Amazon Linux 2 : thunderbird (ALAS-2025-2789)

The version of thunderbird installed on the remote host is prior to 128.7.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2789 advisory. A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. This...

CVE-2024-57965

CVE-2024-57965 is a vulnerability in axios (before 1.7.8) where isURLSameOrigin.js does not use a URL object to determine origin and may perform an unwanted setAttribute('href', href). IBM security bulletins align this CVE with IBM Db2 Big SQL on Cloud Pak for Data and related products, noting an...

Design/Logic Flaw

next-auth v3 users before version 3.29.2 are impacted. next-auth version 4 users before version 4.3.2 are also impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a configuration to your callbacks option. If you already...

Mozilla Firefox ESR < 78.8

The version of Firefox ESR installed on the remote Windows host is prior to 78.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-08 advisory. - Mozilla developers Alexis Beingessner, Tyson Smith, Nika Layzell, and Mats Palmgren reported memory safety bugs...