MiracleLinux 4 : firefox-38.2.0-4.0.1.AXS4 (AXSA:2015-442:07)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2015-442:07 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. With this update, following issues are...

Cross-site Scripting (XSS)

Overview svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the improper sanitazation of user input in hydratableblock function hydratable process. An attacker can execute arbitrary JavaScript in the client’s...

openSUSE 16 Security Update : MozillaFirefox (openSUSE-SU-2026:20014-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20014-1 advisory. Changes in MozillaFirefox: Firefox Extended Support Release 140.6.0 ESR was released: Fixed: Various security fixes. MFSA 2025-94 bsc1254551:...

MiracleLinux 8 : thunderbird-140.6.0-1.el8_10.ML.1 (AXSA:2026-021:01)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-021:01 advisory. firefox: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146 CVE-2025-14333 firefox: Use-after-free...

MiracleLinux 4 : firefox-3.6.24-3.0.1.AXS4, xulrunner-1.9.2.24-2.1.0.1.AXS4 (AXSA:2012-81:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-81:01 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security issues fixed with this release...

MiracleLinux 4 : firefox-3.6.22-1.0.1.AXS4, xulrunner-1.9.2.22-1.0.1.AXS4 (AXSA:2011-444:04)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-444:04 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security issues fixed with this releas...

CVE-2025-14279

MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against REST endpoints. An...

Astra Linux – Vulnerability in Firefox, Thunderbird

Bypass of the same-origin policy in the Request Handling component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

MiracleLinux 9 : firefox-128.14.0-2.el9_6.ML.1 (AXSA:2025-10784:29)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10784:29 advisory. firefox: thunderbird: Denial-of-service due to out-of-memory in the Graphics: WebRender component CVE-2025-9182 thunderbird: firefox: Sandbox escap...

MiracleLinux 9 : firefox-140.6.0-1.el9_7.ML.1 (AXSA:2025-11561:38)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11561:38 advisory. firefox: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146 CVE-2025-14333 firefox: Use-after-fr...

MiracleLinux 9 : thunderbird-140.6.0-1.el9_7.ML.1 (AXSA:2025-11620:28)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-11620:28 advisory. firefox: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146 CVE-2025-14333 firefox: Use-after-fr...

MiracleLinux 8 : firefox-140.6.0-1.el8_10.ML.1 (AXSA:2025-11551:37)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-11551:37 advisory. firefox: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146 CVE-2025-14333 firefox: Use-after-fr...

MiracleLinux 9 : firefox-140.5.0-1.el9_7.ML.1 (AXSA:2025-11515:36)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11515:36 advisory. firefox: Mitigation bypass in the DOM: Security component CVE-2025-13018 firefox: Use-after-free in the Audio/Video component CVE-2025-13014 firefo...

MiracleLinux 9 : thunderbird-140.5.0-2.el9_7.ML.1 (AXSA:2025-11549:27)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-11549:27 advisory. firefox: Mitigation bypass in the DOM: Security component CVE-2025-13018 firefox: Use-after-free in the Audio/Video component CVE-2025-13014 firefo...

MiracleLinux 8 : firefox-140.3.0-1.el8_10.ML.1 (AXSA:2025-10906:31)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-10906:31 advisory. firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component CVE-2025-10527 firefox: thunderbird: Incorrect...

SUSE-SU-2026:20031-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Changes in MozillaFirefox: Firefox Extended Support Release 140.6.0 ESR was released: Fixed: Various security fixes. MFSA 2025-94 bsc1254551: CVE-2025-14321: Use-after-free in the WebRTC: Signaling component CVE-2025-14322: Sandbox escape...

GHSA-PGQP-8H46-6X4J MLFlow is vulnerable to DNS rebinding attacks due to a lack of Origin header validation

MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against REST endpoints. An...

CVE-2025-14279

MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against REST endpoints. An...

CVE-2025-14279 DNS Rebinding Vulnerability in mlflow/mlflow

MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against REST endpoints. An...

MLflow 访问控制错误漏洞

MLflow is an open source platform from MLflow that simplifies machine learning development, including tracking experiments, packaging code into repeatable runs, and sharing and deploying models. An Access Control Error vulnerability exists in MLflow 3.4.0 and prior versions, which stems from a la...