CLSA-2026-1778788223 libssh2: Fix of 2 CVEs

CVE-2019-3860: bounds-check SFTP packet sizes in sftppacketrequire/v and sftpbin2attr - CVE-2019-3861: bounds-check paddinglength in libssh2transportread...

ECHO-15FF-770A-3861

Bulletin has no description...

MiracleLinux 8 : thunderbird-115.10.0-2.el8_9.ML.1 (AXSA:2024-7726:10)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-7726:10 advisory. Mozilla: Denial of Service using HTTP/2 CONTINUATION frames CVE-2024-3302 Tenable has extracted the preceding description block directly from the...

TencentOS Server 4: firefox (TSSA-2024:0153)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0153 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Siemens SIMATIC S7-1500 Out-of-bounds Read (CVE-2019-3861)

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. This plugin on...

Linux Distros Unpatched Vulnerability : CVE-2021-3861

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions = v2.6.0 contain Heap-based Buffer Overflow CWE-122. For more information,...

GO-2025-3861 Mattermost Confluence Plugin has Missing Authorization vulnerability in github.com/mattermost/mattermost-plugin-confluence

Mattermost Confluence Plugin has Missing Authorization vulnerability in github.com/mattermost/mattermost-plugin-confluence...

Linux Distros Unpatched Vulnerability : CVE-2024-3861

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect reference count and later use-after-free. This vulnerability...

TencentOS Server 3: thunderbird (TSSA-2024:0142)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0142 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2023-3861

A vulnerability was found in phpscriptpoint Insurance 1.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /search.php. The manipulation leads to cross site scripting. The attack can be launched remotely. The identifier VDB-235213 was...

CVE-2020-3861

The issue was addressed with improved permissions logic. This issue is fixed in iTunes for Windows 12.10.4. A user may gain access to protected parts of the file system...

CVE-2025-3861

creationtimestamp| type| source ---|---|--- 2025-04-25 05:42:34+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lnmiyx5n6lk2 2025-04-25 06:10:53+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13382 2025-04-25 09:09:12+00:00| seen|...

CVE-2025-3861 Prevent Direct Access 2.8.6 - 2.8.8.2 - Incorrect Authorization to Authenticated (Contributor+) Multiple Media Actions

The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to unauthorized access and modification of data| due to a misconfigured capability check on the 'pdalitecustompermissioncheck' function in versions 2.8.6 to 2.8.8.2. This makes it possible for authenticated...

WordPress Prevent Direct Access plugin 2.8.6-2.8.8.2 - Incorrect Authorization to Authenticated (Contributor+) Multiple Media Actions vulnerability

Incorrect Authorization to Authenticated Contributor+ Multiple Media Actions vulnerability discovered by 0xbro in WordPress Plugin Prevent Direct Access versions 2.8.6-2.8.8.2...

Linux Distros Unpatched Vulnerability : CVE-2019-3861

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. ...

openSUSE Security Advisory (SUSE-SU-2024:3861-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RLSA-2024:1908 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.10.0 ESR. Security Fixes: GetBoundName in the JIT returned the wrong object CVE-2024-3852 Out-of-bounds-read after mis-optimized switch...

SUSE: Security Advisory (SUSE-SU-2024:1319-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2024:1350-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RLSA-2024:1912 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.10.0 ESR. Security Fixes: GetBoundName in the JIT returned the wrong object CVE-2024-3852 Out-of-bounds-read after mis-optimized switch...