109 matches found
F5 Networks BIG-IP : iControl REST and tmsh vulnerability (K000161018)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000161018 advisory. Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell...
PT-2026-41189
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.5 Description An issue exists where users granted read access to a model can also read the model's system prompt, which may contain confidential information. This occurs because the workspace model edit page...
MiracleLinux 8 : firefox-128.4.0-1.el8_10.ML.1 (AXSA:2024-8962:36)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-8962:36 advisory. firefox: thunderbird: History interface could have been used to cause a Denial of Service condition in the browser CVE-2024-10464 firefox:...
MiracleLinux 8 : thunderbird-128.4.0-1.el8_10.ML.1 (AXSA:2024-8963:26)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-8963:26 advisory. firefox: thunderbird: History interface could have been used to cause a Denial of Service condition in the browser CVE-2024-10464 firefox:...
MiracleLinux 9 : firefox-128.4.0-1.el9_4.ML.1 (AXSA:2024-8972:37)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8972:37 advisory. firefox: thunderbird: History interface could have been used to cause a Denial of Service condition in the browser CVE-2024-10464 firefox:...
TencentOS Server 4: thunderbird (TSSA-2024:1046)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:1046 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
CVE-2025-58149 Incorrect removal of permissions on PCI device unplug
When passing through PCI devices, the detach logic in libxl won't remove access permissions to any 64bit memory BARs the device might have. As a result a domain can still have access any 64bit memory BAR when such device is no longer assigned to the domain. For PV domains the permission leak allo...
CVE-2025-58149
CVE-2025-58149 affects the Xen hypervisor. The detach logic for PCI devices fails to remove access permissions to 64‑bit memory BARs when a device is unplugged, allowing PV guests to access memory of devices no longer assigned to them (HVM implications noted with required compromised device model...
CVE-2025-58149
When passing through PCI devices, the detach logic in libxl won't remove access permissions to any 64bit memory BARs the device might have. As a result a domain can still have access any 64bit memory BAR when such device is no longer assigned to the domain. For PV domains the permission leak allo...
EUVD-2022-15978
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-10458
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. This vulnerability affects Firefox 132, Firefox ESR...
OESA-2025-1835 thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. This vulnerability affects Firefox 132, Firefox ESR 128.4, Firefox ESR 115.17, Thunderbird 128.4, and...
Amazon Linux 2 : thunderbird (ALAS-2025-2789)
The version of thunderbird installed on the remote host is prior to 128.7.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2789 advisory. A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. This...
Important: thunderbird
Issue Overview: A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. This vulnerability affects Firefox 132, Firefox ESR 128.4, Firefox ESR 115.17, Thunderbird 128.4, and Thunderbird 132. CVE-2024-10458 An attacker could have caused a...
Amazon Linux 2 : thunderbird (ALAS-2025-2765)
The version of thunderbird installed on the remote host is prior to 128.7.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2765 advisory. A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. This...
Important: thunderbird
Issue Overview: A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. This vulnerability affects Firefox 132, Firefox ESR 128.4, Firefox ESR 115.17, Thunderbird 128.4, and Thunderbird 132. CVE-2024-10458 An attacker could have caused a...
Astra Linux – Vulnerability in Firefox, Thunderbird
A permission leak could have occurred from a trusted site to an untrusted site through embed or object elements. This vulnerability affects Firefox 132, Firefox ESR 128.4, Firefox ESR 115.17, Thunderbird 128.4, and Thunderbird 132...
AlmaLinux 9 : thunderbird (ALSA-2024:9552)
The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2024:9552 advisory. firefox: Use-after-free in Animation timeline 128.3.1 ESR Chemspill CVE-2024-9680 firefox: thunderbird: History interface could have been used to cause a...
firefox: thunderbird: Permission leak via embed or object elements
The Mozilla Foundation's Security Advisory: A permission leak could occur from a trusted site to an untrusted site via embed or object elements...
firefox: thunderbird: Permission leak via embed or object elements
The Mozilla Foundation's Security Advisory: A permission leak could occur from a trusted site to an untrusted site via embed or object elements...