53 matches found
MiracleLinux 4 : firefox-3.6.17-1.0.1.AXS4, xulrunner-1.9.2.17-4.0.1.AXS4 (AXSA:2011-198:03)
The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-198:03 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security issues fixed with this releas...
CVE-2025-34302
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the PROT parameter when creating a new service. When a user adds a service, the application issues an HTTP POST...
CVE-2025-34317
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the TLSHOSTNAME parameter when adding a new DNS entry. When a user adds a DNS entry, the application issues an HT...
CVE-2025-34311
IPFire versions prior to 2.29 Core Update 198 contain a command injection vulnerability that allows an authenticated attacker to execute arbitrary commands as the user 'nobody' via multiple parameters when creating a Proxy report. When a user creates a Proxy report the application issues an HTTP...
CVE-2025-34302
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the PROT parameter when creating a new service. When a user adds a service, the application issues an HTTP POST...
CVE-2025-34301
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code into the COUNTRYCODE parameter when creating a location group. When a user adds a new location group, the application...
CVE-2025-34306
IPFire
PT-2025-44177
Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description IPFire versions prior to 2.29 Core Update 198 are susceptible to a stored cross-site scripting XSS issue. An authenticated attacker can inject arbitrary JavaScript code through the TLS...
PT-2025-44166
Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description IPFire versions prior to 2.29 Core Update 198 are susceptible to a stored cross-site scripting XSS issue. An authenticated attacker can inject arbitrary JavaScript code through the...
PT-2025-44160
Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description IPFire is affected by a stored cross-site scripting XSS issue. An authenticated attacker can inject arbitrary JavaScript code into the COUNTRY CODE parameter when creating a location...
PT-2025-44175
Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description IPFire versions prior to 2.29 Core Update 198 are susceptible to a stored cross-site scripting XSS issue. An authenticated attacker can inject arbitrary JavaScript code through the txt...
PT-2025-44169
Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description The software contains a stored cross-site scripting XSS issue that allows an authenticated attacker to inject arbitrary JavaScript code. This is achieved by manipulating the INC SPD, OU...
PT-2025-44163
Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description IPFire versions prior to 2.29 Core Update 198 contain a SQL injection issue. An authenticated attacker can manipulate the SQL query when viewing OpenVPN connection logs through the...
PT-2025-44172
Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description IPFire versions prior to 2.29 Core Update 198 are susceptible to a stored cross-site scripting XSS issue. An authenticated attacker can inject arbitrary JavaScript code through the QUOT...
PT-2025-44164
Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description IPFire installations are affected by multiple stored cross-site scripting XSS issues. These occur because the cleanhtml function located at /var/ipfire/header.pl does not correctly appl...
PT-2025-44162
Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description IPFire versions prior to 2.29 Core Update 198 are susceptible to a stored cross-site scripting XSS issue. An authenticated attacker can inject arbitrary JavaScript code through the IGNO...
PT-2025-44173
Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description The software contains a stored cross-site scripting XSS issue that allows an authenticated attacker to inject arbitrary JavaScript code. This is achieved by manipulating the SRC, DST, a...
PT-2025-44170
Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description IPFire versions prior to 2.29 Core Update 198 contain a command injection issue. An authenticated attacker can execute arbitrary commands as the 'nobody' user through multiple parameter...
PT-2025-44165
Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description IPFire versions prior to 2.29 Core Update 198 are susceptible to a stored cross-site scripting XSS issue. An authenticated attacker can inject arbitrary JavaScript code through the...
Fortinet FortiAnalyzer SSO SAML authentication (FG-IR-25-198)
The version of FortiAnalyzer installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-25-198 advisory. - A concurrent execution using shared resource with improper synchronization 'Race Condition' vulnerability CWE-362 in...