8 matches found
SUSE-SU-2025:02350-2 Security update for kubernetes1.28
This update for kubernetes1.28 fixes the following issues: - CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content bsc1241865...
Security update for kubernetes1.26
This update for kubernetes1.26 fixes the following issues: CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content bsc1241865. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
Security update for kubernetes1.28
This update for kubernetes1.28 fixes the following issues: CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content bsc1241865. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
Security update for kubernetes1.27
This update for kubernetes1.27 fixes the following issues: CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content bsc1241865. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
Security update for kubernetes1.24
This update for kubernetes1.24 fixes the following issues: CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content bsc1241865. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
Amazon Linux 2 : nerdctl (ALAS-2025-2863)
The version of nerdctl installed on the remote host is prior to 2.0.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2863 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a...
Cross-site Scripting (XSS)
golang.org/x/net is vulnerable to improper parsing logic. The vulnerability is due to incorrect tag interpretation in unquoted attribute values ending with a solidus / being mistakenly marked as self-closing, especially in foreign content like or . which allows attackers to exploit content in the...
CVE-2025-22872
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...