MiracleLinux 7 : freeradius-3.0.4-8.el7 (AXSA:2017-1711:02)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2017-1711:02 advisory. The FreeRADIUS Server Project is a high performance and highly configurable GPL'd free RADIUS server. The server is similar in some respects to Livingston's...

AlmaLinux 10 : buildah (ALSA-2025:9148)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:9148 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block directly fr...

CVE-2025-9148 CodePhiliaX Chat2DB JDBC Connection DataSourceController.java sql injection

A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects an unknown function of the file ai/chat2db/server/web/api/controller/data/source/DataSourceController.java of the component JDBC Connection Handler. The manipulation results in sql injection. The attack can be executed...

Oracle Linux 10 : buildah (ELSA-2025-9148)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-9148 advisory. - Rebuild on new golang to fix CVE-2025-22871 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

CVE-2024-9148

Flowise 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input sanitization in Flowise Chat Embed 2.0.0...

CVE-2024-9148

creationtimestamp| type| source ---|---|--- 2024-09-25 04:16:33+00:00| seen| https://t.me/cvedetector/6244...

CVE-2024-9148

Flowise 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input sanitization in Flowise Chat Embed 2.0.0...

CVE-2020-9148

CVE-2020-9148 describes an application bypass mechanism vulnerability in Huawei Smartphone EMUI’s component interface. Local attackers could delete user SMS messages. The connected documents do not provide concrete technical details (affected version(s), root cause specifics, exploit steps, or re...

Huawei EulerOS: Security Advisory for freeradius (EulerOS-SA-2017-1135)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-9148

Mailvelope prior to 3.3.0 accepts or operates with invalid PGP public keys: Mailvelope allows importing keys that contain users without a valid self-certification. Keys that are obviously invalid are not rejected during import. An attacker that is able to get a victim to import a manipulated key...

CVE-2019-9148

Mailvelope is affected up to version 3.2.x; the vulnerability arises from importing invalid PGP keys during key import. Specifically, Mailvelope accepts or operates with keys that contain users without a valid self-certification and does not reject clearly invalid keys during import, enabling an ...

CVE-2015-9148

CVE-2015-9148 is an Android vulnerability affecting Qualcomm-based devices (Android versions affected prior to 2018-04-05 patch level) where the Diag User-PD command registration function does not validate a length value used for buffer allocation. If a very large length is processed, this can tr...

CVE-2018-9148

Western Digital WD My Cloud v04.05.00-320 devices embed the session token aka PHPSESSID in filenames, which makes it easier for attackers to bypass authentication by listing a directory. NOTE: this can be exploited in conjunction with CVE-2018-7171 for remote authentication bypass within a produc...

CVE-2018-9148

CVE-2018-9148 details (WD My Cloud) : WD My Cloud devices with version v04.05.00-320 embed the session token (PHPSESSID) in filenames, enabling directory listing and authentication bypass when combined with CVE-2018-7171. This creates a risk of bypassing access controls via exposed session identi...

Debian: Security Advisory (DLA-977-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2014-9148

CVE-2014-9148 concerns Fiyo CMS 2.0.1.8, where an attacker can bypass access restrictions by manipulating the view parameter in a direct request to fiyo/dapur, enabling remote execution of the Install and Update or Backup super administrator functions. The description specifies a direct parameter...

SUSE SLES11 Security Update : freeradius-server (SUSE-SU-2017:1777-1)

This update for freeradius-server fixes the following issues : - CVE-2017-9148: Disable OpenSSL's internal session cache to mitigate authentication bypass. bnc1041445 - CVE-2015-4680: Add a configuration option to allow checking of all intermediate certificates for revocations. bnc935573 The...

CentOS 7 : freeradius (CESA-2017:1581)

An update for freeradius is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

freeradius security update

CentOS Errata and Security Advisory CESA-2017:1581 An update for freeradius is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Oracle Linux 7 : freeradius (ELSA-2017-1581)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2017-1581 advisory. 3.0.4-8 - Disable internal OpenSSL cache and fix session cache file permissions. Resolves: Bug1459131 CVE-2017-9148 freeradius: TLS resumption authentication...