MiracleLinux 8 : nspr-4.25.0-2.el8, nss-3.53.1-11.0.1.el8 (AXSA:2020-690:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-690:01 advisory. nss: UAF in sftkFreeSession due to improper refcounting CVE-2019-11756 nss: Check length of inputs for cryptographic primitives CVE-2019-17006 nss:...

CVE-2025-12402

creationtimestamp| type| source ---|---|--- 2025-11-04 05:44:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m4rtd3gh6g2k...

WordPress LinkedIn Resume plugin <= 2.00 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin LinkedIn Resume versions = 2.00...

CVE-2024-12402

The Themes Coder – Create Android & iOS Apps For Your Woocommerce Site plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.4. This is due to the plugin not properly validating a user's identity prior to updating their password...

CVE-2024-12402

CVE-2024-12402 impacts the Themes Coder – Create Android & iOS Apps For Your Woocommerce Site plugin for WordPress. The root cause is insecure direct object reference: the plugin does not properly validate a user’s identity before password updates in update_user_profile(), enabling unauthenticate...

CVE-2024-12402 Themes Coder – Create Android & iOS Apps For Your Woocommerce Site <= 1.3.4 - Insecure Direct Object Reference to Password Change/Account Takeover/Privilege Escalation

The Themes Coder – Create Android & iOS Apps For Your Woocommerce Site plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.4. This is due to the plugin not properly validating a user's identity prior to updating their password...

Atlassian Confluence < 7.19.25 / 8.5.x < 8.5.12 / 8.9.x < 8.9.4 (CONFSERVER-96099)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-96099 advisory. - The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially...

K61267093: Multiple NSS vulnerabilities CVE-2020-6829, CVE-2020-12400, CVE-2020-12401, and CVE-2020-12402

Security Advisory Description CVE-2020-6829 When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the...

Security Bulletin: Vulnerability in IBM Websphere Application Server Liberty used by IBM Cloud Pak System (CVE-2019-12402)

Summary There are vulnerabilities in Websphere Application Server Liberty used by IBM Cloud Pak System. IBM Cloud Pak System has addressed the vulnerability. IBM Cloud Pak System has released v2.3.1.1 with IBM WebSphere Application Server Pattern that supports Websphere Application Server...

Security Bulletin: An Apache Commons Compress vulnerability has been identified with the embedded IBM FileNet P8 Content Platform Engine component in IBM Business Process Manager and IBM Business Automation Workflow

Summary An Apache Commons Compress vulnerability has been identified with the embeded IBM FileNet P8 Content Platform Engine component, specifically with the Administration Console for Content Platform Engine application, in IBM Business Process Manager and IBM Business Automation Workflow...

Security Bulletin: Apache Commons Compress vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-12402)

Summary Apache Commons Compress is vulnerable to a denial of service which can affect IBM Spectrum Control formerly IBM Tivoli Storage Productivity Center. Vulnerability Details CVE-ID: CVE-2019-12402 Description: Apache Commons Compress is vulnerable to a denial of service, caused by an error in...

Mageia: Security Advisory (MGASA-2020-0274)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Firefox Security Advisory (MFSA2020-24) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Mozilla Firefox Security Advisory (MFSA2018-26) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Security Bulletin: IBM FileNet Content Manager security vulnerability in Administration Console for Content Platform Engine (ACCE) in Apache Commons Compress

Summary IBM FileNet Content Manager security vulnerability in Administration Console for Content Platform Engine ACCE in Apache Commons Compress v1.18 Vulnerability Details CVE-ID: CVE-2019-12402 Description: Apache Commons Compress is vulnerable to a denial of service, caused by an error in the...

SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2020:14421-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14421-1 advisory. - During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly...

SUSE: Security Advisory (SUSE-SU-2020:1898-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:14421-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2021-1931)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : nss (EulerOS-SA-2021-1952)

According to the version of the nss packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly...