openSUSE 16 Security Update : MozillaFirefox (openSUSE-SU-2026:20789-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20789-1 advisory. This update for MozillaFirefox fixes the following issues - Update to Firefox Extended Support Release 140.11.0 ESR MFSA 2026-48 bsc1265212. MFS...

Linux Distros Unpatched Vulnerability : CVE-2026-8949

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

CVE-2026-8949

Integer overflow in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

RHEL 9 : grafana-pcp (RHSA-2026:8949)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:8949 advisory. The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace...

CVE-2024-8949

A vulnerability classified as critical has been found in SourceCodester Online Eyewear Shop 1.0. This affects an unknown part of the file /classes/Master.php of the component Cart Content Handler. The manipulation of the argument cartid/id leads to improper ownership management. It is possible to...

CVE-2020-8949

Gocloud S2AWL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3.0.17193, S3A K2P MTK 4.2.7.16528, S3A 4.3.0.16572, and ISP3000 4.3.0.17190 devices allows remote attackers to execute arbitrary OS commands via shell metacharacters in a ping operation, as demonstrated by the...

CVE-2024-8949

creationtimestamp| type| source ---|---|--- 2024-09-17 22:18:05+00:00| seen| https://t.me/cvedetector/5832...

CVE-2024-26134

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR RFC 8949 serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a...

Design/Logic Flaw

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR RFC 8949 serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a...

CVE-2024-26134 CBOR2 decoder has potential buffer overflow

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR RFC 8949 serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a...

CVE-2024-26134

The CVE-2024-26134 issue affects the Python cbor2 library (5.5.1–5.6.1). The root cause is a crash when processing long CBOR inputs, notably during hashing a CBORTag, leading to an availability impact. A patch is available in 5.6.2 (and later). Remediation: upgrade cbor2 to 5.6.2+ or apply the ve...

SUSE CVE-2015-8949

Use-after-free vulnerability in the mylogin function in DBD::mysql before 4.03301 allows attackers to have unspecified impact by leveraging a call to mysqlerrno after a failure of mylogin...

CVE-2020-8949

Gocloud S2AWL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3.0.17193, S3A K2P MTK 4.2.7.16528, S3A 4.3.0.16572, and ISP3000 4.3.0.17190 devices allows remote attackers to execute arbitrary OS commands via shell metacharacters in a ping operation, as demonstrated by the...

CVE-2020-8949

CVE-2020-8949: Remote command execution via shell metacharacters in a ping operation affects multiple Go Cloud/ISP devices. Affected: Gocloud S2A_WL 4.2.7.16471; S2A 4.2.7.17278, 4.3.0.15815, 4.3.0.17193; S3A K2P MTK 4.2.7.16528, 4.3.0.16572; ISP3000 4.3.0.17190. Root cause: improper handling of ...

shidonni.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1035849 Security Researcher geeknik Helped patch 8949 vulnerabilities Received 8 Coordinated Disclosure badges Received 21 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting shidonni.com website and i...

zottac.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1004766 Security Researcher geeknik Helped patch 8949 vulnerabilities Received 8 Coordinated Disclosure badges Received 21 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting zottac.com website and its...

CVE-2018-8949

CVE-2018-8949 involves MISP before 2.4.89, where a flaw in app/Model/Attribute.php creates an API integrity risk that could let a user delete attributes of other events. A crafted event edit (no attribute UUIDs but with attribute IDs set) could overwrite an existing attribute, potentially impacti...

CVE-2017-8949

CVE-2017-8949 affects HPE SiteScope 11.2x and 11.3x, linked to a hard-coded cryptographic key in the ss_pu.jar library that enables information disclosure. The issue is part of a group of vulnerabilities (CVE-2017-8949, -8950, -8951, -8952) affecting the same product, with separate weaknesses inc...

CVE-2016-8949

CVE-2016-8949 affects IBM Emptoris Supplier Lifecycle Management 10.0.x–10.1.1.x. A remote attacker could exploit an open redirect to spoof the URL and lure victims to a malicious site, enabling phishing and potential data exposure. IBM’s Security Bulletin for Emptoris SLM documents the vulnerabi...

CVE-2016-8949

IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to...