4671 matches found
Mozilla: MediaError message property could have leaked information about cross-origin resources
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox 86, Thunderbird 78.8, and Firefox ESR 78.8...
CVE-2021-23973
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox 86, Thunderbird 78.8, and Firefox ESR 78.8...
Timing Attack
Botan is vulnerable to timing attack. The vulnerability exists becasue constant-time computations are not used for certain decoding and encoding operations base32, base58, base64, and hex...
Security Vulnerabilities fixed in Thunderbird 78.8 — Mozilla
As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage."...
Mozilla Firefox < 86.0
The version of Firefox installed on the remote Windows host is prior to 86.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-07 advisory. - Mozilla developers Tyson Smith, Lars T Hansen, Valentin Gosu, and Sebastian Hengst reported memory safety bugs present ...
CVE-2021-24115
In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations base32, base58, base64, and hex...
ALPINE-CVE-2021-24115
In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations base32, base58, base64, and hex...
CVE-2021-24115
In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations base32, base58, base64, and hex...
UBUNTU-CVE-2021-24115
In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations base32, base58, base64, and hex...
CVE-2021-24115
CVE-2021-24115 affects Botan prior to 2.17.3, where constant-time computations are not applied to certain decoding/encoding operations (base32, base58, base64, and hex). The vulnerability is in the crypto/encoding paths of Botan; impact is shown as high to critical in CVSS data (NVD: 7.5/3.1 v3.1...
CVE-2021-24115
In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations base32, base58, base64, and hex...
CVE-2021-24115
In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations base32, base58, base64, and hex...
CVE-2021-24115
In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations base32, base58, base64, and hex...
Observable Timing Discrepancy
Constant-time computations are not used for certain decoding and encoding operations base32, base58, base64, and hex...
EulerOS 2.0 SP2 : spice (EulerOS-SA-2021-1361)
According to the version of the spice package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Bot...
Botan Security Vulnerabilities
Botan is a library of cryptographic algorithms written in C++. It supports a variety of algorithms such as AES, DES, SHA-1, RSA, DSA and Diffie-Hellman. A security vulnerability exists in Botan before 2.17.3, which stems from the fact that constant time calculations are not used for certain...
CVE-2020-24944
picoquic before 3rd of July 2020 allows attackers to cause a denial of service infinite loop via a crafted QUIC frame, related to the picoquicdecodeframes and picoquicdecodestreamframe functions and epoch==3...
Netty Security Vulnerabilities
Netty is a non-blocking I/O client-server framework from the Netty community that is primarily used to develop Java web applications such as protocol servers and clients. A security vulnerability exists in Netty versions prior to 4.1.59, which stems from the fact that local information can be mad...
HCL OneTest Information Disclosure Vulnerability
HCL OneTest is a software testing tool from HCL India that provides multiple testing options. The software supports API testing, functional testing, UI testing, performance testing and service virtualization to support software automation testing. A security vulnerability exists in HCL OneTest...
CVE-2020-14246
HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication which is relatively weak. An attacker could potentially decode the encoded credentials...