SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.23-openssl (SUSE-SU-2025:03159-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03159-1 advisory. Update to version 1.23.12 cut from the go1.23-fips-release branch at the revision tagged...

CVE-2025-47907 affecting package golang for versions less than 1.23.12-1

CVE-2025-47907 affecting package golang for versions less than 1.23.12-1. An upgraded version of the package is available that resolves this issue...

openSUSE Security Advisory (SUSE-SU-2025:02759-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.23 (SUSE-SU-2025:02759-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02759-1 advisory. - Update to go1.23.12: CVE-2025-47906: Fixed LookPath returning unexpected paths bsc1247719...

Security update for go1.23

This update for go1.23 fixes the following issues: Update to go1.23.12: CVE-2025-47906: Fixed LookPath returning unexpected paths bsc1247719 CVE-2025-47907: Fixed incorrect results returned from Rows.Scan bsc1247720 go74415 runtime: use-after-free of allpSnapshot in findRunnable go74693 runtime:...

OPENSUSE-SU-2025:15422-1 go1.23-1.23.12-1.1 on GA media

These are all security issues fixed in the go1.23-1.23.12-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2023-35943 Envoy vulnerable to CORS filter segfault when origin header is removed

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, the CORS filter will segfault and crash Envoy when the origin header is removed and deleted between decodeHeadersand encodeHeaders. Versions 1.27....

CVE-2023-35943

CVE-2023-35943 affects Envoy’s CORS filter: prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, removing the origin header between decodeHeaders and encodeHeaders can cause a segfault/crash. A fix is available in those branches (upgrade to a version that includes the patch, e.g., 1.27...

CVE-2015-8628

The 1 Special:MyPage, 2 Special:MyTalk, 3 Special:MyContributions, 4 Special:MyUploads, and 5 Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 allow remote attackers to obtain sensitive user login information via crafted...

CVE-2015-8622

Cross-site scripting XSS vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as demonstrated by a wikilink to...