294 matches found
Debian: Security Advisory (DLA-4010-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mozilla Firefox SEoL (17.x)
According to its version, Mozilla Firefox version install on the remote host has reached end of support. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may conta...
Mozilla Firefox SEoL (99.x)
According to its version, Mozilla Firefox version install on the remote host has reached end of support. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may conta...
Mozilla Firefox SEoL (15.x)
According to its version, Mozilla Firefox version install on the remote host has reached end of support. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may conta...
Mozilla Firefox SEoL (77.x)
According to its version, Mozilla Firefox version install on the remote host has reached end of support. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may conta...
Mozilla Firefox SEoL (79.x)
According to its version, Mozilla Firefox version install on the remote host has reached end of support. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may conta...
CVE-2024-52590
Misskey is an open source, federated social media platform. In affected versions missing validation in ApRequestService.signedGet allows an attacker to create fake user profiles that appear to be from a different instance than the one where they actually exist. These profiles can be used to...
CVE-2024-55890 D-Tale allows Remote Code Execution through the Custom Filter Input
D-Tale is a visualizer for pandas data structures. Prior to version 3.16.1, users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.16.1 where the update-settings endpoint blocks the ability...
CBL Mariner 2.0 Security Update: kernel (CVE-2024-49896)
The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49896 advisory. - In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check stream before...
CVE-2024-52798
path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgra...
Google Chrome < 131.0.6778.108 Vulnerability
The version of Google Chrome installed on the remote macOS host is prior to 131.0.6778.108. It is, therefore, affected by a vulnerability as referenced in the 202412stable-channel-update-for-desktop advisory. - Type Confusion in V8 in Google Chrome prior to 131.0.6778.108 allowed a remote attacke...
Mozilla Thunderbird < 128.4.3
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 128.4.3. It is, therefore, affected by a vulnerability as referenced in the mfsa2024-61 advisory. - Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. CVE-2024-11159 Note...
KLA71412 OSI vulnerability in Microsoft Office
Information disclosure vulnerability was found in Microsoft Office. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories CVE-2024-38206 CVE list CVE-2024-38206 critical Solution Install necessary updates from the KB section, that are listed in your...
Amazon Linux 2 : httpd (ALAS-2024-2594)
The version of httpd installed on the remote host is prior to 2.4.61-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2594 advisory. Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sen...
Medium: php8.1
Issue Overview: The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/138...
Session Appears Down in XenApp Farm and Csrss.exe Process Remains Active in Session
Session appears in astate in the XenApp farm. Csrss.exe process remains active in the session. This generally means that the session had problems on logoff and remains hung until it is manually terminated or the server is restarted. Additionally, if the server has sessions in this state and is...
SUSE Enterprise Linux SEoL (10.3.x)
According to its version, SUSE Enterprise Linux is 10.3.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL 809...
openSUSE SEoL (15.2.x)
According to its version, openSUSE is 15.2.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL 80900 C Tenable,...
PT-2024-11988 · Mainwp · Mainwp Mainwp Updraftplus Extension
Name of the Vulnerable Software and Affected Versions: MainWP MainWP UpdraftPlus Extension versions 4.0.6 and earlier Description: The issue is related to a Missing Authorization vulnerability. There is no information provided about the estimated number of potentially affected devices worldwide o...
CVE-2024-34008 moodle: CSRF risk in analytics management of models
Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF risk...