CLSA-2026-1773323876 go-rpm-macros: Fix of CVE-2025-61726

rebuild with newer golang version 1.22.9-1.el92.tuxcare.els6 to fix the following CVE - CVE-2025-61726: limit parsed URL query parameters to mitigate excessive memory consumption during form parsing...

CLSA-2026-1772812991 skopeo: Fix of 3 CVEs

rebuild with newer golang version 1.22.9-1.el92.tuxcare.els6 to fix the following CVEs - CVE-2025-61726: limit parsed URL query parameters to mitigate excessive memory consumption during form parsing - CVE-2025-61729: fix excessive resource consumption when constructing hostname error messages...

CLSA-2026-1772646645 butane: Fix of CVE-2025-61729

rebuild with newer golang version 1.22.9-1.el92.tuxcare.els6 to fix the following CVE - CVE-2025-61729: limit parsed URL query parameters to mitigate excessive memory consumption during form parsing...

CLSA-2026-1772624338 grafana-pcp: Fix of CVE-2025-68121

rebuild with newer golang version 1.22.9-1.el92.tuxcare.els6 to fix the following CVE's - CVE-2025-68121: fix TLS session resumption bypass by preventing shared auto-rotated ticket keys in Config and validating full certificate chain expiry...

CLSA-2026-1772456031 runc: Fix of 3 CVEs

rebuild with newer golang version 1.22.9-1.el92.tuxcare.els6 to fix the following CVE's - CVE-2025-68121: fix TLS session resumption bypass by preventing shared auto-rotated ticket keys in Config and validating full certificate chain expiry - CVE-2025-61726: limit parsed URL query parameters to...

CLSA-2025-1765824979 go-rpm-macros: Fix of CVE-2025-47906

Rebuild with golang = 1.22.9-1.el92.tuxcare.els2 to address CVE-2025-47906...

Fedora: Security Advisory (FEDORA-2024-919bc7e512)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 39 : mingw-gstreamer1 / mingw-gstreamer1-plugins-bad-free / etc (2024-919bc7e512)

The remote Fedora 39 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-919bc7e512 advisory. Update to gstreamer-1.22.9. ---- Backport fix for CVE-2024-0444. Tenable has extracted the preceding description block directly from the Fedora...

PT-2023-21167 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.26.0 Envoy versions prior to 1.25.3 Envoy versions prior to 1.24.4 Envoy versions prior to 1.23.6 Envoy versions prior to 1.22.9 Description: Envoy is an open source edge and service proxy designed for cloud-native...

PT-2023-21168 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.26.0 Envoy versions prior to 1.25.3 Envoy versions prior to 1.24.4 Envoy versions prior to 1.23.6 Envoy versions prior to 1.22.9 Description: The Lua filter in Envoy is vulnerable to denial of service. Attackers can...

Envoy 输入验证错误漏洞

Envoy is an open source distributed proxy server. An input validation error vulnerability exists in versions of Envoy after 1.22.9. An attacker could exploit this vulnerability to cause an Envoy process to terminate abnormally...

PT-2023-2245 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.26.0 Envoy versions prior to 1.25.3 Envoy versions prior to 1.24.4 Envoy versions prior to 1.23.6 Envoy versions prior to 1.22.9 Description: The issue is related to the insufficient sanitization of request propertie...

CVE-2022-0864

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 does not sanitise and escape the updraftinterval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting XSS vulnerability...

WordPress UpdraftPlus plugin <= 1.22.8 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Taurus Omar in WordPress UpdraftPlus plugin versions = 1.22.8. Solution Update the WordPress UpdraftPlus plugin to the latest available version at least 1.22.9...

UpdraftPlus < 1.22.9 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the updraftinterval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting XSS vulnerability. https://example.com//wp-admin/options-general.php?page=updraftplus&updraftinterval"confirm1...