3242 matches found
Critical: Red Hat Security Advisory: firefox security update
An update for firefox is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
ALSA-2024:1493 Moderate: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.9.0. Security Fixes: nss: timing attack against RSA decryption CVE-2023-5388 Mozilla: Crash in NSS TLS method CVE-2024-0743 Mozilla: Leaking of encrypted email subjects to other...
RHEL 8 : firefox (RHSA-2024:1489)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1489 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...
Moderate: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.9.0. Security Fixes: nss: timing attack against RSA decryption CVE-2023-5388 Mozilla: Crash in NSS TLS method CVE-2024-0743 Mozilla: Leaking of encrypted email subjects to other...
Critical: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.9.1 ESR. Security Fixes: nss: timing attack against RSA decryption CVE-2023-5388 Mozilla: Crash in NSS TLS method CVE-2024-0743 Mozilla: JIT...
Fedora 38 : firefox (2024-7e71e9eaba)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-7e71e9eaba advisory. - Updated to 124.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...
Security Vulnerabilities fixed in Firefox 124 — Mozilla
An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. Passing invalid data could have led to invalid wasm values being created, such as...
Mozilla Firefox Security Advisory (MFSA2024-12) - Linux
The remote host is missing an update for Mozilla Firefox, announced via the advisory MFSA2024-12. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...
Mozilla Firefox < 124.0
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 124.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-12 advisory. - Memory safety bugs present in Firefox 123. Some of these bugs showed evidence of memory corruption and we...
GHSA-5H3X-6GWF-73JM vantage6 vulnerable to a username timing attack on recover password/MFA token
Impact Much like https://github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling the API routes /recover/lost and /2fa/lost, which send emails to users if they have lost their password or MFA token. Usernames can be...
vantage6 vulnerable to a username timing attack on recover password/MFA token
Impact Much like https://github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling the API routes /recover/lost and /2fa/lost, which send emails to users if they have lost their password or MFA token. Usernames can be...
CVE-2024-24770 Username timing attack on recover password/MFA token in vantage6
vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. Much like GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling the API routes /recover/lost and /2fa/lost...
CVE-2024-24770 Username timing attack on recover password/MFA token in vantage6
vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. Much like GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling the API routes /recover/lost and /2fa/lost...
CVE-2023-41313 Apache Doris: Timing Attack weakness
The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks. Users are recommended to upgrade to version 2.0.0 + or 1.2.8, which fixes this issue...
CVE-2023-41313 Apache Doris: Timing Attack weakness
The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks. Users are recommended to upgrade to version 2.0.0 + or 1.2.8, which fixes this issue...
Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2024-1235)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3757-1] nss security update
Debian LTS Advisory DLA-3757-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost March 10, 2024 https://wiki.debian.org/LTS Package : nss Version : 2:3.42.1-1+deb10u8 CVE ID : CVE-2023-5388 CVE-2024-0743 Debian Bug : 1056284 Multiple vulnerabilities were found in nss, ...
PT-2024-12938 · Apache · Apache Doris
Name of the Vulnerable Software and Affected Versions: Apache Doris versions prior to 2.0.0 Apache Doris version 1.2.8 and earlier Description: The authentication method in Apache Doris was vulnerable to timing attacks. This issue allows attackers to potentially exploit the system. Users are...
BIT-JENKINS-2020-2101
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a constant-time comparison function for validating connection secrets, which could potentially allow an attacker to use a timing attack to obtain this secret...
BIT-REDMINE-2021-31866
Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController...