CLSA-2026-1778109988 toolbox: Fix of 9 CVEs

Rebuild with golang = 1.22.5 to fix CVE-2022-1705, CVE-2022-41717, CVE-2023-29406, CVE-2023-39318, CVE-2023-39319, CVE-2023-39326, CVE-2023-45290, CVE-2024-24785, CVE-2024-24791...

CVE-2026-21348

Substance3D - Modeler versions 1.22.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that ...

CVE-2026-21348

CVE-2026-21348 affects Substance3D Modeler

CVE-2026-21348

Substance3D - Modeler versions 1.22.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that ...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via inadequate enforcement of branch delete permissions after merging a pull request. An attacker can delete arbitrary branches. Remediation Upgrade code.gitea.io/gitea/routers/web/repo to version 1.22.5 or highe...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via inadequate enforcement of branch delete permissions after merging a pull request. An attacker can delete arbitrary branches. Remediation Upgrade github.com/go-gitea/gitea/routers/api/v1/repo to version 1.22.5...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via inadequate enforcement of branch delete permissions after merging a pull request. An attacker can delete arbitrary branches. Remediation Upgrade code.gitea.io/gitea/routers/api/v1/repo to version 1.22.5 or...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via inadequate enforcement of branch delete permissions after merging a pull request. An attacker can delete arbitrary branches. Remediation Upgrade github.com/go-gitea/gitea/services/repository to version 1.22.5...

CVE-2025-68940

In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request...

CLSA-2025-1765379708 podman: Fix of CVE-2025-58183

Rebuild with golang = 1.22.5-1.el92.tuxcare.els8 to address CVE-2025-58183...

Fedora: Security Advisory (FEDORA-2025-2e23403e23)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 42 : libnbd (2025-2e23403e23)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-2e23403e23 advisory. New upstream stable version 1.22.5 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Fedora 41 : libnbd (2025-ffa97eb16f)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-ffa97eb16f advisory. New upstream stable version 1.22.5 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

CLSA-2025-1751912853 Update of golang

Update to 1.22.5...

SUSE SLES15 / openSUSE 15 Security Update : kubernetes1.25 (SUSE-SU-2024:3344-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3344-1 advisory. - CVE-2023-45288: golang.org/x/net: excessive CPU consumption when processing unlimited sets of headers. bsc1229869 -...

CVE-2014-2665

includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information ...

MGASA-2014-0157 Updated mediawiki packages fix CVE-2014-2665

Updated mediawiki packages fix security vulnerability: Login CSRF issue in MediaWiki before 1.22.5 in Special:ChangePassword, whereby a user can be logged into an attackers account without being aware of it, allowing the attacker to track the user's activity CVE-2014-2665. MediaWiki has been...

Updated mediawiki packages fix CVE-2014-2665

Updated mediawiki packages fix security vulnerability: Login CSRF issue in MediaWiki before 1.22.5 in Special:ChangePassword, whereby a user can be logged into an attackers account without being aware of it, allowing the attacker to track the user's activity CVE-2014-2665. MediaWiki has been...