Oracle Linux 9 : qemu-kvm (ELSA-2026-50241)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50241 advisory. - Document CVEs Mark Kanda CVE-2025-54566 CVE-2025-54567 CVE-2025-8860 CVE-2026-0665 CVE-2026-3886 - hw/usb/hcd-ohci: check for MPS=0 to avoid infinit...

MiracleLinux 9 : thunderbird-128.2.0-1.el9_4.ML.1 (AXSA:2024-8860:21)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-8860:21 advisory. thunderbird: 115.15/128.2 mozilla: Type confusion when looking up a property name in a with block CVE-2024-8381 mozilla: Internal event interfaces...

CVE-2025-8860

creationtimestamp| type| source ---|---|--- 2025-09-04 03:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-25-884/...

Linux Distros Unpatched Vulnerability : CVE-2025-8860

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in QEMU in the uefi-vars virtual device. When the guest writes to register UEFIVARSREGBUFFERSIZE, the .write callback uefivarswrite is invoked...

CVE-2024-8860

creationtimestamp| type| source ---|---|--- 2025-08-26 07:18:25+00:00| seen| Telegram/DhqmFwog0rzTZVVUipLJKU04VoeKa60jCDxUgO8Xgcs1w...

WordPress Tourfic plugin <= 2.14.5 - Missing Authorization in Multiple Functions vulnerability

Missing Authorization in Multiple Functions vulnerability discovered by WordFence in WordPress Plugin Tourfic versions = 2.14.5...

SUSE CVE-2025-8860

A flaw was found in QEMU in the uefi-vars virtual device. When the guest writes to register UEFIVARSREGBUFFERSIZE, the .write callback uefivarswrite is invoked. The function allocates a heap buffer without zeroing the memory, leaving the buffer filled with residual data from prior allocations. Wh...

MAL-2025-8860 Malicious code in @malware-test-pored-ramal-imbue-chott/test-mlw3-pored-ramal-imbue-chott (npm)

The package @malware-test-pored-ramal-imbue-chott/test-mlw3-pored-ramal-imbue-chott was found to contain malicious code...

CVE-2020-8860

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S10 Firmware G973FXXS3ASJA, O8.x, P9.0, Q10.0 devices with Exynos chipsets. User interaction is required to exploit this vulnerability in that the target must answer a phone call. The...

AlmaLinux 8 : krb5 (ALSA-2024:8860)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:8860 advisory. freeradius: forgery attack CVE-2024-3596 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. Note that Nessus has...

Ubuntu 16.04 ESM : node-tar vulnerability (USN-4777-1)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-4777-1 advisory. It was discovered that node-tar mishandled certain tar archives. An attacker could use this vulnerability to write arbitrary files to the filesystem. Tenable has...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1.9 (protobuf) security update

An update for protobuf is now available for Red Hat OpenStack Platform 16.1.9 Train for Red Hat Enterprise Linux RHEL 8.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Mageia: Security Advisory (MGASA-2016-0356)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-8860

CVE-2020-8860 affects Samsung Galaxy S10 devices with Exynos SoCs (G973FXXS3ASJA etc.). The flaw is a buffer overflow in the Call Control Setup messages, caused by inadequate validation of the length of user-supplied data copied into a fixed-length, stack-based buffer. This enables remote code ex...

CVE-2018-8860

In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker may be able to capture firmware updates through the adjacent network...

CVE-2018-8860

The CVE affects Vecna VGo Robot—versions 3.0.3.52164 and 3.0.3.53662 (earlier versions may also be affected). The flaw enables an attacker on an adjacent network to capture firmware updates, exposing sensitive information and potentially enabling further compromise. The NVD/ICSA data record a CVS...

Cohu 3960HD Multiple Vulnerabilities

Cohu 3960HD Series IP cameras are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

CVE-2017-8860

Information disclosure through directory listing on the Cohu 3960HD allows an attacker to view and download source code, log files, and other sensitive device information via a specially crafted web request with an extra / character, such as a "GET // HTTP/1.1" request...

CVE-2017-8860

CVE-2017-8860 affects the Cohu 3960HD IP camera series. The issue is information disclosure caused by an information-leaking directory listing vulnerability that can be triggered by a crafted HTTP request containing an extra slash (for example, a GET // HTTP/1.1). Successful exploitation allows a...

6to5 (=3.0.0), @blank-string/static.blankstring.surge.sh (>=1.0.0 <=1.0.1) +4298 more potentially affected by CVE-2015-8860 via tar (>=0.1.12 <=1.0.3)

tar NPM version =0.1.12, =1.0.0, =0.6.3, =1.0.0, =1.0.0, =0.1.2, =1.2.6, =1.0.1, =1.0.0, =0.7.1, =0.97.5, =0.97.7 and more Source cves: CVE-2015-8860 Source advisory: OSV:GHSA-GFJR-3JMM-4G9V...