Lucene search
K

3242 matches found

RedHat Linux
RedHat Linux
added 2024/03/25 6:54 p.m.47 views

Critical: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

8.8CVSS7.1AI score0.047EPSS
Exploits4References11
OSV
OSV
added 2024/03/25 12:0 a.m.35 views

ALSA-2024:1493 Moderate: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.9.0. Security Fixes: nss: timing attack against RSA decryption CVE-2023-5388 Mozilla: Crash in NSS TLS method CVE-2024-0743 Mozilla: Leaking of encrypted email subjects to other...

8.8CVSS8.8AI score0.01285EPSS
Exploits5References20
Tenable Nessus
Tenable Nessus
added 2024/03/25 12:0 a.m.39 views

RHEL 8 : firefox (RHSA-2024:1489)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1489 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

8.8CVSS7.8AI score0.047EPSS
Exploits4References23
AlmaLinux
AlmaLinux
added 2024/03/25 12:0 a.m.51 views

Moderate: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.9.0. Security Fixes: nss: timing attack against RSA decryption CVE-2023-5388 Mozilla: Crash in NSS TLS method CVE-2024-0743 Mozilla: Leaking of encrypted email subjects to other...

8.8CVSS8.3AI score0.01285EPSS
Exploits5References20
AlmaLinux
AlmaLinux
added 2024/03/25 12:0 a.m.74 views

Critical: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.9.1 ESR. Security Fixes: nss: timing attack against RSA decryption CVE-2023-5388 Mozilla: Crash in NSS TLS method CVE-2024-0743 Mozilla: JIT...

8.8CVSS8.6AI score0.047EPSS
Exploits4References22
Tenable Nessus
Tenable Nessus
added 2024/03/20 12:0 a.m.31 views

Fedora 38 : firefox (2024-7e71e9eaba)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-7e71e9eaba advisory. - Updated to 124.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

9.8CVSS7.3AI score0.01107EPSS
Exploits6References13
Mozilla
Mozilla
added 2024/03/19 12:0 a.m.62 views

Security Vulnerabilities fixed in Firefox 124 — Mozilla

An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. Passing invalid data could have led to invalid wasm values being created, such as...

8.4CVSS9.1AI score0.01107EPSS
Exploits6References12Affected Software1
OpenVAS
OpenVAS
added 2024/03/19 12:0 a.m.24 views

Mozilla Firefox Security Advisory (MFSA2024-12) - Linux

The remote host is missing an update for Mozilla Firefox, announced via the advisory MFSA2024-12. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

9.8CVSS8.4AI score0.01107EPSS
Exploits6References13
Tenable Nessus
Tenable Nessus
added 2024/03/19 12:0 a.m.43 views

Mozilla Firefox < 124.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 124.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-12 advisory. - Memory safety bugs present in Firefox 123. Some of these bugs showed evidence of memory corruption and we...

9.8CVSS8.4AI score0.01107EPSS
Exploits6References13
OSV
OSV
added 2024/03/15 4:44 p.m.16 views

GHSA-5H3X-6GWF-73JM vantage6 vulnerable to a username timing attack on recover password/MFA token

Impact Much like https://github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling the API routes /recover/lost and /2fa/lost, which send emails to users if they have lost their password or MFA token. Usernames can be...

5.3CVSS4.4AI score0.00394EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/03/15 4:44 p.m.35 views

vantage6 vulnerable to a username timing attack on recover password/MFA token

Impact Much like https://github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling the API routes /recover/lost and /2fa/lost, which send emails to users if they have lost their password or MFA token. Usernames can be...

5.3CVSS7.2AI score0.00394EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2024/03/14 6:47 p.m.27 views

CVE-2024-24770 Username timing attack on recover password/MFA token in vantage6

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. Much like GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling the API routes /recover/lost and /2fa/lost...

5.3CVSS5.5AI score0.00394EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/03/14 6:47 p.m.15 views

CVE-2024-24770 Username timing attack on recover password/MFA token in vantage6

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. Much like GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling the API routes /recover/lost and /2fa/lost...

5.3CVSS5.6AI score0.00394EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/03/12 10:16 a.m.18 views

CVE-2023-41313 Apache Doris: Timing Attack weakness

The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks. Users are recommended to upgrade to version 2.0.0 + or 1.2.8, which fixes this issue...

7AI score0.01014EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/12 10:16 a.m.10 views

CVE-2023-41313 Apache Doris: Timing Attack weakness

The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks. Users are recommended to upgrade to version 2.0.0 + or 1.2.8, which fixes this issue...

9.7AI score0.01014EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2024/03/12 12:0 a.m.17 views

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2024-1235)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7AI score0.01614EPSS
Exploits2References2
Debian
Debian
added 2024/03/11 5:37 a.m.41 views

[SECURITY] [DLA 3757-1] nss security update

Debian LTS Advisory DLA-3757-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost March 10, 2024 https://wiki.debian.org/LTS Package : nss Version : 2:3.42.1-1+deb10u8 CVE ID : CVE-2023-5388 CVE-2024-0743 Debian Bug : 1056284 Multiple vulnerabilities were found in nss, ...

7.5CVSS6.7AI score0.01285EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/03/10 12:0 a.m.3 views

PT-2024-12938 · Apache · Apache Doris

Name of the Vulnerable Software and Affected Versions: Apache Doris versions prior to 2.0.0 Apache Doris version 1.2.8 and earlier Description: The authentication method in Apache Doris was vulnerable to timing attacks. This issue allows attackers to potentially exploit the system. Users are...

9.8CVSS7.3AI score0.01014EPSS
Exploits0References8
OSV
OSV
added 2024/03/06 11:6 a.m.15 views

BIT-JENKINS-2020-2101

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a constant-time comparison function for validating connection secrets, which could potentially allow an attacker to use a timing attack to obtain this secret...

5.3CVSS5.4AI score0.01368EPSS
Exploits0References7
OSV
OSV
added 2024/03/06 11:4 a.m.24 views

BIT-REDMINE-2021-31866

Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController...

5.3CVSS5.5AI score0.01215EPSS
Exploits0References4
Rows per page
Query Builder