122 matches found
Mozilla: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5
The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory safety bugs present in Firefox 95 and Firefox ESR 91.4. Some of these...
Mozilla: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5
The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory safety bugs present in Firefox 95 and Firefox ESR 91.4. Some of these...
Mozilla: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5
The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory safety bugs present in Firefox 95 and Firefox ESR 91.4. Some of these...
CVE-2021-38015
Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension...
DEBIAN-CVE-2021-38019
Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 96 to the stable channel for Windows, Mac and Linux. Chrome 96 is also promoted to our new extended stable channel for Windows and Mac. This will roll out over the coming days/weeks. Chrome 96.0.4664.45 contains a number of fixes an...
Adobe Prelude < 22.0 Multiple Vulnerabilities (APSB21-96)
The version of Adobe Prelude installed on the remote Windows host is prior to 22.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB21-96 advisory. - Adobe Prelude version 10.1 and earlier are affected by a memory corruption vulnerability. An unauthenticated attack...
CVE-2021-33328
Cross-site scripting XSS vulnerability in the Asset module's edit vocabulary page in Liferay Portal 7.0.0 through 7.3.4, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2 before fix pack 9, allows remote attackers to inject arbitrary web script or HTML via the 1...
CVE-2021-33322
In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 18, and 7.2 before fix pack 5, password reset tokens are not invalidated after a user changes their password, which allows remote attackers to change the user’s password via the old password reset tok...
OS4Ed openSIS install remote code execution vulnerability
Summary A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. A specially crafted HTTP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions OS4Ed openSIS 7.4 Product URLs...
CVE-2020-10029
The GNU C Library aka glibc or libc6 before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to...
CVE-2020-10029
The GNU C Library aka glibc or libc6 before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to...
doctor-96.ru Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1109165 Security Researcher geeknik Helped patch 8815 vulnerabilities Received 8 Coordinated Disclosure badges Received 20 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting doctor-96.ru website and i...
Learn Ethical Hacking Online – A to Z Training Bundle 2019
Good news for you is that this week's THN Deals brings Ethical Hacking A to Z Bundle that let you get started regardless of your experience level. The Ethical Hacking A to Z Bundle will walk you through the very basic skills you need to start your journey towards becoming a professional ethical...
CVE-2016-10827
cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences SEC-96...
Cross site scripting
cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences SEC-96...
FreeBSD : OpenSSL -- ChaCha20-Poly1305 nonce vulnerability (e56f2f7c-410e-11e9-b95c-b499baebfeaf)
The OpenSSL project reports : Low: ChaCha20-Poly1305 with long nonces CVE-2019-1543 ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value IV should be 96 bits 12 bytes. OpenSSL allows a variable nonce length...
Design/Logic Flaw
ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value IV should be 96 bits 12 bytes. OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also...
OpenSSL -- ChaCha20-Poly1305 nonce vulnerability
The OpenSSL project reports: Low: ChaCha20-Poly1305 with long nonces CVE-2019-1543 ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value IV should be 96 bits 12 bytes. OpenSSL allows a variable nonce length a...
Microsoft Windows: Network security: Encryption types allowed for Kerberos
This policy setting allows you to set the encryption types that Kerberos is allowed to use. If not selected, the encryption type will not be allowed. This setting may affect compatibility with client computers or services and applications. Multiple selections are permitted. C Microsoft Corporatio...