Golang 1.24.x < 1.24.8 / 1.25.x < 1.25.2 Multiple Vulnerabilities (qZN5nc-mBgAJ)

The version of Golang running on the remote host is 1.24.x prior to 1.24.8, 1.25.x prior to 1.25.2. It is, therefore, affected by multiple vulnerabilities as referenced in qZN5nc-mBgAJ advisory. - The Parse function permitted values other than IPv6 addresses to be included in square brackets with...

Nginx 1.25.x < 1.25.4 Multiple Vulnerabilities

According to its Server response header, the installed version of nginx is 1.25.x prior to 1.25.4. It is, therefore, affected by the following issues : - A NULL pointer dereference in HTTP/3. CVE-2024-24989 - A Use-after-free in HTTP/3. CVE-2024-24990 Note that the scanner has not tested for thes...

CVE-2015-8009

The MWOAuthDataStore::lookuptoken function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use another Consumer's...

Design/Logic Flaw

MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads...