MiracleLinux 9 : thunderbird-128.3.0-1.el9_4.ML.1 (AXSA:2024-8890:22)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-8890:22 advisory. thunderbird: 115.16/128.3 firefox: thunderbird: Specially crafted WebTransport requests could lead to denial of service CVE-2024-9399 firefox:...

MiracleLinux 8 : ruby:2.6 (AXSA:2021-2402:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2402:01 advisory. rubygem-bundler: Insecure permissions on directory in /tmp/ allows for execution of malicious code CVE-2019-3881 ruby: NUL injection vulnerability o...

CRMEB authorization issue vulnerabilities

CRMEB is an open-source Java e-commerce system developed by CRMEB. Versions of CRMEB 5.6.3 and earlier contained a vulnerability related to authorization issues. This vulnerability stemmed from incorrect handling of the parameter ‘uid’ in the component’s JSON Token Handler file,...

PT-2026-3750

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.53.3 Fleet versions 4.53.3 through 4.75.2 Fleet versions 4.75.2 through 4.76.2 Fleet versions 4.76.2 through 4.77.1 Fleet versions 4.77.1 through 4.78.3 Description A critical authentication issue exists in Fleet Devi...

MiracleLinux 8 : dotnet6.0-6.0.113-1.el8.ML.1 (AXSA:2023-4751:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-4751:02 advisory. dotnet: Parsing an empty HTTP response as a JSON.NET JObject causes a stack overflow and crashes a process CVE-2023-21538 Tenable has extracted the preceding...

MiracleLinux 9 : podman-4.9.4-4.el9_4 (AXSA:2024-8285:05)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8285:05 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods...

MiracleLinux 8 : mysql:8.0 (AXSA:2024-7561:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7561:01 advisory. mysql: InnoDB unspecified vulnerability CPU Apr 2023 CVE-2023-21911 mysql: Server: DDL unspecified vulnerability CPU Apr 2023 CVE-2023-21919,...

MiracleLinux 8 : nodejs:14 (AXSA:2021-1510:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1510:01 advisory. nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS CVE-2020-7754 nodejs-y18n: prototype pollution...

PT-2026-3555

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in Keycloak’s OpenID Connect Dynamic Client Registration feature when clients authenticate using private key jwt. The issue allows a client to specify an arbitrary jwks uri,...

MiracleLinux 9 : dotnet6.0-6.0.135-1.el9_4.ML.1 (AXSA:2024-8898:17)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8898:17 advisory. dotnet: System.IO.Packaging - Multiple DoS vectors in use of SortedList CVE-2024-43484 dotnet: Denial of Service in System.Text.Json CVE-2024-43485...

MiracleLinux 7 : rh-ruby25-ruby-2.5.9-9.el7 (AXSA:2021-1762:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1762:01 advisory. ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? CVE-2019-15845 ruby: Regular expression denial of service vulnerability of...

MiracleLinux 8 : json-c-0.13.1-2.el8 (AXSA:2021-2645:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2645:02 advisory. json-c: integer overflow and out-of-bounds write via a large JSON file CVE-2020-12762 Tenable has extracted the preceding description block directly from the...

MiracleLinux 9 : mysql-8.0.36-1.el9_3.ML.1 (AXSA:2024-7606:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7606:01 advisory. mysql: InnoDB unspecified vulnerability CPU Apr 2023 CVE-2023-21911 mysql: Server: DDL unspecified vulnerability CPU Apr 2023 CVE-2023-21919,...

PT-2026-3631

IBM ApplinX 11.1 is vulnerable due to a privilege escalation vulnerability due to improper verification of JWT tokens. An attacker may be able to craft or modify a JSON web token in order to impersonate another user or to elevate their privileges...

PT-2026-3519

Name of the Vulnerable Software and Affected Versions MineAdmin versions 1.x and 2.x Description A weakness exists due to insufficient verification of data authenticity within the JWT Token Handler component. This issue affects the refresh function of the /system/refresh file. The attack can be...

PT-2026-3533

The Custom Fonts – Host Your Fonts Locally plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'BCF Google Fonts Compatibility' class constructor function in all versions up to, and including, 2.1.16. This makes it possible for unauthenticated...

PT-2026-3741

Impact If Windows MDM is enabled, an attacker can enroll rogue devices by submitting a forged JWT containing arbitrary identity claims. Due to missing JWT signature verification, Fleet accepts these claims without validating that the token was issued by Azure AD, allowing enrollment under any Azu...

PT-2026-3645

Name of the Vulnerable Software and Affected Versions Open 5GS WebUI affected versions not specified Description The software utilizes a hard-coded JWT signing key 'change-me' if the JWT SECRET KEY environment variable is not set. This can allow attackers to forge JWTs and potentially gain...

IBM ApplinX 数据伪造问题漏洞

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern Web-based applications. IBM ApplinX has a data forgery issue vulnerability that stems from improper JWT token validation, which can be exploited by an attacker to elevate...

MiracleLinux 9 : buildah-1.33.7-1.el9 (AXSA:2024-8134:04)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8134:04 advisory. The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container,...