RockyLinux 9 : thunderbird (RLSA-2026:0924)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:0924 advisory. firefox: Spoofing issue in the Downloads Panel component CVE-2025-14327 firefox: Use-after-free in the JavaScript: GC component CVE-2026-0885 firefox:...

RHSA-2026:0924

creationtimestamp| type| source ---|---|--- 2026-01-21 12:18:18+00:00| seen| https://gist.github.com/Darkcrai86/72a1ea510779574affd676079a7cc6ee...

Oracle Linux 9 : thunderbird (ELSA-2026-0924)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-0924 advisory. 140.7.0-1.0.1 - Fix prefs for new nss Orabug: 37079813 - Add Oracle prefs 140.7.0 - Add OpenELA debranding 140.7.0-1 - Update to 140.7.0 ESR Tenable ha...

MiracleLinux 8 : libtiff-4.0.9-23.el8 (AXSA:2022-4143:03)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4143:03 advisory. libtiff: Denial of Service via crafted TIFF file CVE-2022-0561 libtiff: Null source pointer lead to Denial of Service via crafted TIFF file...

CVE-2010-0924

cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.3 and 4.0.4 on Windows, allows remote attackers to cause a denial of service application crash via a long string in the BACKGROUND attribute of a BODY element...

Important Photon OS Security Update - PHSA-2025-4.0-0924

Updates of 'linux' packages of Photon OS have been released...

CVE-2019-0924

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916...

CVE-2004-0924

NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initial root login, reports the root account as being disabled, even when it has not...

Linux Distros Unpatched Vulnerability : CVE-2022-0924

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from...

CVE-2025-0924

The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2025-0924

creationtimestamp| type| source ---|---|--- 2025-02-17 04:30:31+00:00| seen| https://infosec.exchange/users/cve/statuses/114017345944337141 2025-02-17 05:15:54+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lidyj5vflp2t 2025-02-17 06:30:33+00:00| seen|...

CVE-2025-0924

CVE-2025-0924 (WP Activity Log) : Stored XSS via the message parameter in all WordPress WP Activity Log versions up to 5.2.2. Exploitation does not require authentication. Root cause: insufficient input sanitization and output escaping. Impact: injected scripts run when users view the page. A fix...

CVE-2025-0924 WP Activity Log <= 5.2.2 - Unauthenticated Stored Cross-Site Scripting

The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-0924

creationtimestamp| type| source ---|---|--- 2024-01-26 16:32:26+00:00| seen| https://t.me/ctinow/174305 2024-01-28 10:28:07+00:00| seen| https://t.me/arpsyndicate/3269 2024-02-02 21:16:52+00:00| seen| https://t.me/ctinow/178279 2024-02-19 09:21:45+00:00| seen| https://t.me/ctinow/187525...

CVE-2024-0924

A vulnerability, which was classified as critical, was found in Tenda AC10U 15.03.06.49multiTDE01. This affects the function formSetPPTPServer. The manipulation of the argument startIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been...

CVE-2024-0924

The CVE-2024-0924 issue affects Tenda AC10U with version 15.03.06.49_multi_TDE01, specifically the formSetPPTPServer function. The vulnerability arises from improper validation of the startIp argument, causing a stack-based buffer overflow that can be triggered remotely. Public exploit informatio...

BELL-CVE-2022-0924 CVE-2022-0924 does not affect BellSoft software

Bulletin has no description...

Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2023-1702)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-0924

The ZYREX POPUP WordPress plugin through 1.0 does not validate the type of files uploaded when creating a popup, allowing a high privileged user such as an Administrator to upload arbitrary files, even when modifying the file system is disallowed, such as in a multisite install...

CVE-2023-0924

CVE-2023-0924 concerns the Zyrex Popup WordPress plugin (versions