resulting in a Denial of Service (DoS) for the client.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libssh-config > 0-0 (version in image is 0.9.8-3.21.1).

CVE-2011-0414 Severity: Important CVSS3 score: None

Description: ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service (deadlock and daemon hang) by sending a query at the time of (1) an IXFR transfer or (2) a DDNS update.

Packages affected:

libbind9-161 > 0-0 (version in image is 9.11.22-3.68.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2015-5196 Severity: Important CVSS3 score: None

Description: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-7703. Reason: This candidate is a reservation duplicate of CVE-2015-7703. Notes: All CVE users should reference CVE-2015-7703 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
ntp > 0-0 (version in image is 4.2.8p17-106.7.1).

CVE-2009-3560 Severity: Moderate CVSS3 score: None

Description: The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.

Packages affected:

python > 0-0 (version in image is 2.7.18-33.74.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2012-5689 Severity: Moderate CVSS3 score: None

Description: ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record.

Packages affected:

libbind9-161 > 0-0 (version in image is 9.11.22-3.68.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2013-2266 Severity: Moderate CVSS3 score: None

Description: libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.

Packages affected:

libbind9-161 > 0-0 (version in image is 9.11.22-3.68.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2014-5270 Severity: Moderate CVSS3 score: None

Description: Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
libgcrypt20 > 0-0 (version in image is 1.6.1-16.86.1).

CVE-2014-8500 Severity: Moderate CVSS3 score: None

Description: ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals.

Packages affected:

libbind9-161 > 0-0 (version in image is 9.11.22-3.68.1).
sles-release == 12.5 (version in image is 12.5-9.5.2).

CVE-2015-2296 Severity: Moderate CVSS3 score: None

Description: The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.

Packages affected:

sle-module-adv-systems-management-release >= 12-0 (version in image is 12-4.3.1).
python3-requests > 0-0 (version in image is 2.24.0-8.20.1).

CVE-2015-8461 Severity: Moderate CVSS3 score: None

Description: Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via unspecified vectors.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
bind-utils > 0-0 (version in image is 9.11.22-3.68.1).

CVE-2017-11544 Severity: Moderate CVSS3 score: None

Description: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11543. Reason: This candidate is a duplicate of CVE-2017-11543. Notes: All CVE users should reference CVE-2017-11543 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
tcpdump > 0-0 (version in image is 4.9.2-14.20.1).

CVE-2025-1149 Severity: Moderate CVSS3 score: 0.0

Description: A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
binutils > 0-0 (version in image is 2.41-9.53.1).

CVE-2025-1178 Severity: Moderate CVSS3 score: 0.0

Description: A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. Affected by this vulnerability is the function bfd_putl64 of the file libbfd.c of the component ld. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 75086e9de1707281172cc77f178e7949a4414ed0. It is recommended to apply a patch to fix this issue.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
binutils > 0-0 (version in image is 2.41-9.53.1).

CVE-2025-1181 Severity: Moderate CVSS3 score: 0.0

Description: A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function _bfd_elf_gc_mark_rsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 931494c9a89558acb36a03a340c01726545eef24. It is recommended to apply a patch to fix this issue.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
binutils > 0-0 (version in image is 2.41-9.53.1).

CVE-2025-1148 Severity: Low CVSS3 score: 0.0

Description: A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
binutils > 0-0 (version in image is 2.41-9.53.1).

CVE-2025-1151 Severity: Low CVSS3 score: 0.0

Description: A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic. This issue affects the function xmemdup of the file xmemdup.c of the component ld. The manipulation leads to memory leak. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
binutils > 0-0 (version in image is 2.41-9.53.1).

CVE-2025-1152 Severity: Low CVSS3 score: 0.0

Description: A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
binutils > 0-0 (version in image is 2.41-9.53.1).

CVE-2025-1153 Severity: Low CVSS3 score: 0.0

Description: A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 2.45 is able to address this issue. The identifier of the patch is 8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150. It is recommended to upgrade the affected component.

Packages affected:

sles-release == 12.5 (version in image is 12.5-9.5.2).
binutils > 0-0 (version in image is 2.41-9.53.1).

CVE scan

Summary of CVEs affecting the image: