3236 matches found
Debian dla-3846 : libmojolicious-perl - security update
The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3846 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3846-1 [email protected] https://www.debian.org/lts/security/...
GO-2024-2432 CubeFS timing attack can leak user passwords in github.com/cubefs/cubefs
CubeFS timing attack can leak user passwords in github.com/cubefs/cubefs. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...
Mozilla: External protocol handlers leaked by timing attack
The Mozilla Foundation Security Advisory describes this flaw as: By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system...
RHEL 8 : thunderbird (RHSA-2024:4063)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4063 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fixes:...
PT-2024-6224
Name of the Vulnerable Software and Affected Versions: Django versions 4.2 through 4.2.13 Django versions 5.0 through 5.0.6 Description: The issue allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password. This is due to the...
MGASA-2024-0231 Updated thunderbird packages fix security vulnerabilities
Use-after-free in networking. CVE-2024-5702 Use-after-free in JavaScript object transplant. CVE-2024-5688 External protocol handlers leaked by timing attack. CVE-2024-5690 Sandboxed iframes were able to bypass sandbox restrictions to open a new window. CVE-2024-5691 Cross-Origin Image leak via...
User Enumeration
silverstripe/framework is vulnerable to User Enumeration. The vulnerability is due to a timing attack on the login or password reset pages, allowing an attacker to determine the existence of user credentials based on response times...
Mozilla: External protocol handlers leaked by timing attack
The Mozilla Foundation Security Advisory describes this flaw as: By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system...
Mozilla: External protocol handlers leaked by timing attack
The Mozilla Foundation Security Advisory describes this flaw as: By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system...
Important: Red Hat Security Advisory: thunderbird security update
An update for thunderbird is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
Important: Red Hat Security Advisory: thunderbird security update
An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
Mozilla: External protocol handlers leaked by timing attack
The Mozilla Foundation Security Advisory describes this flaw as: By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system...
Mozilla: External protocol handlers leaked by timing attack
The Mozilla Foundation Security Advisory describes this flaw as: By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system...
Mozilla: External protocol handlers leaked by timing attack
The Mozilla Foundation Security Advisory describes this flaw as: By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system...
Mozilla: External protocol handlers leaked by timing attack
The Mozilla Foundation Security Advisory describes this flaw as: By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system...
Mozilla: External protocol handlers leaked by timing attack
The Mozilla Foundation Security Advisory describes this flaw as: By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system...
Mozilla: External protocol handlers leaked by timing attack
The Mozilla Foundation Security Advisory describes this flaw as: By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system...
AlmaLinux 9 : thunderbird (ALSA-2024:4002)
The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2024:4002 advisory. thunderbird: Use-after-free in networking CVE-2024-5702 thunderbird: Use-after-free in JavaScript object transplant CVE-2024-5688 thunderbird: External...
ALSA-2024:4036 Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fixes: thunderbird: Use-after-free in networking CVE-2024-5702 thunderbird: Use-after-free in JavaScript object transplant CVE-2024-5688 thunderbird: External protocol...
AlmaLinux 8 : firefox (ALSA-2024:3954)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2024:3954 advisory. firefox: Use-after-free in networking CVE-2024-5702 firefox: Use-after-free in JavaScript object transplant CVE-2024-5688 firefox: External protocol...