cosign (SUSE:Manager Proxy 4.3) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Manager Proxy 4.3 package cosign, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (7)
CVE-2025-22869 — CVSS 7.5 (high): SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key…
CVE-2025-22868 — CVSS 7.5 (high): An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.
CVE-2025-46569: Open Policy Agent (OPA) is an open source, general-purpose policy engine. Prior to version 1.4.0, when run as a server, OPA exposes an HTTP…
CVE-2025-27144: Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web…
CVE-2024-6104 — CVSS 6.0 (medium): go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing…
CVE-2025-22870 — CVSS 4.4 (medium): Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY…
CVE-2024-51744 — CVSS 3.1 (low): golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to…