Security update for go1.25

This update for go1.25 fixes the following issues: Update to go1.25.1, released 2025-09-03 bsc1244485. Security issues fixed: CVE-2025-47910: net/http: CrossOriginProtection insecure bypass patterns not limited to exact matches bsc1249141. Other issues fixed: go74822 cmd/go: "get toolchain@latest...

CVE-2025-54799

CVE-2025-54799 affects the Lets Encrypt Go-based client and the lego v4/acme/api package. In 4.25.1 and earlier, the library does not enforce HTTPS when the ACME client communicates with CAs, applying to both the initial discover URL and the URLs returned in directory/order objects. If an HTTP UR...

CVE-2025-50121

Schneider Electric EcoStruxure IT Data Center Expert (DCE)

RHEL 8 : go-toolset:rhel8 (RHSA-2025:10672)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:10672 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: net/http: Sensitive header...

CVE-2025-49193

Technical details (affected product/versions/root cause/fix) are not publicly provided in the supplied documents; monitor for updates.

RHEL 10 : golang (RHSA-2025:8477)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8477 advisory. The golang packages provide the Go programming language compiler. Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked...

CVE-2025-48865

Fabio is an HTTPS and TCP router for deploying applications managed by consul. Prior to version 1.6.6, Fabio allows clients to remove X-Forwarded headers except X-Forwarded-For due to a vulnerability in how it processes hop-by-hop headers. Fabio adds HTTP headers like X-Forwarded-Host and...

CVE-2022-27219

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.0 SP2. Affected application is missing general HTTP security headers in the web server configured on port 443. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks a...

CVE-2021-23000

On BIG-IP versions 13.1.3.4-13.1.3.6 and 12.1.5.2, if the tmm.http.rfc.enforcement BigDB key is enabled in a BIG-IP system, or the Bad host header value is checked in the AFM HTTP security profile associated with a virtual server, in rare instances, a specific sequence of malicious requests may...

CVE-2019-10248

Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected...

CVE-2019-10797

Netty in WSO2 transport-http before v6.3.1 is vulnerable to HTTP Response Splitting due to HTTP Header validation being disabled...

CVE-2019-5503

OnCommand Workflow Automation versions prior to 5.0 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...

CVE-2019-8632

Some analytics data was sent using HTTP rather than HTTPS. This was addressed by no longer sending this analytics data. This issue is fixed in Texture 5.11.10 for iOS, Texture 4.22.0.4 for Android. An attacker in a privileged network position may be able to intercept analytics data...

Fedora 41 : deluge (2025-d23a07ad00)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-d23a07ad00 advisory. https://deluge.readthedocs.io/en/deluge-2.2.0/changelog.html 2.2.0 2025-04-28 Breaking changes Removed Python 3.6 support Python = 3.7 Core Fix GHSL-2024-189...

[SECURITY] [DLA 4140-1] libsoup2.4 security update

Debian LTS Advisory DLA-4140-1 [email protected] https://www.debian.org/lts/security/ Andreas Henriksson April 27, 2025 https://wiki.debian.org/LTS Package : libsoup2.4 Version : 2.72.0-2+deb11u2 CVE ID : CVE-2025-2784 CVE-2025-32050 CVE-2025-32052 CVE-2025-32053 CVE-2025-32906...

IBMi Navigator 7.5 - HTTP Security Token Bypass

Author Title: John Page aka hyp3rlinx Author Website: hyp3rlinx.altervista.org Source: https://hyp3rlinx.altervista.org/advisories/IBMiNavigatorHTTPSecurityTokenBypass-CVE-2024-51464.txt Vendor: www.ibm.com Product Navigator for i is a Web console interface where you can perform the key tasks to...

Linux Distros Unpatched Vulnerability : CVE-2020-25613

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked th...

SUSE CVE-2024-53975

Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. This vulnerability affects Firefox for iOS 133...

Moderate: Red Hat Security Advisory: haproxy security update

An update for haproxy is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

PT-2024-30363 · Ibm · Ibm Concert

Name of the Vulnerable Software and Affected Versions: IBM Concert Software versions 1.0.0 through 1.0.1 Description: The issue is caused by the failure to properly enable HTTP Strict Transport Security, allowing a remote attacker to obtain sensitive information using man-in-the-middle techniques...