44 matches found
Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4
The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Thunderbird 91.3. Some of these bugs showed evidence o...
GitLab: Reporters can upload design to issues using the "Move to" feature
Summary According to the permission documentation, only role of Developer or more can upload Design Management files. However, using the issue "Move to" feature, a reporter can create a issue with designs. Steps to reproduce 1. Consider a private project say Private Project with a member Reporter...
Denial of service
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Project reporters and above could see confidential EPIC attached to confidential issues...
UBUNTU-CVE-2020-13287
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Project reporters and above could see confidential EPIC attached to confidential issues...
PT-2020-13428 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.1.10 GitLab versions prior to 13.2.8 GitLab versions prior to 13.3.4 Description: A vulnerability was discovered that allows project reporters and above to see confidential EPIC attached to confidential issues...
Speakers Censored at AISA Conference in Melbourne
Two speakers were censored at the Australian Information Security Association's annual conference this week in Melbourne. Thomas Drake, former NSA employee and whistleblower, was scheduled to give a talk on the golden age of surveillance, both government and corporate. Suelette Dreyfus, lecturer ...
Arbitrary Code Execution
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
RHEL 7 : firefox (RHSA-2018:2113)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2018:2113 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...
Critical: Red Hat Security Advisory: firefox security update
An update for firefox is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
RHEL 6 / 7 : firefox (RHSA-2017:2831)
The remote Redhat Enterprise Linux 6 / 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2017:2831 advisory. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.4.0 ESR. Security Fixes: Multiple flaws were...
RedHat Update for firefox RHSA-2017:1440-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 6 / 7 : firefox (RHSA-2017:1440)
The remote Redhat Enterprise Linux 6 / 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2017:1440 advisory. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.2.0 ESR. Security Fixes: Multiple flaws were...
Important: Red Hat Security Advisory: thunderbird security update
An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...
U.S. Dept Of Defense: DNS Misconfiguration
Multiple reporters identified a DNS configuration issue in the defense.gov domain that could allow same-site scripting. Thanks to @myst404 for first reporting this, and to @atik-rahman and others for also reporting it...
Important: Red Hat Security Advisory: openssl security update
An update for openssl is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
Critical: Red Hat Security Advisory: firefox security update
Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
NSA can access your data on Smartphones including iPhone, BlackBerry and Android devices
National Security Agency NSA has the capability to access a broad range of data on most Smartphones out there, including iPhone, BlackBerry, and Android devices, according to the documents provided by former US intelligence contractor Edward Snowden to the German news agency Der Spiegel report. A...
NSA can access your data on Smartphones including iPhone, BlackBerry and Android devices
National Security Agency NSA has the capability to access a broad range of data on most Smartphones out there, including iPhone, BlackBerry, and Android devices, according to the documents provided by former US intelligence contractor Edward Snowden to the German news agency Der Spiegel report. A...
Reporters legally threatened after revealing vulnerability that exposes sensitive data of 170,000 customers
For millions of low income families, the federal government's Lifeline program offers affordable phone service. But an online security lapse has exposed tens of thousands of them to an increased risk of identity theft, after their Social Security numbers, birth dates and other pieces of highly...
Scripps Reporters Accused of Hacking Lifeline Data Breach
Investigative reporters for the Scripps news service have been threatened with legal action after informing a telecommunications company that confidential data on tens of thousands of applicants was available on the Internet. The reporters were said to be looking into companies participating in...