SUSE-SU-2024:0893-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Security Vulnerabilities fixed in Thunderbird 115.8.1 bsc1221054: - CVE-2024-1936: Fixed leaking of encrypted email subjects to other conversations MFSA 2024-11 bsc1221054...

The vulnerability of the deserialize() function in the Jwcrypto Python library, which allows a hacker to trigger a denial-of-service attack.

The vulnerability of the deserialize function in the JavaScript library used by Jwcrypto for cryptography involves an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service failure by sending a specially created JWE tok...

Ubuntu: Security Advisory (USN-6687-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Session Replay Attack

libosdp is vulnerable to a Session Replay Attack. The vulnerability is due to the lack of validation for RMACI messages in response to osdpSCRYPT, and the allowance of SCS14 on encrypted connections. Attackers with man-in-the-middle access can intercept RMACI replies during a session and replay...

USN-6687-1 accountsservice vulnerability

It was discovered that AccountsService called a helper incorrectly when performing password change operations. A local attacker could possibly use this issue to obtain encrypted passwords...

USN-6687-1: AccountsService vulnerability

It was discovered that AccountsService called a helper incorrectly when performing password change operations. A local attacker could possibly use this issue to obtain encrypted passwords...

Ubuntu 20.04 LTS / 22.04 LTS : AccountsService vulnerability (USN-6687-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6687-1 advisory. It was discovered that AccountsService called a helper incorrectly when performing password change operations. A local attacker could possibly use thi...

ALPINE-CVE-2024-1931

NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain code path that can lead to an infinite loop. Unbound 1.18.0 introduced a feature that removes EDE records from responses with size higher than the client's...

SharpCovertTube - Youtube As Covert-Channel - Control Windows Systems Remotely And Execute Commands By Uploading Videos To Youtube

SharpCovertTube is a program created to control Windows systems remotely by uploading videos to Youtube. The program monitors a Youtube channel until a video is uploaded, decodes the QR code from the thumbnail of the uploaded video and executes a command. The QR codes in the videos can use...

BIT-GITLAB-2021-22170

Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content...

Toyoko Inn Security Breach

Toyoko Inn is a hotel chain app by the Japanese company Toyoko Inn. Toyoko Inn has a security vulnerability that stems from. , susceptible to incorrect server certificate validation, which could allow an attacker to conduct a man-in-the-middle attack to eavesdrop on encrypted communications...

hw: amd: INVD instruction may lead to a loss of SEV-ES guest machine memory integrity problem

A flaw was found in some of AMD CPU's due to improper or unexpected behavior of the INVD. This issue may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU, potentially leading to a loss of guest virtual machine VM memory integrity...

Pegasus spyware creator ordered to reveal code used to spy on WhatsApp users

A California federal judge has ordered spyware maker NSO Group to hand over the code for Pegasus and other spyware products that were used to spy on WhatsApp users. Meta-owned WhatsApp has been fighting NSO in court since 2019, after Pegasus was allegedly used against 1,400 WhatsApp users over th...

Vulnerability fixed in Mozilla Thunderbird

Mozilla has fixed a vulnerability in Thunderbird. Due to an flaw in the processing of email messages in the local cache, the encrypted data, such as the subject line, from email messages could be included in other email messages. When the user replies to such such an infected email message, for...

Mozilla Thunderbird < 115.8.1

The version of Thunderbird installed on the remote Windows host is prior to 115.8.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2024-11 advisory. - The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email messa...

Slackware Linux 15.0 / current mozilla-thunderbird Vulnerability (SSA:2024-065-01)

The version of mozilla-thunderbird installed on the remote host is prior to 115.8.1. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-065-01 advisory. - The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email...

DEBIAN-CVE-2024-1936

The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third-party. Whil...

UBUNTU-CVE-2024-1936

The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third-party. Whil...

Mozilla Thunderbird 安全漏洞

Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP, POP mail protocols and HTML mail format. Mozilla Thunderbird suffers from a security bypass vulnerability that is caused by the...

SUSE CVE-2021-47062

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Use onlinevcpus, not createdvcpus, to iterate over vCPUs Use the kvmforeachvcpu helper to iterate over vCPUs when encrypting VMSAs for SEV, which effectively switches to use onlinevcpus instead of createdvcpus. This fix...