openSUSE 16 Security Update : MozillaFirefox (openSUSE-SU-2026:20789-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20789-1 advisory. This update for MozillaFirefox fixes the following issues - Update to Firefox Extended Support Release 140.11.0 ESR MFSA 2026-48 bsc1265212. MFS...

CVE-2026-8954 vulnerabilities

Vulnerabilities for packages: firefox...

CVE-2026-8954

creationtimestamp| type| source ---|---|--- 2026-05-19 20:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/mozilla-products-multiple-vulnerabilities20260520 2026-05-20 02:01:24+00:00| seen| https://bsky.app/profile/slackers.it/post/3mmasq4ron32w 2026-05-20 02:01:31+00:00| seen|...

CVE-2026-8954

Incorrect boundary conditions, integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

CVE-2026-8954 Incorrect boundary conditions, integer overflow in the Audio/Video component

Incorrect boundary conditions, integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

CVE-2026-8954

Incorrect boundary conditions, integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

Linux Distros Unpatched Vulnerability : CVE-2026-8954

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect boundary conditions, integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151,...

MINI-84JV-8954-RG33

Bulletin has no description...

MINI-MC69-8954-86MW

Bulletin has no description...

CVE-2025-8954

A vulnerability was identified in PHPGurukul Hospital Management System 4.0. This affects an unknown part of the file /admin/doctor-specilization.php. The manipulation of the argument doctorspecilization leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2019-8954

In Indexhibit 2.1.5, remote attackers can execute arbitrary code via the v parameter in conjunction with the id parameter in a updjxcode=true action to the ndxzstudio/?a=system URI...

CVE-2024-8954

In composiohq/composio version 0.5.10, the API does not validate the x-api-key header's value during the authentication step. This vulnerability allows an attacker to bypass authentication by providing any random value in the x-api-key header, thereby gaining unauthorized access to the server...

CVE-2024-8954

creationtimestamp| type| source ---|---|--- 2025-03-20 11:40:46+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3lksmhvkhzs2v 2025-03-20 12:48:32+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114194835835134493...

CVE-2024-8954

CVE-2024-8954 affects composiohq/composio 0.5.10, where the API does not validate the x-api-key header during authentication. This allows an attacker to bypass authentication by supplying any value in x-api-key, resulting in unauthorized access to the server. The accompanying metrics indicate a h...

CGA-WMJW-7H95-8954

Bulletin has no description...

CVE-2020-8954

OpenSearch Web browser 1.0.4.9 allows Intent Scheme Hijacking.a link that opens another app in the browser can be manipulated...

CVE-2020-8954

OpenSearch Web browser 1.0.4.9 is affected by an Intent Scheme Hijacking vulnerability. The description indicates that a link in the browser that opens another app can be manipulated, enabling potential redirection to unintended applications. The provided documents do not include further technica...

CVE-2019-8954

In Indexhibit 2.1.5, remote attackers can execute arbitrary code via the v parameter in conjunction with the id parameter in a updjxcode=true action to the ndxzstudio/?a=system URI...

CVE-2019-8954

Indexhibit 2.1.5 is affected by CVE-2019-8954. The vulnerability allows remote attackers to execute arbitrary code via the v parameter (used with the id parameter) in an upd_jxcode=true action to the ndxzstudio/?a=system URI. Several connected documents corroborate code execution impact on affect...

Security Bulletin: Hard-coded credentials used in IBM dashDB Local (CVE-2016-8954)

Summary Hard-code credentials in IBM dashDB Local might be exploited by an attacker. Vulnerability Details CVEID: CVE-2016-8954 DESCRIPTION: IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database. CVSS Base Score: 9.8 CVS...