Malicious Package

Overview toolbox-bem-bundle is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...

Malicious Package

Overview bundle-dep is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

AlmaLinux 9 : firefox (ALSA-2023:0810)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:0810 advisory. - An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being...

Debian dla-3327 : libnss3 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3327 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3327-1 [email protected]...

SUSE SLES15 Security Update : MozillaFirefox (SUSE-SU-2023:0469-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0469-1 advisory. - An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag...

Oracle Linux 7 : firefox (ELSA-2023-0812)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-0812 advisory. 102.8.0-2.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 30143292 - Add firefox-oracle-default-prefs....

MGASA-2023-0056 Updated firefox packages fix security vulnerability

An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled CVE-2023-0767. The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when...

Oracle Linux 8 : thunderbird (ELSA-2023-0821)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-0821 advisory. 102.8.0-2.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 102.8.0-2 - Update to 102.8.0 build2 102.8.0-1 -...

Debian dla-3324 : thunderbird - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3324 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3324-1 [email protected]...

Debian DSA-5355-1 : thunderbird - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5355 advisory. Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For the stable distribution...

Debian: Security Advisory (DSA-5353-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CLSA-2023-1676571644 Update of ca-certificates

update to CKBI 2.60 from NSS 3.86 - removed old certificates: - Certificate "EC-ACC" - Certificate "GlobalSign ECC Root CA - R4" - Certificate "GTS Root R1" - Certificate "GTS Root R2" - Certificate "GTS Root R3" - Certificate "GTS Root R4" - Certificate "Hellenic Academic and Research...

CLSA-2023-1676571424 Update of alt-php

Update ca-certificates database to 20221215: - mozilla/certdata.txt,nssckbi.h: Update Mozilla certificate authority bundle to version 2.60. - The following certificate authorities were added: Certificate "AC RAIZ FNMT-RCM SERVIDORES SEGUROS" Certificate "ANF Secure Server Root CA" Certificate...

CVE-2023-0767

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled...

SUSE CVE-2009-2475

Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to 1 LayoutQueue, 2 Cursor.predefined, 3...

SUSE CVE-2017-5591

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for SleekXMPP up to 1.3.1 and...

SUSE CVE-2017-1000037

RVM automatically loads environment variables from files in $PWD resulting in command execution RVM vulnerable to command injection when automatically loading environment variables from files in $PWD RVM automatically executes hooks located in $PWD resulting in code execution RVM automatically...

SUSE CVE-2018-17205

An issue was discovered in Open vSwitch OvS 2.7.x through 2.7.6, affecting ofprotoruleinsert in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added e.g., the flow action is a go-to for a group id that does not exist,...

SUSE CVE-2018-17206

An issue was discovered in Open vSwitch OvS 2.7.x through 2.7.6. The decodebundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding...

SUSE CVE-2023-0767

An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...